infoblox_threat_defense:monitoring
BloxOne Monitoring
Category filter list is here.
When searching under Reports > Security Activity, you can use filters
category!="Malicious Downloads"
category!="Malicious Downloads" and category!="Shareware/Freeware"
You can search by end point client IP
device_name=10.100.10.10
You can search for who has queried a specific domain
query= mydomain.info
You can use
- =
- !=
- NOT
( device_ip=192.168.1.1 ) AND ( query=infoblox.com ) AND (query!=support.infoblox.com)
Under DNS Activity
(query_type!=A)
- A
- AAAA
- HTTPS
- CNAME
- PTR
- SVBC
infoblox_threat_defense/monitoring.txt · Last modified: by bstafford