Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Command and Control Server Details

    Access this page by clicking the Exernal Server IP from the Command and Control Servers page.

    Use Command and Control Server Details page to view analysis information and a threat summary for the C&C server. The following information is displayed for each server.

    • Total Hits
    • Threat Summary (Threat level, Location, Category, Time last seen)
    • Ports and protocols used

    You can filter this information by clicking on the time-frame links: 1 day, 1 week, 1 month, Custom (select your own time-frame). You can also expand the time-frame to separate events using the slider.

    Hosts That have Contacted This C&C Server

    This is a list of hosts that have contacted the server. The information provided in this section is as follows:

    Table 1: Command & Control Server Contacted Host Data

    Field

    Definition

    Client Host

    The name of the host in contact with the command and control server.

    Client IP Address

    The IP address of the host in contact with the command and control server. (Click through to the Host Details page for this host IP.)

    C&C Threat Level

    The threat level of the C&C server as determined by an analysis of actions and behaviors.

    Action

    The action taken on the communication (permitted or blocked).

    Protocol

    The protocol (TCP or UDP) the C&C server used to attempt communication.

    Port

    The port the C&C server used to attempt communication.

    Device Name

    The name of the device in contact with the command and control server.

    Date Seen

    The date and time of the most recent C&C server hit.

    Username

    The name of the host user in contact with the command and control server.

    Associated Domains

    This is a list of domains the destination IP addresses in the C&C server events resolved to.

    Signatures

    This is a list of command and control indicators that were detected.

    Modified: 2017-08-08