This topic lists the resources available for conducting research into indicators. To access the tools, go to Research > Resources. Default TTLs, Infoblox InfoRanks, Excluded Bogons, Threat Classification Guide, and the Threat Lab reports are available for the BloxOne Threat Defense Advanced package.
Infoblox InfoRanks
The Infoblox InfoRanks list ranks the top second-level domains by popularity. The list is updated regularly. For details, see Infoblox InfoRanks.
Default TTLs
The default TTL (time-to-live) list displays each threat class’s default TTL value in a threat feed. TTL values range from less than one day to a year, depending on the indicator’s type. For more information about the TTL for threat indicators in a feed, see Default TTLs.
Excluded Bogons
A bogon is an internet address prefix that should never appear in a table for routing IP addresses. The Excluded Bogon page allows administrators to view invalid IP ranges that can be used by malicious entities. For details, see Excluded Bogons.
Threat Classification Guide
The guide defines (1) the common data-classification groups used in threat intelligence and (2) the properties of each group. For details, see Threat Classification Guide.
Threat Insight Guide
The guide lists threat insight indicators along with a brief description for each indicator. For details, see Threat Insight Guide.
Infoblox Threat Lab Reports
Infoblox Threat Lab reports provide the latest analysis, alerts, advisories, and other reports from the Infoblox Threat Intel. For details, see Infoblox Threat Lab Report.
Threat Actor Naming Conventions
Infoblox Threat Intel documents why and how threat actors are given names. For details, see Threat Actor Naming Conventions.
.