DossierTM is a threat research tool that provides contextual information from multiple sources simultaneously. Dossier empowers you to make accurate security decisions more quickly and with greater confidence. Programmatic (API) access is provided to enrich your SIEM or security tools. The Dossier Threat Research Portal enables you to make the best decisions when using the indicators provided by Dossier.
The Dossier Threat Research Portal dashboard provides the following tools and references:
- Dossier Search: Dossier search accepts the following input types: domains, hostnames, IPs, URLs, MD5, SHA1 and SHA256 hashes, and email addresses.
- Your Recent Searches: A list of your most recent searches. The list displays your past 10 searches.
- Insight: Displays timely and relevant information on your feeds and malicious attackers.
- Latest Reports from Infoblox Threat Research: Recent news from Infoblox Cyber Intel on threats that may potentially impact your network. Infoblox Cyber Intel news report can be downloaded as a PDF.
- Threat feeds with the most activity in your environment: A graphical representation of the threat feeds exhibiting the most activity.
- Resources: Access to Dossier’s online and downloadable resources. Dossier’s online and downloadable resources include:
- Dossier and TIDE Quick Start Guide
- Dossier User Guide
- Dossier API Calls Reference
- Dossier Source Descriptions
- Threat Classification Guide
- Breadcrumb Navigation: When performing a Dossier search, a series of visually-represented links, or breadcrumbs, representative of the path the researcher has taken during the investigation is created. The breadcrumb path can be used to review prior Dossier search returns without having to initiate a new search. The breadcrumb path is located on the top-left of the report page.
- Side Menu: Only reports listed on the side menu generating report data are highlighted, indicating that report data is available for that report. Reports not generating report data are grayed out, indicating that no data is available for that report. This saves time in your investigations by not having to review all reports but only reviewing the reports where data is available.
Dossier Threat Indicator Report
The Dossier™ threat indicator report is compiled from available information acquired from the threat indicator research tools. The Dossier threat indicator reports are generated when a search for a threat indicator is initiated and includes the following components, when and where available. You can choose what reports to view by clicking on their respective menu links on the left sidebar menu.
- Impacted Devices
- Current DNS
- Related Domains
- Related URLs
- Related IPs
- Related File Samples
- Related Contacts
- Threat Actor
- Mitre Att&ck
- WHOIS Record
- Raw Whois
Click here to return to the main Dossier Threat Indicator Report page.
This page has no comments.