Infoblox Dossier User Guide
|
|
- Darren Sharp
- 5 years ago
- Views:
Transcription
1 Infoblox Dossier User Guide 2017 Infoblox Inc. All rights reserved. ActiveTrust Platform Dossier and TIDE - June 2017 Page 1 of 16
2 1. Overview of Dossier Prerequisites Access to the Dossier User Interface Home Dashboard and Navigation Menu User Settings and Metric Reports Dossier Search Dossier Threat Indicators Dossier API Dossier API Guides Utilizing AIS Data with Infoblox Dossier AIS Data in Dossier References... 9 Infoblox Dossier Documentation 2 / 10
3 1. Overview of Dossier Overview Infoblox Dossier is a threat investigation tool providing immediate contextual information on threats simultaneously from a dozen sources including TIDE. This allows threat analysts to save precious time in taking action against any identified threats. By using Dossier, accurate decisions may be made more quickly and with greater confidence, thereby shortening the threat s attack window. Infoblox Dossier threat indicator investigation provides rich threat context to prioritize incidents and respond quickly. 2. Prerequisites Prerequisites Dossier is a subscription-based services provided in Infoblox Cloud. There are no specific requirements for the software to access the services except a relevant subscription. Infoblox Dossier Documentation 3 / 10
4 3. Access to the Dossier User Interface Access to Dossier Dossier can be accessed at Dossier is also available by visiting where it is located under the Analyze section. These sites are respectively referred to as The Portal and CSP. The Portal is not integrated with CSP and separate credentials are required. Your credentials are provided in a welcome when your account is created. 4. Home Dashboard and Navigation Menu Home dashboard and navigation menu On the TIDE dashboard you can find a shortcut to perform a Dossier Keyword Search. Access to Dossier is also available under the Search menu. Infoblox Dossier Documentation 4 / 10
5 5. User Settings and Metric Reports User Settings and Metric Reports Metric Reports Subscriptions include a limited number of Dossier and partners searches. Statistics per user, organization, partners, and dossier transactions are provided in Metric Reports. The menu is available only to an organization s administrators. User Settings On the User Management page, you can change your password and manage API Keys. The passwords must satisfy the requirements described on the Change Password page. API keys are required to access Dossier via REST API. A user can create multiple API keys. There are not any specific permissions related to a key. Only the key name and description can be changed. A key may be deactivated or deleted. In order to copy the key, you can:? Click on a key. Info window Copying the key to the clipboard was successful will be displayed.? Edit a key 6. Dossier Search Dossier Search The Dossier search field accepts the following input types: domains, hostnames, IPs, URLs, SHA1 and SHA256 hashes, and addresses. Not all features/data providers support all data types, e.g. Alexa supports only hostnames and domains, for example. Dossier automatically detects the type of the data in a search field and performs only relevant searches. With Dossier, it is possible to enter domains in this format example[.]com. The Features sidebar provides the ability to select or deselect any of the listed features by checking the appropriate check box. By hovering over the i icon on any of the Dossier search fields, a brief description of the feature can be viewed. A brief description of Dossier s features is available by hovering over Infoblox Dossier Documentation 5 / 10
6 the i icon in the feature s search field. Dossier search is available via the web-interface and a REST API. The portal uses the same API so there is no difference in available filters and search results between Web and API Searches. 7. Dossier Threat Indicators Dossier Threat Indicators The Dossier threat indicator research tool offers the following features. Using the Dossier toolset, users may make accurate ccurate decisions more quickly and with greater confidence based on the contextual information obtained from a dozen sources simultaneously. Alexa Alexa is a global pioneer in the world of analytical insight. Their vast experience means they have developed the most robust and accurate web analytics service. Search results from Alexa provide a ranking from the global Top 1,000,000 Sites list. ActiveTrust Active Trust is Infoblox s flagship data collection. Queries are executed against all data within ActiveTrust and data provider subscriptions. DNS Lookup Search results from DNS Lookup provide all the available information about a given hostname from DNS nameservers. Google Custom Search Google Custom Search, or