Suspicious Connections Components



Global C&C IP List

The Global C&C IP list works in conjunction with the Network Content Inspection Engine (NCIE) to detect network connections with known C&C servers. NCIE detects C&C server contact through any network channel.

Apex One logs all connection information to servers in the Global C&C IP list for evaluation.

Relevance Rule Pattern

The Suspicious Connections service uses the Relevance Rule Pattern to detect unique malware family signatures located in the headers of network packets.