====== BloxOne Monitoring =====

Category filter list is [[https://docs.infoblox.com/display/BloxOneThreatDefense/Configuring+Filters|here]].

When searching under Reports > Security Activity, you can use filters

<code>category!="Malicious Downloads"</code>
<code>category!="Malicious Downloads" and category!="Shareware/Freeware"</code>

You can search by end point client IP
<code>device_name=10.100.10.10</code>

You can search for who has queried a specific domain
<code>query= mydomain.info</code>

You can use 
  * =
  * !=
  * NOT

<code>( device_ip=192.168.1.1 ) AND ( query=infoblox.com ) AND (query!=support.infoblox.com)</code>


Under DNS Activity
<code>(query_type!=A)</code>
  * A
  * AAAA
  * HTTPS
  * CNAME
  * PTR
  * SVBC