Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Threat Intel includes the latest analysis, alerts, advisories, and reports from the Infoblox Threat Intel team focusing on threat actors persisting in DNS. Infoblox automatically detects and tracks clusters of newly registered and deployed domains likely controlled by the same threat actor. Connections between these clusters assist in consistently monitoring a threat actor. We use our animal taxonomy to formally name actors when we can oversee their infrastructure and have conducted thorough research. The results include both automatically generated and specifically named actors identified within your network.

To view Threat Intel from within the Cloud Services Portal, do the following:

  1. Click Research > Threat Intel.

  2. Select the type of threat intel to view. Choices include the following:

    • Threat Actors In Your Environment

    • All Infoblox Publications

    • Zero Day DNS

For information on the naming conventions and taxonomies used by Infoblox when naming and classifying threats, see Infoblox Threat Naming Conventions.

Threat Actors In Your Environment

Under Threat Actors in Your Environment tab is displayed a list of threat actors observed in your environment. Each reported threat actor in your environment includes detailed information about the specific threat actor.

The Threat Actors In Your Environment report.


This page provides details about the threat domain, including:

  • Description: A concise overview of the threat from Infoblox Threat Intel.

  • Total Domain Count: The total occurrences of the threat on domains identified by Infoblox Threat Intel.

  • Domains in Your Network: The occurrences of the threat on domains within your network identified by Infoblox Threat Intel. Click the link to view information about the threat domain on the Infoblox blog.

  • Domains Not in Your Network: The occurrences of the threat on domains not within your network as identified by Infoblox Threat Intel.

  • Active Threat Domains Discovered by infoblox: This section presents the following information:

    • The name of the domain in your network and its associated threat.

    • A dropdown list of domains within your network associated with the threat. Click on a listed threat domain to view detection details on the Infoblox Threat Intel Blog.

    • A schematic diagram depicting the timeline of detection from intial detection to final outcome, showing:

      • When Infoblox first detected the threat domain (far left side of timeline).

      • Date when other vendors discovered the domain.

      • Duration during which Infoblox protected your network from this threat domain.

      • Last seen date for the threat domain based on DNS traffic records.

Infoblox Threat Intel Blog

All Infoblox Publications

Under the All Infoblox Publications tab is displayed a list of publications researched and produced by the Infoblox Threat Intel team on new threats; including campaigns, malware, threat actors, and exploitation of new vulnerabilities. Reading through the reports will reveal details on threat behavior, indicators of compromise, and new attackers and their tools or infrastructure . Reports can be searched by keyword and exported. Click the downward pointing arrow icon to view a detailed description of the report.

The All Infoblox Publications page.

Zero Day DNS

Under the Zero Day DNS tab is displayed a list of Zero Day incidents observed in your network. For information on how to configure Zero Day DNS, see Zero Day DNS Configuration.

  • No labels