This widget displays all C&C callback event information including the target of the attack and the source callback address.
You can choose to view C&C callback information from a specific C&C server list. To select the list source (Global Intelligence, Virtual Analyzer), click the edit icon (ds-sum-wid-tasks-edi.jpgcc-settings-icon.jpg) and select the list from the C&C list source drop-down.
Use the View by drop-down to select the type of C&C callback data that displays:
  • Compromised host: Displays the most recent C&C information per targeted endpoint

    Compromised Host Information

    Column
    Description
    Compromised Host
    The name of the endpoint targeted by the C&C attack
    Callback Addresses
    The number of callback addresses that the endpoint attempted to contact
    Latest Callback Address
    The last callback address that the endpoint attempted to contact
    Callback Attempts
    The number of times the targeted endpoint attempted to contact the callback address
    Note
    Note
    Click the hyperlink to open the C&C Callback Logs screen and view more detailed information.
  • Callback address: Displays the most recent C&C information per C&C callback address

    C&C Address Information

    Column
    Description
    Callback Address
    The address of C&C callbacks originating from the network
    C&C Risk Level
    The risk level of the callback address determined by either the Global Intelligence or Virtual Analyzer list
    Compromised Hosts
    The number of endpoints that the callback address targeted
    Latest Compromised Host
    The name of the endpoint that last attempted to contact the C&C callback address
    Callbacks Attempts
    The number of attempted callbacks made to the address from the network
    Note
    Note
    Click the hyperlink to open the C&C Callback Logs screen and view more detailed information.