Views:
This widget displays the number of C&C callback attempts based on compromised hosts or callback addresses. The widget can display data for only one information type at a time. Clicking the numbers in any table cells opens the C&C Callback Events screen, which contains the following callback summary data:
Data
Description
Compromised Host
Affected host or email address
Callback Address
URL, IP address, or email address to which a compromised host attempts a callback
C&C Server Location
Region and country where the C&C server locates
Callback Attempts
Number of contacts made between callback addresses and compromised hosts
Latest Callback Address/Compromised Host
URL, IP address, or email address to which the last callback attempt was logged
Callback Addresses/Compromised Hosts (with numbers displayed in the columns)
Number of compromised hosts or callback addresses associated with the callback attempts
Logged By
Name of the managed product that logged the event
Click the settings icon (dashboard_more_options=GUID-0753A496-E78E-4747-8B59-445D96BFB5BE=1=en-us=Low.jpgdashboard_settings_icon=GUID-E62B9169-23CF-4C89-83A8-0A4D0F7E46B9=1=en-us=Low.jpg) to edit the following:
  • Title: Modify the title of the C&C Callback Events widget.
  • Scope: Click w_scope=GUID-D4EAF8B9-EAFF-46C3-94FC-CA65467035B5=1=en-us=Low.png and select the parent servers that the widget uses as the source.
  • C&C list source: Select Global Intelligence, Virtual Analyzer, or User-defined as the C&C list sources.
  • Items to display: Select the number of items to display on the widget.
Click Save to apply changes and exit.