Command and Control Server Details
Use Command and Control Server Details page to view analysis information and a threat summary for the C&C server. The following information is displayed for each server.
Total Hits
Threat Summary (Threat level, Location, Category, Time last seen)
Ports and protocols used
You can filter this information by clicking on the time-frame links: 1 day, 1 week, 1 month, Custom (select your own time-frame). You can also expand the time-frame to separate events using the slider.
Hosts That have Contacted This C&C Server
This is a list of hosts that have contacted the server. Table 1 shows the information provided in this section:
Table 1: Command & Control Server Contacted Host Data
Field | Definition |
|---|---|
Client Host | The name of the host in contact with the command and control server. |
Client IP Address | The IP address of the host in contact with the command and control server. (Click through to the Host Details page for this host IP.) |
C&C Threat Level | The threat level of the C&C server as determined by an analysis of actions and behaviors. |
Action | The action taken on the communication (permitted or blocked). |
Protocol | The protocol (TCP or UDP) the C&C server used to attempt communication. |
Port | The port the C&C server used to attempt communication. |
Device Name | The name of the device in contact with the command and control server. |
Date Seen | The date and time of the most recent C&C server hit. |
Username | The name of the host user in contact with the command and control server. |
Associated Domains
This is a list of domains the destination IP addresses in the C&C server events resolved to.
Signatures
This is a list of command and control indicators that were detected.