Using the Web-Content Discovery Report (2810)

Scenario:

You're tasked with collecting information about your users' web traffic patterns and whether they are accessing domains that might be risky or malicious for a corporate environment using Threat Defense’s Web Content Discovery Report.

Estimate Completion Time

• 20-30 Minutes

Prerequisites

• Administrative access to the Infoblox Portal

• Configuring Threat Defense Security Policies (2803)

• Enabling the DNS Forwarding Proxy Service (DFP) on a NIOS-X Server (2802)

Tasks

Investigate web content usage.

Task 1: Investigate Web Content Usage

Use Web-Content Discovery’s tabs to answer these questions: How many content categories have we detected in our environment? How many high-risk categories appeared in the past week? What are the top three high-risk content categories? How many requests were detected for Search Engines, International News and Content Servers? List the three device IPs with the highest web content usage.

Solutions

Task 1 Solution: Investigate Web Content Usage

In this task, we will use Web Content Discovery’s various tabs and reports to answer the questions below.

1. Log in to your lab’s jump-desktop.

2. Use your Education Infoblox Portal Credentials to log into the Infoblox Portal.

3. Navigate to Security -> Threat Defense → Web Content Discovery

4. Navigate to the Summary tab

   1. Under the cards section

      1. How many content categories have been detected in our environment?

         • 191 based on the Total Categories card

      2. How many high-risk categories have been detected in the past week?

         • In the past week, we had 10 high-risk categories detected based on the High Risk Categories card

           

   2. Under the HIGH-RISK CATEGORIES widget

      1. What are the Top 3 detected high-risk content categories?

         1. Uncategorized with 216 requests

         2. Parked & For Sale Domains with 47 requests

         3. Piracy & Copyright Theft with 42 requests

            

   3. Navigate to the Categories tab

      • How many requests have been detected for the following content categories:

        • Please note that some categories might not be detected in your lab environment, as traffic is being randomized, and in this case, the answer will be zero requests.

          • Search Engines have 401 requests

          • International News has 615 requests

          • Content Servers have 3571 requests

            

   4. Navigate to the Devices tab

      • List the 3 Device IPs with the highest application usage.

        • 185.64.245.49

        • 172.31.13.202

        • 172.31.87.16