Skip to main content
Skip table of contents

2808 - BloxOne Dossier Threat Investigation

Cloud Services Portal (CSP) is now Infoblox Portal

In early September, Cloud Services Portal (CSP) became Infoblox Portal with a new look-and-feel, and a new URL (https://portal.infoblox.com). As a result of this change, the layout and organization of several menus have been updated.

Unfortunately, this means that our video courseware and lab guides no longer match the new user interface. However, we are currently in the process of updating them, and they should be ready soon.

In the meantime, we have some resources to help you navigate the new interface:

We apologize for any inconvenience this may cause and kindly ask for your patience as we work through this transition.

Scenario

You're tasked to investigate a recent event about some users trying to access a malicious domain, BloxOne’s security policies were able to identify and block the risk. Your task is to use Dossier to collect as much information about this malicious domain as possible and to report back your findings.

Estimate Completion Time

  • 20-25 Minutes

Course Reference

  • 2103: BloxOne Threat Defense Dossier and Threat Research

Prerequisites

  • Administrative access to the CSP

  • Lab 2804: Managing BloxOne Endpoints

Tasks

  • Task 1: Access security activity reports

  • Task 2: Generate a Dossier Report

Task 1: Access security activity reports

  • Through CSP access Dossier and investigate the domain streamthembase.top, collect information about it's threat category, it's threat level and how confident you are about the information collected. Expand your investigation to include the impacted devices in your organization, the timeline of the attack and wither this domain is associated with other domains or IP addresses.

Task 2: Generate a Dossier Report

  • Create a Report through Dossier, to include all your findings through Dossier.

Solutions

Task 1 solution: Access Dossier Reports

  1. On jump-Desktop, in your CSP browser, navigate to Research > Dossier.

  2. Type streamthembase.top in the search bar and click the search button, Investigate the results of the report.

  3. Answer the following questions:

    1. What Category does the threat belong to?

    2. What is the Threat level of the domain?

    3. How risky is the domain?

    4. Is the Indicator mentioned in an Infoblox Threat Research bulletin?

    5. When was the threat lastly detected?

  4. Click on Impacted Devices tab and explore it.

  5. Click on Related Ips tab and explore it, click on one of the Ips listed and pivot to its Dossier report for more information.

  6. Click on streamthembase.top hyperlink on the top right of the page.

  7. Click on Timeline and explore the detection sequence for the malicious domain.


Task 2 solution: Use the Dossier to generate a Report

  1. Navigate to Research > Dossier.

  2. Click on the Export button, and select the pages you would like to be included, then Click Export.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close