2807 - Using BloxOne Security Reports
Cloud Services Portal (CSP) is now Infoblox Portal
In early September, Cloud Services Portal (CSP) became Infoblox Portal with a new look-and-feel, and a new URL (https://portal.infoblox.com). As a result of this change, the layout and organization of several menus have been updated.
Unfortunately, this means that our video courseware and lab guides no longer match the new user interface. However, we are currently in the process of updating them, and they should be ready soon.
In the meantime, we have some resources to help you navigate the new interface:
We have created a mapping of the previous menu locations and their new breadcrumb location.
Additionally, you can find a walkthrough video of the new User Interface on Launchpad.
We apologize for any inconvenience this may cause and kindly ask for your patience as we work through this transition.
Scenario
You're tasked to investigate a recent event that might prove itself to be malicious, you're trying to prove that the investigated malicious domain has been dealt with correctly and securely by blocking it. using Security Activity Reports you decided to investigate the domain and export the logs of it being blocked for your team leader and department head alongside a more summarized report for them to use for the higher-up management.
Estimate Completion Time
30-40 Minutes
Course Reference
1106: BloxOne Reports
Prerequisites
Administrative access to the CSP
Lab 2804: Managing BloxOne Endpoints
Tasks
Task 1: Access security activity reports
Task 2: Search for a specific source
Task 3: Export Security Events report
Task 4: Creating Summary Reports
Task 1: Access security activity reports
Using your pod's Jump-Desktop, Log into CSP and access the security activity reports page.
Use the page to investigate the overall health of your environment.
Task 2: Search for a specific source
Use the search tool to query the suspious domain streamthembase.top or any domains that might be similar to it in name.
Verify from the logs that the specifed domain was indeed blocked and the user was redirected
Task 3: Export Security Events report
Export your findings out into a csv file to be used by other team members
Task 4: Creating Summary Reports
Using the Summary Reports tool in CSP, Create both an Executive Summary Report and a Comprehensive Security Report for the past week
Solutions
Task 1 solution: Access security activity reports
On jump-Desktop, in your CSP browser, navigate to Reports > Security Activity, you should land on the Security Events page.
Investigate the Security Events tab, we should find all our previous attempts to access malicious domains listed.
Click throw the different tabs on the top of the page and investigate what each page would show.
Task 2 solution: Search for a specific source
In the search bar in the Security Events tab, enter
query = stream*and click search. The output will include all streamthembase.top requests.Clear the search bar and using the options bar under or next to the search bar, change the Action from any to Redirect, the output displayed should only include Block-Redirect domains.
Revert the Action back to Any, Change the Show value from 1 hour (default) to 7 days.
Task 3 solution: Export Security Events report
Click the Export button above the security events table.
A new popup window will appear, choose the Downloads folder as your destination, and click Save. The name of the downloaded file should be security-activity_security-events.csv.
Task 4 solution: Creating Summary Reports
Navigate to Reports > Summary Reports, select Executive Summary Report from the list in step 1 and in step 2 select 7 days as the duration and click on Export.
Select Comprehensive Security Report from the list in step 1 and in step 2 select 7 days as the duration and click on Export.
Examine both reports and view their various elements.