C&C Callback Events Widget

This widget displays the number of C&C callback attempts based on compromised hosts or callback addresses. The widget can display data for only one information type at a time. Clicking the numbers in any table cells opens the C&C Callback Events screen, which contains the following callback summary data:



Compromised Host

Affected host or email address

Callback Address

URL, IP address, or email address to which a compromised host attempts a callback

C&C Server Location

Region and country where the C&C server locates

Callback Attempts

Number of contacts made between callback addresses and compromised hosts

Latest Callback Address/Compromised Host

URL, IP address, or email address to which the last callback attempt was logged

Callback Addresses/Compromised Hosts (with numbers displayed in the columns)

Number of compromised hosts or callback addresses associated with the callback attempts

Logged By

Name of the managed product that logged the event

To change the information that the widget displays, click > .

  • Use the Title field to modify the title for your C&C Callback Events widget.

  • On the dialog box that appears, specify the Scope by clicking and selecting the parent servers that the widget uses as its source.
  • Use the C&C list source drop-down to specify C&C sources. The drop-down lists Global Intelligence, Virtual Analyzer, and User-defined C&C list sources.

  • Use the Items to display drop-down to select the number of items to display on the widget. The drop-down lists up to Top 50 items.

Click Save to apply changes and exit.