Overview
This report shows Compromised Systems event details, including infection type, start date, end date, and duration.
Generating this Report
- Open the Reports page in the SPM app.
- Locate the Compromised Systems card.
- Mouseover the card and select Create.
- Select a company from the list. You can use the available filters or the search field to quickly find a specific company.
- Select risk vectors or tags to include in the report.
- Select View to generate the report.
Once generated, you can edit, save, schedule, Quick Share, or download the report as a CSV.
Reading this Report
This report generates a table of event details for all Compromised Systems risk vectors. It contains the following columns:
The number of times the device attempted to communicate with a server that was not soliciting communication or hosting any useful services during a 24-hour period. Occasionally, this type of communication will occur if a user accidentally enters an incorrect address. In these cases, the number of scans is very low, typically one or two. The higher the number of scans, the more likely it is that the device is maliciously scanning the Internet to find devices with open ports that can be compromised.
Column Name | Description |
---|---|
Risk Type | The risk vector associated with the event. |
Infection | The infection detected in the event. |
IP address | The IP address where the event was observed (IPV4). |
Start Date | The date of the first observation. |
End Date | The date of the most recent observation. |
Days | The duration of the event. |
Email Subject | The subject line of the spam email. |
Spam Type | The method or tool used to send spam. |
Type | The malware type. |
Number of Scans | |
Detection Mechanism | The method used to detect this event. Learn more about data collection methods. |
GeoIP Location | Country where the IP address involved in this event resides. |
Trusted Proxy Address | The trusted proxy address where botnet communication traffic is redirected. |
Impacts Grade | Indicates whether the event impacts the risk vector grade. |
Searchable Details | Bitsight internal use. |
Tags | Tags assigne to the IP address associated with the event. |
Comments | A thread of comments about the event. |
Not all columns apply to all findings. For instance, the “Type” column will be empty for all findings for risk vectors except Malware Servers.
Feedback
0 comments
Please sign in to leave a comment.