Document toolboxDocument toolbox

SOC Insights

Owned by Gary Leicht
Last updated: Sept 12, 2024
4 min read

The SOC Insights reports allow customers to identify, monitor, and analyze threat actors and their activities on their networks thereby reducing the mean-time-to-respond (MTTR) to potential risks with precise, actionable intelligence. It correlates data from multiple sources, such as remote domains, unique WHOIS data, IP addresses, domain registrars, and malware families, to detect patterns of malicious activity. SOC Insights provides customers with insights into potential targeted attacks by providing monitoring of malicious activity and offering recommended actions to mitigate the threats. This helps in detecting and mitigating potential threats related to malware and data exfiltration.

SOC Insights reduces the amount of time between investigating threats and responding to threatss
DiagramThe workflow used by SOC Insights to manage cybersecurity events. SOC Insights leverages data, artificial intelligence, and automated processes to manage and respond to a large volume of security events impacting your network thereby reducing the time it takes to investigate and respond to potential threats.

The objective of SOC Insights is to help customers identify malicious actors that interact with multiple protected assets/users. It aims to detect and spot organized attackers who have compromised networks by correlating multiple communications with the same source. The goal is to provide customers with insights into targeted attacks and recommend actions to block known and unknown malicious domains, monitor for malware and data exfiltration, and identify common application patterns.

SOC Insights is comprised of Configuration Insights and Security Insights

Configuration Insights

The Configuration feature of SOC Insights is included with Infoblox Threat Defense Business Cloud and Advanced to help users ensure they are taking full advantage of current best practices and avoiding common mistakes. Follow videos and other guides to help address mistakes and weaknesses, or deactivate unnecessary warnings for allowed exceptions. Configured SOC Insights are available to subscribers of Infoblox Threat Defense Business Cloud and Infoblox Threat Defense Advanced.

Security Insights

The Security add-on for SOC Insights is available for Infoblox Threat Defense Business Cloud or Advanced. Security Insights uses AI to distill vast amounts of event, network, ecosystem, and DNS visibility and intelligence into a manageable set of actionable, security insights.

 SOC Insights can be accessed from MonitorReports > Insights in the Infoblox Portal.

Image: A view  of the SOC Open Insights dashboard page related to threat intelligence and monitoring. The dashboard is a professional tool used by cybersecurity personnel to monitor, assess, and manage cyber threats in real time. The interface appears user-friendly, with a focus on clarity and accessibility of important data.


SOC Insights assists customers in monitoring and mitigating threats detected on their networks.  Here are several use cases: 

  • Identifying Targeted Attacks: SOC Insights helps customers identify malicious actors who are specifically targeting their networks. By correlating multiple communications with the same source, even if the data appears unique at first glance, customers can spot organized attackers and take appropriate action. This allows customers to understand when a specific attacker group or individual is targeting them and take appropriate action to protect their networks.
  • Monitoring for Malware and Data Exfiltration: SOC Insights allows customers to monitor for malware and data exfiltration by analyzing multiple domains, IP addresses, and malware families that can be attributed to the same knowledge base or hacker group. This helps in detecting and mitigating potential threats related to malware and data exfiltration.
  • Insight Reporting Notifications: Insight notifications provide timely information on all Insights identified on your network. Using notifications, you can keep aware of threats detected on your network. You can configure Insight notifications to be viewed in the Infoblox Portal (in-application), and/or have notifications sent to an email recipient address of your choice. In the Infoblox Portal, Insight notifications can be viewed.

Threat Feed Missing

If a threat feed is missing from your configuration, you will receive the following notification on the Configuration page. The notificaton will provide details about the missing feed.To add the missing feed to your policy, click Investigate Insight to view additional information about the missing feed along with information on how to add it to your policy. It may take up to 24 hours for the system to reflect the updated feed configuration.

Issue

Threat Feed Missing Notification

Please note that after adding the missing feed to your configuration as indicated by a "Threat Feed Missing" notification, it may take up to 24 hours for the system to reflect the updated feed configuration, as Insight re-checks every 24 hours.


An example of a Threat Feed mssing notification

Image: An example of a Threat Feed mssing notification. 


For information about SOC Insights, see the following: