C&C Callback Events Widget

The C&C Callback Events widget displays all C&C callback event information including the target of the attack and the source callback address.

Administrators can choose to view C&C callback information from a specific C&C server list. To select the list source (Global Intelligence, Virtual Analyzer), click the edit icon (

) and select the list from the C&C list source drop-down.

View C&C callback data by selecting the following:

Compromised host: Displays the most recent C&C information per targeted endpoint

Compromised Host Information

Column

Description

Compromised Host

The name of the endpoint targeted by the C&C attack

Callback Addresses

The number of callback addresses that the endpoint attempted to contact

Latest Callback Address

The last callback address that the endpoint attempted to contact

Callback Attempts

The number of times the targeted endpoint attempted to contact the callback address

Note

Click the hyperlink to open the C&C Callback Logs screen and view more detailed information.

Callback address: Displays the most recent C&C information per C&C callback address

C&C Address Information

Column

Description

Callback Address

The address of C&C callbacks originating from the network

C&C Risk Level

The risk level of the callback address determined by either the Global Intelligence or Virtual Analyzer list

Compromised Hosts

The number of endpoints that the callback address targeted

Latest Compromised Host

The name of the endpoint that last attempted to contact the C&C callback address

Callbacks Attempts

The number of attempted callbacks made to the address from the network

Note

Click the hyperlink to open the C&C Callback Logs screen and view more detailed information.

$('#title').html($('meta[name=description]').attr('content'));