Threat Defense THREAT RESEARCH Lab Instructions
Before you can begin your exercises, you'll need to:
Create an Infoblox Portal Tenant – This is your personal trial tenant, to avoid doing work in your production tenant.
Deploy a Universal DDI and Threat Defense Lab environment. We recommend deploying the lab for at least two weeks to allow you to complete all lab exercises and return to them if required.
Complete Threat Defense CORE lab scenarios (at least scenarios 1 & 2).
At Techblue, the day of a SOC analyst starts with a steady routine: reviewing alerts, scanning for anomalies, and staying ahead of potential threats. Thanks to the Infoblox Threat Defense features, including Lookalike Management, SOC Insights, Dossier, and TIDE, the analyst adopts a proactive approach rather than a reactive one. The goal is not just to respond to incidents but to prevent them from occurring in the first place.
Scenario 1: Managing Lookalike Domains
As a security analyst, your role involves proactively monitoring and investigating lookalike domains for a commonly used domain by your organization’s employees, PayPal.com, to help prevent cyber threats.
Scenario 2: Investigating Suspicious and Malicious Domains
Investigate domains recently connected to abnormal behaviour. Your task is to use Dossier to collect as much information about these malicious domains as possible and report your findings.
Scenario 3: Customizing Policy Actions for Threat Indicators Based on Threat Class or Properties
This section will contain the following lab guides:
Scenario 4: Investigating Threat Events and Trends with SOC Insights
This section will contain the following:
Interactive demo: https://wlnt.io/s/_589JB