GCS, searches anti-virus analysis pages, malware analysis blogs and other related malware/rce websites. Google Custom Search is a platform provided by Google that allows web developers to feature specialized information in web searches, refine and categorize queries and create customized search engines. Geolocation The geolocation tool plots the identified coordinates on a map, providing city-level accuracy. Other information including ISP, city, region, lat/long, and country are also included. Google Safe Browsing Google Safe Browsing, or GSB, is a Google service that enables applications to check URLs against Google s constantly updated lists of suspected phishing, malware, and Infoblox Dossier Documentation 6 / 10
7 unwanted software pages. Passive DNS Passive DNS is the historical DNS record for hostnames. When searching a hostname, Passive DNS will return all IPs that hostname has resolved to and were caught by the PDNS sensors in the previous 12 months. When searching an IP, Passive DNS will return all hostnames that have pointed to that IP. Note: Not every DNS change is caught, so there will be missing information. Reverse DNS The Reverse DNS tool performs a reverse DNS lookup of an IP address by searching domain name registry and registrar tables. Reverse Whois DomainTools Reverse Whois lookup API allows a lookup in Whois records that contain a string. This is typically used for identifying information like an address or name. The results can reveal related, registered domains. Secure Domain Foundation Secure Domain Foundation is a Canadian incorporated not-for-profit organization whose primary mission is to provide Domain Name Registrars, registries (cctld & gtld), hosting providers, DNS operators, and other Internet infrastructure providers with the tools they need to combat abuse of their services and a forum for sharing intelligence on bad actors. This version of SDF s API is designed specifically to assist domain registries, registrars, and hosting providers to easily obtain validation and reputation information on certain account or whois related data points. Whois DomainTools Whois lookup API provides the ownership record for a domain name or IP address with basic registration details, all in well-structured format that groups together important data. 8. Dossier API Dossier API Customers commonly use Dossier API Basic. It provides access to all information available on the portal. The Dossier API Basic Guide describes all available filters and options. Before using the Dossier API Guide, you need to enter an API Key in api_key field. The API keys are configured on the User Settings page under Manage API Keys. Infoblox Dossier Documentation 7 / 10
8 The ActiveTrust platform leverages the Basic Auth method in HTTP/HTTPS to transport the API key. The API key is passed in the username field. The password field should be set to an empty string. When a test query is executed, the API Guide returns: a CURL command to request the data, response body and response code. The listing below contains a sample CURL command which retrieves information about eicar.top domain in JSON format, which is the only supported export format for API based indicator search. curl -H Content-Type : application/json -X POST ctivetrust.net:8000/api/services/intel/lookup/jobs?wait=true -u <User_API_Key>: -d { target :{ one :{ type : host, target : eicar.top, sources : [ alexa, atp, dns, gcs, gsb, malware_ analysis, pdns, ptr, rwhois, sdf, whois ]}}} Depending on the amount of data being requested, it may take some time to retrieve the data. In the case where the data is not required immediately, a search can be executed with the wait parameter set to false and retrieved later using the Dossier API Advanced call. In this case the first search (Basic API call) will return the job_id. The status of the job and results can be retrieved using the Advanced API lookup_jobs_management calls. The URL below retrieves results of a job using the job_id parameter: The Dossier Advanced API provides these API calls:? Lookup Jobs APIs (lookup_jobs_management) API calls return status and results of the lookup jobs.? Lookup Job Index (lookup_jobs_index) API calls return list of the performed searches per user or organization.? Worker Status (worker_stats) API calls provide statistics per source, e.g. alexa, atp, dns etc.? Service Metadata (service_metadata) API calls return information about supported sources, targets, supported sources by targets and targets descriptions. 9. Dossier API Guides Dossier API Guides Infoblox Dossier Documentation 8 / 10
