Document toolboxDocument toolbox

Comprehensive Security Report

Owned by Gary Leicht
Last updated: Sept 06, 2024
4 min read

The Comprehensive Security Report provides details about your Infoblox Threat Defense installation based on DNS Query Data. The report delivers data in an easy to read and understandable format which may be used by your IT security team in maintaining a safe and secure network. The information contained within the report can also be used to determine what data and information you choose to pull into your SIEM and/or access via the Infoblox API. Most data provided in the Comprehensive Security Report is readily available from the Infoblox API.

The Comprehensive Security Report is available to subscribers of Infoblox Threat Defense Business Cloud and Infoblox Threat Defense Advanced. The Comprehensive Security Report is not available for Infoblox Threat Defense Essentials or for Infoblox Threat Defense Business On-Premises subscribers.


Reporting Statistics

Reporting Data TypeDescriptionData IncludedVisualization type
DNS

Total DNS Statistics: The overall measurement of DNS name query activities made by your organization. Statistics are displayed for the total number of DNS requests, the total number of response policy hits, and the ratio of threats to traffic.

Data Loss: Exfiltration Events over DNS:  Applications and attackers can tunnel traffic over your organization's DNS protocol, resulting in data loss. Exfiltration events over DNS are identified using Threat Insight (behavioral) detection and signature-based detection tools.

Total DNS Statistics

  • Total DNS Requests
  • Infoblox Threat Feeds Hits
  • Threat to Traffic Percentage

Data Loss: Exfiltration Events over DNS

  • Total Data Exfiltration Events 


List
Web Content

Top 10 Web Destinations: This list displays the most popular web destinations as requested by your organization.

Top 10 Blocked Web Destinations: This list displays the most popular web destinations as requested by your organization that are blocked based on your organization’s web content policies.

Top 10 Web Destinations

  • Site list

Top 10 Blocked Web Destinations

  • Site list
List
DNS ActivityTop 10 Devices by Total DNS Activity: This list displays system endpoints ranked by the amount of DNS query activities.

Top 10 Devices by Total DNS Activity

  • Endpoint
List
Configuration and Endpoints

Configuration: This includes details about your installation, which includes DNS servers, detected endpoints, mobile clients, and more.

Devices by Type: Endpoints are displayed by asset type. Detected endpoint data has the highest accuracy when the Infoblox Portal is connected to your on-premises IP address management solution.

If the devices show up as all “unknown,” check your configuration and Cloud Data Connector to be sure you are forwarding IPAM Metadata/DHCP Lease Information. For information on setting up Cloud Data Connector, see Data Connector.  

Configuration

  • DNS Enforcement Points
  • Registered Infoblox Endpoints
    • The number of Infoblox Threat Endpoint Clients considered "online" or that have contacted the Infoblox Portal within the last 30 days.
  • Online Devices
    • The number of Infoblox Endpoint Clients considered "online" or that have contacted the Infoblox Portal within the last 30 days.
  • Detected Devices
    • The number of unique devices in the network.

Devices by Type

  • Windows Variants
  • UNIX/LINUX Variants
  • Apple/MacOS
  • IP Phones
  • Unknown


List
Threats

Top 10 Detected Threats: This list displays information obtained from DNS traffic patterns, target hosts, and related malware signatures data.

Top 10 Threat Classes: This list displays threats broken down into industry-standard classes. By breaking down threat types based on class, it is easier to identify the threat types most prevalent in your organization.

Top 10 Threat Feeds: This list displays the threat intelligence feeds enabled in your security policies that contain the highest number of hits. Below the top 10 threat feeds list, the threat count for each Infoblox subscription package is displayed. Infoblox subscription packages include Infoblox Essentials, Infoblox Business, and Infoblox Advanced.

Top 10 Attackers: This list displays hosts with the largest number of queries containing malware, and are logged as a remote attacker or site in your traffic. 


Top 10 Detected Threats

  • Threat

Top 10 Threat Classes

  • Threat Class

Top 10 Threat Feeds

  • Threat feed

Top 10 Attackers

  • Attacker
List

Downloading the Comprehensive Security Report

To download the Comprehensive Security Summary report, perform the following:

  1. From the Infoblox Portal, click MonitorReports -> Summary Reports.
  2. On the Summary Reports page, complete the three-step process to export the Executive Summary report.

Step 1: Choose a report to generate: Select Comprehensive Security Report from among the listed reports in the drop-down menu. 

Step 2: Select a time period for the report you would like to download. You can select up to 30 days of data: Select the date range for the executive summary you want to download. Date ranges include the following:

  • 1 hour

  • 24 hours

  • 48 hours

  • 7 days
  • 1 month
  • Custom. When a custom date range is selected, a date-time prompt will populate the page where you can select the date or dates you want to view. You can choose up to 31 days of data with a maximum query of 31 days, but no further back than 60 days from the current date.

Step 3: Choose page size: You can choose from among three different page size options for your report. Choose your choice of report page size from among the options in the drop-down list. Report page size options include:

  • Default (17.78 x 10 inches (452 x 254 mm))

  • A4 (11.69 x 8.27 inches (297 x 210 mm))

  • US Letter (11 x 8.5 inches (279 x 216 mm))

Step 4: Export the Report: Click the Export button to download the Comprehensive Security report in the selected page size as a PDF.