This widget displays the number of C&C callback attempts based on compromised hosts or callback addresses. The widget can display data for only one information type at a time. Clicking the numbers in any table cells opens the C&C Callback Events screen, which contains the following callback summary data:
|
Data |
Description |
|---|---|
|
Compromised Host |
Affected host or email address |
|
Callback Address |
URL, IP address, or email address to which a compromised host attempts a callback |
|
C&C Server Location |
Region and country where the C&C server locates |
|
Callback Attempts |
Number of contacts made between callback addresses and compromised hosts |
|
Latest Callback Address/Compromised Host |
URL, IP address, or email address to which the last callback attempt was logged |
|
Callback Addresses/Compromised Hosts (with numbers displayed in the columns) |
Number of compromised hosts or callback addresses associated with the callback attempts |
|
Logged By |
Name of the managed product that logged the event |
Click the settings icon (
> 
) to edit the following:
-
Title: Modify the title of the C&C Callback Events widget.
-
Scope: Click
and
select the parent servers that the widget uses as the source. -
C&C list source: Select Global Intelligence, Virtual Analyzer, or User-defined as the C&C list sources.
-
Items to display: Select the number of items to display on the widget.
Click Save to apply changes and exit.