9 The following Dossier guides are accessible only through the UI. Swagger Rest API Guides Dossier API Guide Basic PDF API Guides Dossier API Reference Guide 10. Utilizing AIS Data with Infoblox Dossier Utilize AIS Data Today with Dossier As a qualified commercial capability provider, Infoblox has completed the technical and operational integrations necessary to distribute AIS threat data to our private sector customers. In addition, we have completed the terms of use and interconnectivity agreements on behalf of our customers who wish to deploy this data in their network protection mechanisms immediately. No additional agreements are required For customers having access to AIS Commercial threat indicators, Dossier will be automatically enabled and search against this data set. For those AIS indicators where additional context is needed, Dossier query results offer a broad set of information for better threat response and triage. 11. AIS Data in Dossier AIS Data in Dossier AIS data is available via simple searches on specific data types such as IPs and Hostnames using Dossier. Dossier provides additional context from other sources on known AIS indicators and can provide useful context for response action when you have an RPZ hit on an indicator sourced from AIS. 12. References References Dossier API Guide Basic. Infoblox Dossier Documentation 9 / 10
10 Powered by TCPDF ( Infoblox Dossier Quick Start Guide Infoblox Dossier Documentation 10 / 10
ActiveTrust Platform Dossier & TIDE
ActiveTrust Platform Dossier & TIDE Quick Start Guide 2018 Infoblox Inc. All rights reserved. Page 1 of 41 2018 Infoblox Inc. All rights reserved. Overview ActiveTrust Platform TIDE and Dossier Quick Start
More informationDHS Automated Information Sharing (AIS) Program
DHS Automated Information Sharing (AIS) Program 2018 Infoblox Inc. All rights reserved. Page 1 of 5 2018 Infoblox Inc. All rights reserved. DHS Automated Information Sharing (AIS) Program Infoblox AIS
More informationInfoblox TIDE User Guide
Infoblox TIDE User Guide 2017 Infoblox Inc. All rights reserved. ActiveTrust Platform Dossier and TIDE - June 2017 Page 1 of 16 Overview of TIDE Overview TIDE uses highly accurate machine-readable threat
More informationDomainTools for Splunk
DomainTools for Splunk Installation Guide version 2.0 January 2018 Solution Overview The DomainTools Technology Add-On (TA) for Splunk populates a whois index with DomainTools Whois and Risk Score data
More informationDomainTools App for QRadar
DomainTools App for QRadar App Startup Guide for Version 1.0.480 Updated November 1, 2017 Table of Contents DomainTools App for QRadar... 1 App Features... 2 Prerequisites... 3 Data Source Identification...
More informationLuminous: Bringing Big(ger) Data to the Fight
Luminous: Bringing Big(ger) Data to the Fight Norm Ritchie Drew Bagley ICANN Helsinki June, 2016 Secure Domain Foundation Non-profit Founded in 2014 Proactive mitigation of malicious domains used for cybercrime
More informationImplementing Infoblox Data Connector 2.0
DEPLOYMENT GUIDE Implementing Infoblox Data Connector 2.0 2017 Infoblox Inc. All rights reserved. Implementing Infoblox Data Connector, July 2017 Page 1 of 31 Contents Overview... 3 Prerequisites... 3
More informationTracking Messages
This chapter contains the following sections: Tracking Service Overview, page 1 Setting Up Centralized Message Tracking, page 2 Checking Message Tracking Data Availability, page 4 Searching for Email Messages,
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationComodo Unknown File Hunter Software Version 2.1
rat Comodo Unknown File Hunter Software Version 2.1 Administrator Guide Guide Version 2.1.061118 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction to Comodo
More informationIntegration with McAfee DXL
DEPLOYMENT GUIDE Integration with McAfee DXL Visibility into Network Changes and Faster Threat Containment Using Outbound APIs 2017 Infoblox Inc. All rights reserved. Integration with McAfee DXL November
More informationSupercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness
Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness Introduction Drowning in data but starving for information. It s a sentiment that resonates with most security analysts. For
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSecurity. Made Smarter.
Security. Made Smarter. Your job is to keep your organization safe from cyberattacks. To do so, your team has to review a monumental amount of data that is growing exponentially by the minute. Your team
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More informationMcAfee Investigator Product Guide
McAfee Investigator Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone,
More informationComodo Unknown File Hunter Software Version 5.0
rat Comodo Unknown File Hunter Software Version 5.0 Administrator Guide Guide Version 5.0.073118 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction to Comodo
More informationAvanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.
