This widget displays the number of C&C callback attempts based on compromised hosts or callback addresses. The widget can display data for only one information type at a time. Clicking the numbers in any table cells opens the C&C Callback Events screen, which contains the following callback summary data:
|
Data |
Description |
|---|---|
|
Compromised Host |
Affected host or email address |
|
Callback Address |
URL, IP address, or email address to which a compromised host attempts a callback |
|
C&C Server Location |
Region and country where the C&C server locates |
|
Callback Attempts |
Number of contacts made between callback addresses and compromised hosts |
|
Latest Callback Address/Compromised Host |
URL, IP address, or email address to which the last callback attempt was logged |
|
Callback Addresses/Compromised Hosts (with numbers displayed in the columns) |
Number of compromised hosts or callback addresses associated with the callback attempts |
|
Logged By |
Name of the managed product that logged the event |
To change the information that the widget displays, click 
> 
.
-
Use the Title field to modify the title for your C&C Callback Events widget.
- On the dialog box that appears, specify the Scope by
clicking
and selecting the parent servers that
the widget uses as its source. -
Use the C&C list source drop-down to specify C&C sources. The drop-down lists Global Intelligence, Virtual Analyzer, and User-defined C&C list sources.
-
Use the Items to display drop-down to select the number of items to display on the widget. The drop-down lists up to Top 50 items.
Click Save to apply changes and exit.