C&C Callback Events Widget

The C&C Callback Events widget displays all C&C callback event information including the target of the attack and the source callback address.

Administrators can choose to view C&C callback information from a specific C&C server list. To select the list source (Global Intelligence, Virtual Analyzer), click the edit icon () and select the list from the C&C list source drop-down.

View C&C callback data by selecting the following:

  • Compromised host: Displays the most recent C&C information per targeted endpoint

    Table 1. Compromised Host Information

    Column

    Description

    Compromised Host

    The name of the endpoint targeted by the C&C attack

    Callback Addresses

    The number of callback addresses that the endpoint attempted to contact

    Latest Callback Address

    The last callback address that the endpoint attempted to contact

    Callback Attempts

    The number of times the targeted endpoint attempted to contact the callback address

    Note: Click the hyperlink to open the C&C Callback Logs screen and view more detailed information.
  • Callback address: Displays the most recent C&C information per C&C callback address

    Table 2. C&C Address Information

    Column

    Description

    Callback Address

    The address of C&C callbacks originating from the network

    C&C Risk Level

    The risk level of the callback address determined by either the Global Intelligence or Virtual Analyzer list

    Compromised Hosts

    The number of endpoints that the callback address targeted

    Latest Compromised Host

    The name of the endpoint that last attempted to contact the C&C callback address

    Callbacks Attempts

    The number of attempted callbacks made to the address from the network

    Note: Click the hyperlink to open the C&C Callback Logs screen and view more detailed information.