Avanan for G Suite Technical Overview Contents Intro 1 How Avanan Works 2 Email Security for Gmail 3 Data Security for Google Drive 4 Policy Automation 5 Workflows and Notifications 6 Authentication 7
More informationNetBackup Collection Quick Start Guide
NetBackup Collection Quick Start Guide This whitepaper is intended for IT professionals, IT managers, and IT personnel responsible for the planning, setup, and/or administration of Veritas Information
More informationTanium Endpoint Detection and Response. (ISC)² East Bay Chapter Training Day July 13, 2018
Tanium Endpoint Detection and Response (ISC)² East Bay Chapter Training Day July 13, 2018 $> WhoamI 11 Years of Security Experience Multiple Verticals (Technology, Industrial, Healthcare, Biotech) 9 Years
More informationAppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide
AppDefense Appendix Cb Defense Integration Configuration Guide Table of Contents Overview 3 Requirements 3 Provision API Key for Cb Defense Integration 3 Figure 1 Integration Type 4 Figure 2 API Key Provisioning
More informationUsing Internet Data Sets to Understand Digital Threats
Using Internet Data Sets to Understand Digital Threats CONTENTS EXECUTIVE SUMMARY...1 ACTIONS LEAVE BREADCRUMBS. MAKE SURE TO FOLLOW THEM...2 INFRASTRUCTURE CHAINING...3 INTERNET DATA SETS...3 PASSIVE
More informationHow-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018
How-to Guide: Tenable.io for Microsoft Azure Last Updated: November 16, 2018 Table of Contents How-to Guide: Tenable.io for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationCYBER ANALYTICS. An Advanced Network- Traffic Analytics Solution
CYBER ANALYTICS An Advanced Network- Traffic Analytics Solution Dramatically increase the efficiency and effectiveness of IT security staff and threat responders by providing them with the right information
More informationHi rat. Comodo Valkyrie. Software Version User Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013
Hi rat Comodo Valkyrie Software Version 1.19 User Guide Guide Version 1.19.091217 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction to Comodo Valkyrie... 3
More informationSetting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1
Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1 Setting Up Resources in VMware Identity Manager (On Premises) You can find the most up-to-date
More information1. Anti-Piracy Services. 2. Brand Protection (SAAS) 3. Brand Protection Services. Data Protection and Permitted Purpose. Services
MarkMonitor Services Our operating information for all MarkMonitor products and services is outlined below. References in this document to MarkMonitor means the Clarivate entity identified in the order
More informationAnomali ThreatStream IBM Resilient App
Anomali ThreatStream IBM Resilient App IBM Resilient App Guide Release: 2.0.1 August 24, 2018 Copyright Notice 2018 Anomali, Incorporated. All rights reserved. ThreatStream is a registered servicemark.
More informationTrend Micro Business Support Portal
Lorem Ipsum Dolor Sit Amet Consectetur Adipiscing Trend Micro Business Support Portal User Guide Welcome to the Trend Micro Business Support Portal. This portal provides full online support for Trend Micro
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationIntegration with Tenable Security Center
DEPLOYMENT GUIDE Integration with Tenable Security Center Outbound API 2017 Infoblox Inc. All rights reserved. Integration with Tenable Security Center August 2017 Page 1 of 10 Contents Introduction...
More informationAndroid User Guide. User Guide 2.3
Android 2.3 THE INFORMATION CONTAINED IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY EXPRESS REPRESENTATIONS OF WARRANTIES. IN ADDITION, INFRAGISTCS, INC. DISCLAIMS ALL IMPLIED REPRESENTATIONS AND WARRANTIES,
More informationTenable for Google Cloud Platform
How-To Guide Tenable for Google Cloud Platform Introduction This document describes how to deploy Tenable SecurityCenter Continuous View (Security Center CV ) for integration with Google Cloud Platform.
More informationMcAfee Endpoint Threat Defense and Response Family
Defense and Family Detect zero-day malware, secure patient-zero, and combat advanced attacks The escalating sophistication of cyberthreats requires a new generation of protection for endpoints. Advancing
More informationPure Storage FlashArray Management Pack for VMware vrealize Operations Manager User Guide. (Version with Purity 4.9.
Pure Storage FlashArray Management Pack for VMware vrealize Operations Manager User Guide (Version 1.0.139 with Purity 4.9.x or higher) Sunday, November 27, 2016 16:13 Pure Storage FlashArray Management
More informationComodo One Software Version 3.26
rat Comodo One Software Version 3.26 Service Desk End-User Guide Guide Version 4.16.1130118 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Introduction to Service Desk Module Comodo Service
More informationPURPOSE STATEMENT FOR THE COLLECTION AND PROCESSING OF WHOIS DATA
PURPOSE STATEMENT FOR THE COLLECTION AND PROCESSING OF WHOIS DATA The GDPR requires that the collection and processing of personal data be for specified, explicit and legitimate purposes. (Article 5(1)(b).
