Differences

This shows you the differences between two versions of the page.

--- infoblox_threat_defense:applications [2025/02/14 19:06] – bstafford
+++ infoblox_threat_defense:applications [2025/03/03 15:57] (current) – bstafford
@@ Line 1: / Line 1: @@
 ====== Infoblox Applications ======
 ===== Allow - Local Resolution =====
 NIOS-X with DFP and Infoblox Endpoint can honour "Allow - Local Resolution" for Application Custom List on Security Policy. DFP MUST have a fallback resolver configured. This is because the list of applications isn't put into the DNS config file but the DFP config file and the DFP can't send the query back to the DNS server. So to honour "Allow - Local Resolution", the DFP must have a DNS server it can forward to (i.e. the fallback resolver)
+Infoblox Endpoint can also honour this setting.
 NIOS cannot honour this setting and ignores it.
@@ Line 8: / Line 11: @@
 External Networks cannot honour this setting and ignores it.
+Note: When you configure a rule in a security policy for an application based custom filter with action set to "Allow - Local Resolution", then its position in the security policy makes no different when it is implemented by NIOS-X and/or Infoblox Endpoint. This is because NIOS-X and Endpoint will apply the "Local Resolution" policy locally before the query can reach the cloud based security policy. Any application "block" action will only apply that action once it reaches the cloud. There is no "Block Locally" option because anything that isn't explicitly told to resolve locally will go to cloud.
 ===== Application Domains =====
 Infoblox Threat Defense (cloud) can identify application usage. You can find out the exact domains but configuring "Allow - Local Resolution" for an application custom list in a security policy, apply to an endpoint and then look at the corefile.4 config.
-e.g. the "Facebook" app detects on the following domains (which doesn't include the login page)
+=====Facebook=====
 <code>0.facebook.com
 api.facebook.com
@@ Line 37: / Line 42: @@
 vupload2.t.facebook.com
 web-chat-e2ee.facebook.com</code>
+=====Microsoft365=====
-DeepSeek
+<code>appsforoffice.microsoft.com.edgekey.net
+attachments.office.net
+consumer-licensing-aks2aks.md.mp.microsoft.com.akadns.net
+cxcs.microsoft.net.edgekey.net
+displaycatalog-rp.md.mp.microsoft.com.akadns.net
+docs.microsoft.com-c.edgekey.net
+docs.microsoft.com-c.edgekey.net.globalredir.akadns.net
+download.microsoft.com.edgekey.net
+fe2.update.msft.com.trafficmanager.net
+fe2cr.update.msft.com.trafficmanager.net
+fs-wildcard.microsoft.com.edgekey.net
+fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
+geover.prod.do.dsp.mp.microsoft.com.edgekey.net
+go.microsoft.com.edgekey.net
+login.microsoftonline.com
+privacy.microsoft.com.edgekey.net
+prod-video-cms-rt-microsoft-com.akamaized.net
+prod.configsvc1.live.com.akadns.net
+prod.fs.microsoft.com.akadns.net
+prod.mrodevicemgr.live.com.akadns.net
+prod.nexusrules.live.com.akadns.net
+prod.ocws1.live.com.akadns.net
+prod.odcsm1.live.com.akadns.net
+prod.ols.live.com.akadns.net
+prod.omexmessaginglfb.live.com.akadns.net
+prod.pptsgs.live.com.akadns.net
+prod.roaming1.live.com.akadns.net
+prodstack.support.microsoft.com.edgekey.net
+purchase.md.mp.microsoft.com.akadns.net
+r1.res.office365.com
+r3.res.office365.com
+r4.res.office365.com
+smtp.office365.com
+statics-marketingsites-wcus-ms-com.akamaized.net
+storecatalogrevocation.storequality.microsoft.com.edgekey.net
+www.icloud.com-v1.edgekey.net
+www.microsoft.com-c-3.edgekey.net
+www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net</code>
+=====DeepSeek=====
 <code>deepseek.com</code>