Using Application Discovery Reports (2809)
Scenario
You're tasked with monitoring your organization’s application usage to help identify any unwanted applications using the Threat Defense Application Discovery Report. You will start by marking your organization’s business-relevant applications as “Approved“ and other applications as “Unapproved,” then monitoring your organization’s application usage.
Estimate Completion Time
20-30 Minutes
Prerequisites
Administrative access to the Infoblox Portal
Enabling the DNS Forwarding Proxy Service (DFP) on a NIOS-X Server (2802)
Tasks
Mark applications as Approved or Unapproved
Monitor Application Discovery Summary Report
Task 1: Mark applications as Approved or Unapproved
On your lab’s jump desktop, use the Education Infoblox Portal credentials to log in to the Infoblox Portal.
Set the following Applications/Application categories as Approved:
Google Search
Communication Applications: Slack and Teams.
Microsoft OneDrive
Grammarly
Security Applications: Duo, Microsoft Certificates, and Windows Defender
Windows Update
Set the rest of the Applications as Unapproved
Task 2: Monitor Applications using Application Discovery Reports
Use Application Discovery’s tabs to answer the following questions:
What are the Top Applications being used in your organization?
What are the Top Application Categories being used in your organization?
What are the Top Unapproved Applications being used in your organization?
Are there any Applications that need to be reviewed?
List the Three Device IPs with the highest application usage.
Solutions
Task 1 Solution: Mark applications as Approved or Unapproved
In this task, we will mark detected applications in our environment into either the approved or unapproved groups. This is to allow us to easily identify any unwarranted or potentially malicious applications being used in our organization. We will add business-relevant applications to the approved group, and any other application will be marked as Unapproved.
Log in to your lab’s jump-desktop.
Use your Education Infoblox Portal Credentials to log into the Infoblox Portal.
Navigate to Monitor → Reports → Security → Application Discovery
Note that currently, all the applications are listed under the “Needs Review“ category.
Navigate to the Applications tab
You can also click on View all Detected Applications to navigate to the same page.
Click the checkbox icon next to each application to set its status to either Approved or Unapproved
Set the following Applications/Application categories as Approved:
Google Search
Communication Applications: Slack and Teams.
Microsoft OneDrive
Grammarly
Security Applications: Duo, Microsoft Certificates, and Windows Defender
Windows Update
Set the rest of the Applications as Unapproved
Task 2 Solution: Monitor Applications using Application Discovery Reports
In this task, we will use Application Discovery’s various tabs and reports to answer the questions below.
Please note that your report data might not exactly match the screenshots and answers provided
Navigate to the Summary tab
Under the TOP APPLICATIONS USED widget
What are the Top 3 Applications being used in your organization?
Google Search at 229 requests
Amazon Shopping at 64 requests
Netflix at 38 requests
Note that you can click each application’s name to get detailed information on which devices accessed said application
Under the TOP APPLICATIONS CATEGORIES widget
What are the Top 3 Application Categories being used in your organization?
Social Networking at 7 Applications
Business Apps at 4 Applications
Cloud Backup and Storage at 3 Applications
Note that you can click each application’s name to get detailed information on which devices accessed said application
Under the Top 3 Unapproved Applications widget
What are the Top 3 Unapproved Applications being used in your organization?
Amazon Shopping with 1.5k devices
Netflix with 987 Devices
Twitter with 601 Devices
Note that you can click each application’s name to get detailed information on which devices accessed said application
Under the NEEDS REVIEW card
Are there any Applications that need to be reviewed?
Yes, we have one application that still needs to be reviewed.
Navigate to the Devices tab
List the 3 Device IPs with the highest application usage.
172.31.15.124
172.31.1.36
172.31.7.77