More informationComodo APT Assessment Tool
rat Comodo APT Assessment Tool Software Version 1.1 Administrator Guide Guide Version 1.1.102815 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction to Comodo
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationHow-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018
How-to Guide: Tenable Nessus for Microsoft Azure Last Updated: April 03, 2018 Table of Contents How-to Guide: Tenable Nessus for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationSetting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8
Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.8 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationMission Guide: GUI Windows
Mission Guide: GUI Windows Your Mission: Use F-Response to connect to a remote Windows machine Using F-Response to connect to a remote Windows machine and access one or more targets Step 1: Open and start
More informationUse Cases for Firepower Threat Defense
The following topics explain some common tasks you might want to accomplish with Firepower Threat Defense using Firepower Device Manager. These use cases assume that you completed the device configuration
More informationTechnical Brief: Domain Risk Score Proactively uncover threats using DNS and data science
Technical Brief: Domain Risk Score Proactively uncover threats using DNS and data science 310 Million + Current Domain Names 11 Billion+ Historical Domain Profiles 5 Million+ New Domain Profiles Daily
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationWHOIS High-Level Technical Brief
WHOIS High-Level Technical Brief Background When the predecessor to the Internet (the ARPANet) was first being developed, it was quickly determined that there needed to be a contact list of the researchers
More informationEnhanced Threat Detection, Investigation, and Response
Enhanced Threat Detection, Investigation, and Response What s new in Cisco Stealthwatch Enterprise Release 6.10.2 Cisco Stealthwatch Enterprise is a comprehensive visibility and security analytics solution
More informationCisco Threat Intelligence Director (TID)
The topics in this chapter describe how to configure and use TID in the Firepower System. Overview, page 1 Using TID Sources to Ingest Feed Data, page 6 Using Access Control to Publish TID Data and Generate
More informationEnabling AMP on Content Security Products (ESA/WSA) November 2016 Version 2.0. Bill Yazji
Enabling AMP on Content Security Products (ESA/WSA) November 2016 Version 2.0 Bill Yazji byazji@cisco.com C O N T E N T S E C U R I T Y A M P B E S T P R A C T I C E S Overview: The vast majority of threats,
More informationFile Reputation Filtering and File Analysis
This chapter contains the following sections: Overview of, page 1 Configuring File Reputation and Analysis Features, page 5 File Reputation and File Analysis Reporting and Tracking, page 14 Taking Action
More informationManaging Microsoft 365 Identity and Access
Course MS-500T01-A: Managing Microsoft 365 Identity and Access Page 1 of 3 Managing Microsoft 365 Identity and Access Course MS-500T01-A: 1 day; Instructor-Led Introduction Help protect against credential
More informationSponsor s Monthly Report for.coop TLD
Sponsor s Monthly Report for.coop TLD Reporting period: May 2011 In this report the terms dotcoop, Registry and Sponsor refer to DotCooperation LLC, the Sponsor of the dotcoop TLD. Table of Contents 1
More informationTracking Messages. Message Tracking Overview. Enabling Message Tracking. This chapter contains the following sections:
This chapter contains the following sections: Message Tracking Overview, page 1 Enabling Message Tracking, page 1 Searching for Messages, page 2 Working with Message Tracking Search Results, page 4 Checking
More informationSymantec Advanced Threat Protection App for Splunk
Symantec Advanced Threat Protection App for Splunk Administrator Guide Date Published: 27 th Mar 2017 Document Version: 1.0.5 Table of Contents Installing and setting up the ATP app 3 About the Symantec
More informationThreat Detection and Response. Deployment Guide
Threat Detection and Response Deployment Guide About This Guide The Threat Detection and Response Getting Started Guide is a guide to help you set up the Threat Detection and Response subscription service.
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More information<Partner Name> RSA NETWITNESS Intel Feeds Implementation Guide. Kaspersky Threat Feed Service. <Partner Product>
RSA NETWITNESS Intel Feeds Implementation Guide Kaspersky Jeffrey Carlson, RSA Partner Engineering Last Modified: December 19 th, 2017 Solution Summary Kaspersky Lab offers
More informationTHREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION
SESSION ID: AIR-W12 THREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION Justin Monti CTO MKACyber Mischel Kwon CEO MKACyber @MKACyber What is Cyber Threat Intelligence Data collected,
More informationUse Cases for Firepower Threat Defense
The following topics explain some common tasks you might want to accomplish with Firepower Threat Defense using Firepower Device Manager. These use cases assume that you completed the device configuration
More informationMonitoring the Device
The system includes dashboards and an Event Viewer that you can use to monitor the device and traffic that is passing through the device. Enable Logging to Obtain Traffic Statistics, page 1 Monitoring
More informationIBM Managed Security Services for X-Force Hosted Threat Analysis Service
IBM Managed Security Services for X-Force Hosted Threat Analysis Service Z125-8483-00 05-2010 Page 1 of 5 Table of Contents 1. Scope of Services... 3 1.1 Licensing... 3 1.1.1 Individual... 3 1.1.2 Distribution...
