Detailed C&C Callback Information | Trend Micro Service Central

Views:

Provides specific information about detected C&C callback events from the network.

Table 1. Detailed C&C Callback Information Data View
Data	Description
Received	The date and time Apex Central received the data from the managed product
Generated	Displays the time that the managed product generates data.
Compromised Host	IP address, host name, or email address that attempted a callback
Callback Address	The object from/to which a compromised host attempted a callback
C&C List Source	The source of the list containing C&C addresses Global Intelligence (Trend Micro Global Intelligence network, including Smart Protection Network) Analyzers (Virtual Analyzer and Network Content Inspection Engine) in managed products User-defined C&C list configured in Apex Central and in the managed product, such as Deep Discovery Inspector
Network Groups	Monitored network groups as defined by the administrators of managed products, such as Deep Discovery Inspector
C&C Risk Level	High: Known malicious or involved in high-severity connections Medium: IP address/domain/URL is unknown to reputation service Low: Reputation service indicates previous compromise or spam involvement
C&C Server Location	Region and country where the C&C server is located
First Monitored	Date and time the callback address was first detected by Trend Micro
Last Activity	Date and time the callback address was last contacted by a compromised host
Malware Families	Malware names associated with the callback address
Product	Displays the name of the managed product. Example: Apex One, ScanMail for Microsoft Exchange
Product Entity	Displays the entity display name for a managed product. Apex Central identifies managed products using the managed product's entity display name.