Using the Web-Content Discovery Report (2810)

Scenario:

You're tasked with collecting information about your users' web traffic patterns and whether they are accessing domains that might be risky or malicious for a corporate environment using Threat Defense’s Web Content Discovery Reports.

Estimate Completion Time

• 20-30 Minutes

Prerequisites

• Administrative access to the Infoblox Portal

• Configuring Threat Defense Security Policies (2803)

• Enabling the DNS Forwarding Proxy Service (DFP) on a NIOS-X Server (2802)

Tasks

• Investigate web content usage.

Task 1: Investigate Web Content Usage

• On your lab’s jump desktop, use the Education Infoblox Portal credentials to log in to the Infoblox Portal.

• Use Web-Content Discovery’s tabs to answer the following questions:

  • How many content categories have been detected in our environment?

  • How many high-risk categories have been detected in the past week?

  • What are the Top 3 detected high-risk content categories?

  • How many requests have been detected for the following content categories:

    • Search Engines

    • International News

    • Content Servers

  • List the Three Device IPs with the highest web content usage

Solutions

Task 1 Solution: Investigate Web Content Usage

Please note that your report data might not exactly match the screenshots and answers provided

In this task, we will use Web Content Discovery’s various tabs and reports to answer the questions below.

1. Log in to your lab’s jump-desktop.

2. Use your Education Infoblox Portal Credentials to log into the Infoblox Portal.

3. Navigate to Monitor → Reports → Security → Web Content Discovery

4. Navigate to the Summary tab

   1. Under the cards section

      1. How many content categories have been detected in our environment?

         • 191 based on the Total Categories card

      2. How many high-risk categories have been detected in the past week?

         • In the past week, we had 10 high-risk categories detected based on the High Risk Categories card

           

   2. Under the HIGH-RISK CATEGORIES widget

      1. What are the Top 3 detected high-risk content categories?

         1. Uncategorized with 216 requests

         2. Parked & For Sale Domains with 47 requests

         3. Piracy & Copyright Theft with 42 requests

            

   3. Navigate to the Categories tab

      • How many requests have been detected for the following content categories:

        • Please note that some categories might not be detected in your lab environment, as traffic is being randomized, and in this case, the answer will be zero requests.

          • Search Engines have 401 requests

          • International News has 615 requests

          • Content Servers have 3571 requests

            

   4. Navigate to the Devices tab

      • List the 3 Device IPs with the highest application usage.

        • 185.64.245.49

        • 172.31.13.202

        • 172.31.87.16