More informationANALYTICS NOVETTA CYBER. NOVETTA Cyber Analytics Product Brochure. Optimal for Analysis. Not Enough. Too Much
NOVETTA Product Brochure The harsh reality of modern network security is that determined attackers will eventually breach enterprise networks attackers have an asymmetrical advantage and only need to find
More informationStep 1 - Set Up Essentials for Office 365
The standalone Office 365 Standalone Email Security option is available for purchase only through the Barracuda Self-Service Gateway or Barracuda MSP. This article assumes you are deploying Barracuda Services
More informationIdentity Policies. Identity Policy Overview. Establishing User Identity through Active Authentication
You can use identity policies to collect user identity information from connections. You can then view usage based on user identity in the dashboards, and configure access control based on user or user
More informationDNS Management with Blue Cat Networks at PSU
DNS Management with Blue Cat Networks at PSU Network and System Administrators at Penn State can make their own DNS changes, live, using the Blue Cat Proteus web-based interface. Proteus will be used by
More informationSage Construction Central Setup Guide (Version 18.1)
Sage 300 Construction and Real Estate Sage Construction Central Setup Guide (Version 18.1) Certified course curriculum Important Notice The course materials provided are the product of Sage. Please do
More informationTechnical Brief: DYN DELIVERY
Technical Brief: DYN EMAIL DELIVERY 603 668 4998 Technical Brief: Dyn Email Delivery Introduction Dyn s Email Delivery platform allows reputable senders to send both bulk and transactional emails to their
More informationAugust 2009 Report #22
August 2009 Report #22 The data in this report is aggregated from a combination of sources including Symantec s Phish Report Network (PRN), strategic partners, customers and security solutions. This report
More informationPALANTIR CYBERMESH INTRODUCTION
100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBERMESH INTRODUCTION Cyber attacks expose organizations to significant security, regulatory, and reputational risks, including the potential for
More informationActiveTrust Cloud Threats API
QUICK START GUIDE ActiveTrust Cloud Threats API March 2018 2018 Infoblox Inc. All rights reserved. ActiveTrust Cloud Threats API Quick Start Guide March 2018 Page 1 of 19 Contents Overview... 3 Prerequisites...
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More informationConstruction IC User Guide
Construction IC User Guide The complete source of project, company, market and theme information for the global construction industry clientservices.construction@globaldata.com https://construction.globaldata.com
More informationvrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017
vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017 vrealize Suite Lifecycle Manager 1.0 Installation and Management You can find the most up-to-date technical documentation
More informationSOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE
RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE KEY CUSTOMER BENEFITS: Gain complete visibility across enterprise networks Continuously monitor all traffic Faster analysis reduces risk exposure
More informationStorageGRID Webscale 11.0 Tenant Administrator Guide
StorageGRID Webscale 11.0 Tenant Administrator Guide January 2018 215-12403_B0 doccomments@netapp.com Table of Contents 3 Contents Administering a StorageGRID Webscale tenant account... 5 Understanding
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationUSING SEARCH ENGINES TO ACQUIRE NETWORK FORENSIC EVIDENCE
Chapter 17 USING SEARCH ENGINES TO ACQUIRE NETWORK FORENSIC EVIDENCE Robert McGrew and Rayford Vaughn Abstract Search engine APIs can be used very effectively to automate the surreptitious gathering of
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More informationIntegrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement
Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement The Challenge: Smarter Attackers and Dissolving Perimeters Modern enterprises are simultaneously
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationThe European Spambox Project - Enforcement without borders. Rechtsanwalt Thomas Rickert Director Self-Regulation, eco ev
The European Spambox Project - Enforcement without borders Rechtsanwalt Thomas Rickert Director Self-Regulation, eco ev Partners: Supporters: SpotSpam? SpotSpam is an international database project End
More informationFast Flux Hosting Final Report. GNSO Council Meeting 13 August 2009
Fast Flux Hosting Final Report GNSO Council Meeting 13 August 2009 1 January 2008: SAC 025 Fast Flux Hosting and DNS Characterizes Fast Flux (FF) as an evasion technique that enables cybercriminals to
