Use Command and Control Server Details page to view analysis information and a threat summary for the C&C server. The following information is displayed for each server.
Total Hits
Threat Summary (Threat level, Location, Category, Time last seen)
Ports and protocols used
You can filter this information by clicking on the time-frame links: 1 day, 1 week, 1 month, Custom (select your own time-frame). You can also expand the time-frame to separate events using the slider.
This is a list of hosts that have contacted the server. Table 33 shows the information provided in this section:
Table 33: Command & Control Server Contacted Host Data
Field | Definition |
|---|---|
Client Host | The name of the host in contact with the command and control server. |
Client IP Address | The IP address of the host in contact with the command and control server. (Click through to the Host Details page for this host IP.) |
C&C Threat Level | The threat level of the C&C server as determined by an analysis of actions and behaviors. |
Action | The action taken on the communication (permitted or blocked). |
Protocol | The protocol (TCP or UDP) the C&C server used to attempt communication. |
Port | The port the C&C server used to attempt communication. |
Device Name | The name of the device in contact with the command and control server. |
Date Seen | The date and time of the most recent C&C server hit. |
Username | The name of the host user in contact with the command and control server. |
This is a list of domains the destination IP addresses in the C&C server events resolved to.
This is a list of command and control indicators that were detected.
Policy Enforcer Dashboard Widgets
Policy Enforcer Dashboard Widgets
© 2018 Juniper Networks, Inc. All rights reserved