Command and Control Server Details
Use Command and Control Server Details page to view analysis information and a threat summary for the C&C server. The following information is displayed for each server.
Threat Summary (Threat level, Location, Category, Time last seen)
Ports and protocols used
You can filter this information by clicking on the time-frame links: 1 day, 1 week, 1 month, Custom (select your own time-frame). You can also expand the time-frame to separate events using the slider.
Hosts That have Contacted This C&C Server
This is a list of hosts that have contacted the server. Table 1 shows the information provided in this section:
Table 1: Command & Control Server Contacted Host Data
The name of the host in contact with the command and control server.
Client IP Address
The IP address of the host in contact with the command and control server. (Click through to the Host Details page for this host IP.)
C&C Threat Level
The threat level of the C&C server as determined by an analysis of actions and behaviors.
The action taken on the communication (permitted or blocked).
The protocol (TCP or UDP) the C&C server used to attempt communication.
The port the C&C server used to attempt communication.
The name of the device in contact with the command and control server.
The date and time of the most recent C&C server hit.
The name of the host user in contact with the command and control server.
This is a list of domains the destination IP addresses in the C&C server events resolved to.
This is a list of command and control indicators that were detected.