More informationDNS Firewall with Response Policy Zone. Suman Kumar Saha bdcert Amber IT Limited
DNS Firewall with Response Policy Zone Suman Kumar Saha bdcert suman@bdcert.org Amber IT Limited suman@amberit.com.bd DNS Response Policy Zone(RPZ) as Firewall RPZ allows a recursive server to control
More informationStep 1 - Set Up Essentials for Office 365
For each Barracuda Cloud Control account, you can have either a linked Barracuda Email Security Gateway appliance or a Barracuda Email Security Service subscription. You cannot use a single Barracuda Cloud
More informationForeScout Extended Module for Symantec Endpoint Protection
ForeScout Extended Module for Symantec Endpoint Protection Version 1.0.0 Table of Contents About the Symantec Endpoint Protection Integration... 4 Use Cases... 4 Additional Symantec Endpoint Protection
More informationTechnical Brief SUPPORTPOINT TECHNICAL BRIEF MARCH
Technical Brief 1 SupportPoint Cloud is a SaaS solution that makes it easy for people to get the information and guidance they need to navigate through complex business processes. SupportPoint Cloud Client
More informationThreatConnect Learning Exercises
ThreatConnect Learning Exercises The following exercises will teach you some of the important features within the ThreatConnect platform. You will learn various ways of adding intelligence data into ThreatConnect,
More informationPhishing Activity Trends Report August, 2006
Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account
More informationrat Comodo Valkyrie Software Version 1.1 Administrator Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013
rat Comodo Valkyrie Software Version 1.1 Administrator Guide Guide Version 1.1.122415 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction to Comodo Valkyrie...
More informationAccess Control. Access Control Overview. Access Control Rules and the Default Action
The following topics explain access control rules. These rules control which traffic is allowed to pass through the device, and apply advanced services to the traffic, such as intrusion inspection. Overview,
More informationPASSPORTAL PLUGIN DOCUMENTATION
Contents Requirements... 2 Install or Update Passportal Plugin Solution Center... 3 Configuring Passportal Plugin... 5 Client mapping... 6 User Class Configuration... 7 About the Screens... 8 Passportal
More informationEndpoint web control overview guide
Endpoint web control overview guide Sophos Web Appliance Sophos UTM (version 9.2 or later) Sophos Enterprise Console Sophos Endpoint Security and Control Contents 1 Endpoint web control...3 2 Enterprise
More informationAvePoint Online Services for Partners 2
AvePoint Online Services for Partners 2 User Guide Service Pack 1 Issued June 2017 Table of Contents What s New in this Guide...4 About...5 Submitting Documentation Feedback to AvePoint...6 Browser Support
More informationThe following topics provide more information on user identity. Establishing User Identity Through Passive Authentication
You can use identity policies to collect user identity information from connections. You can then view usage based on user identity in the dashboards, and configure access control based on user or user
More informationCyber Security at large scale
Cyber Security & Data Summit June 18 Cyber Security at large scale www.telesoft-technologies.com copyright 2017 by Telesoft Technologies. All rights reserved. Agenda Telesoft Introduction Large scale Challenges
More informationNetvibes A field guide for missions, posts and IRCs
Netvibes A field guide for missions, posts and IRCs 7/2/2012 U.S. Department of State International Information Programs Office of Innovative Engagement Table of Contents Introduction... 3 Setting up your
More informationAccess Control. Access Control Overview. Access Control Rules and the Default Action
The following topics explain access control rules. These rules control which traffic is allowed to pass through the device, and apply advanced services to the traffic, such as intrusion inspection. Overview,
More informationrat ITarian Service Desk End-User Guide Software version 4.16 Guide version ITarian 1255 Broad Street Clifton, NJ 07013
rat ITarian Service Desk End-User Guide Software version 4.16 Guide version 4.16.110618 ITarian 1255 Broad Street Clifton, NJ 07013 Introduction to Service Desk Module ITarian Service Desk is a web based
More informationMOBILE DEFEND. Powering Robust Mobile Security Solutions
MOBILE DEFEND Powering Robust Mobile Security Solutions Table of Contents Introduction Trustlook SECURE ai Mobile Defend Who Uses SECURE ai Mobile Defend? How it Works o Mobile Device Risk Score o Mobile
More information