Overview
This wide-format report displays forensic details for the Compromised Systems and User Behavior events at a selected company. It includes malware C&C IP addresses and torrent hashes. You can use this data to document your company footprint, track malware and botnets, and determine where to assign resources.
Generating this Report
- Open the Reports page in the SPM app.
- Locate the Forensics card.
- Mouseover the card and select Create.
- Select a company from the list. You can use the available filters or the search field to quickly find a specific company.
- Select View to generate the report.
Once generated, you can edit, save, schedule, Quick Share, or download the report as a CSV.
Reading this Report
This report generates a table of different Compromised Systems and User Behavior events. For each event, it includes details like the risk type, the infection detected, an associated IP address, the date it was detected, and the GeoIP location. Selecting a column header sorts the table by that data type.
Column Name | Description |
---|---|
Risk Type | The name of the associated risk vector. |
Infection | The name of the potentially unwanted program (PUP) or potentially unwanted application (PUA). |
IP address | The IP address where the event was observed. |
Event Date | The date the event was observed. |
GeoIP Location | The geographical location where the involved IP address resides. |
Source Port | The port identified as the source of traffic from a compromised device. |
Destination Port | The port identified as the destination of traffic coming from the affected device. |
C&C IP | The destination IP address. |
Observation Count | The number of times the potentially exploited system was observed during a 24-hour period, between midnight UTC one day and midnight UTC the next day. |
Detection Mechanism | The method used to detect the event. |
Protocol | The network protocol used in the event. |
First Seen | The date of the first observation. |
Last Seen | The date of the most recent observation. |
Representative Event Timestamp | The UTC time when the matching IP was observed in the torrent’s Distributed Hash Table (DHT). |
Affects Grade | Whether or not the event affects a risk vector grade. |
Unmasked C&C IP | The unmasked C&C IP address associated with the event. |
Tags | Tags associated with the event. |
August 15, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.