Detailed C&C Callback Information

Views:

Provides specific information about C&C callback events detected on your network

Table 1. Detailed C&C Callback Information Data View
Data	Description
Received	The date and time Apex Central received the data from the managed product
Generated	The date and time the managed product generated the data
Compromised Host	The IP address, host name, or email address that attempted a callback
Callback Address	The object from/to which a compromised host attempted a callback
C&C List Source	The C&C list source that identified the C&C server C&C IP List Global Intelligence List User-defined IP List Virtual Analyzer List
Network Groups	The monitored network groups as defined by the administrators of managed products, such as Deep Discovery Inspector
C&C Risk Level	The risk level Trend Micro assigns to the event: High: Known malicious or involved in high-severity connections Medium: IP address/domain/URL is unknown to reputation service Low: Reputation service indicates previous compromise or spam involvement
C&C Server Location	The region and country where the C&C server is located
First Monitored	The date and time the callback address was first detected by Trend Micro
Last Activity	The date and time the callback address was last contacted by a compromised host
Malware Families	The malware names associated with the callback address
Product	The name of the managed product or service Example: Apex One, ScanMail for Microsoft Exchange
Product Entity	The display name of the managed product server in Apex Central