Access this page by clicking the Exernal Server IP from the Command and Control Servers page.
Use Command and Control Server Details page to view analysis information and a threat summary for the C&C server. The following information is displayed for each server.
You can filter this information by clicking on the time-frame links: 1 day, 1 week, 1 month, Custom (select your own time-frame). You can also expand the time-frame to separate events using the slider.
Hosts That have Contacted This C&C Server
This is a list of hosts that have contacted the server. The information provided in this section is as follows:
Table 26: Command & Control Server Contacted Host Data
Field | Definition |
|---|---|
Client Host | The name of the host in contact with the command and control server. |
Client IP Address | The IP address of the host in contact with the command and control server. (Click through to the Host Details page for this host IP.) |
C&C Threat Level | The threat level of the C&C server as determined by an analysis of actions and behaviors. |
Action | The action taken on the communication (permitted or blocked). |
Protocol | The protocol (TCP or UDP) the C&C server used to attempt communication. |
Port | The port the C&C server used to attempt communication. |
Device Name | The name of the device in contact with the command and control server. |
Date Seen | The date and time of the most recent C&C server hit. |
Username | The name of the host user in contact with the command and control server. |
Associated Domains
This is a list of domains the destination IP addresses in the C&C server events resolved to.
Signatures
This is a list of command and control indicators that were detected.
© 2017 Juniper Networks, Inc. All rights reserved