Threat Defense THREAT RESEARCH Lab Instructions

Before you can begin your exercises, you'll need to:

• Create an Infoblox Portal Tenant. This is your personal trial tenant, so avoid working with your production tenant.

• Deploy a Universal DDI and Threat Defense Lab environment. We recommend deploying the lab for at least two weeks to allow you to complete all lab exercises and return to them if required.

• Complete Threat Defense CORE lab scenarios (at least scenarios 1 & 2).

At Techblue, the day of a SOC analyst starts with a steady routine: reviewing alerts, scanning for anomalies, and staying ahead of potential threats. Thanks to the Infoblox Threat Defense features, including Lookalike Management, SOC Insights, Dossier, and TIDE, the analyst adopts a proactive rather than a reactive approach. The goal is not just to respond to incidents but to prevent them from occurring in the first place.

Scenario 1: Managing Lookalike Domains

As a security analyst, your role involves proactively monitoring and investigating lookalike domains for commonly used domains and domains owned by your organization to help maintain and improve your organization’s security posture and prevent cyber threats. You will achieve that by enabling Threat Defense to watch for lookalike domains for commonly used and custom organization-owned domains.

• Watching Common Lookalike Domains Using Infoblox Portal (1534)

Scenario 2: Investigating Suspicious and Malicious Domains

As a security analyst, your role involves investigating domains recently identified by Infoblox’s Threat Defense or any security tool in your organization for abnormal behavior. You can achieve that with Dossier by collecting as much information as possible about these malicious or high-risk domains and reporting your findings.

• Investigating Domains using Dossier (2808)

Scenario 3: Customizing Policy Actions for Threat Indicators Based on Threat Class or Properties

As a security administrator, your role may involve importing custom Response Policy Zones (RPZ), editing the behaviour of some indicators in existing Infoblox-provided ones, or taking action on domains based on their country code top-level domain (ccTLD). You can achieve that with Infoblox TIDE: Custom and Country-Based RPZ.

• Using Threat Defense Custom Response Policy Zones (RPZ) (2806)

or

• Interactive demo: Country-Based RPZ

• Interactive demo: Custom RPZ

Scenario 4: Investigating Threat Events and Trends with SOC Insights

Explore SOC Insights by following along with the included walkthrough.

• Interactive demo: SOC Insights