Threat Defense THREAT RESEARCH Lab Instructions

Before you can begin your exercises, you'll need to:

• Create an Infoblox Portal Tenant – This is your personal trial tenant, to avoid doing work in your production tenant.

• Deploy a Universal DDI and Threat Defense Lab environment. We recommend deploying the lab for at least two weeks to allow you to complete all lab exercises and return to them if required.

• Complete Threat Defense CORE lab scenarios (at least scenarios 1 & 2).

At Techblue, the day of a SOC analyst starts with a steady routine: reviewing alerts, scanning for anomalies, and staying ahead of potential threats. Thanks to the Infoblox Threat Defense features, including Lookalike Management, SOC Insights, Dossier, and TIDE, the analyst adopts a proactive approach rather than a reactive one. The goal is not just to respond to incidents but to prevent them from occurring in the first place.

Scenario 1: Managing Lookalike Domains

As a security analyst, your role involves proactively monitoring and investigating lookalike domains for a commonly used domain by your organization’s employees, PayPal.com, to help prevent cyber threats.

• Researching Lookalike Domains Using Infoblox Portal (1534)

Scenario 2: Investigating Suspicious and Malicious Domains

Investigate domains recently connected to abnormal behaviour. Your task is to use Dossier to collect as much information about these malicious domains as possible and report your findings.

• Investigating Domains using Dossier (2808)

Scenario 3: Customizing Policy Actions for Threat Indicators Based on Threat Class or Properties

This section will contain the following lab guides:

• Using Threat Defense Custom Response Policy Zones (RPZ) (2806)

Scenario 4: Investigating Threat Events and Trends with SOC Insights

This section will contain the following:

• Interactive demo: https://wlnt.io/s/_589JB