Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Reports Overview

 

You can configure PDF threat assessment reports to be run on-demand or on scheduled intervals. While you cannot determine the information included in the report, you can narrow information to a selected timeframe.

The generated report will contain categories such as the following:

Table 1: PDF Report Contents

Report Category

Definition

Executive Summary

An overview report data separated into following categories:

  • Malware—Lists newly discovered malware and known malware.

  • C&C Server Destinations—Lists C&C server destination.

    Note: The criteria to display the C&C server destination in the reports is that the threat level must be equal to or greater than 7.

  • Hosts with Malicious Activities—Lists the following:

    • Infected hosts—Lists the number of potentially infected hosts whose threat level is less than the threshold threat level that is set by the customer.

    • Blocked hosts—Lists the number of infected hosts that have met the threshold threat level and is blocked by policies configured on the SRX Series device.

  • Domains and URLs—Lists the domains and URLs that are suspicious or known to be risky.

  • High-risk User Data—Lists the following:

    • Users’ computers infected with malware.

    • High-risk web sites accessed by users.

Malware

The malware section contains the following information:

  • Top Malware Identified—Lists the names of the top malware by count.

  • Top Infected File MIME Types—Lists the top infected multi-purpose Internet mail extensions (MIME) by count.

  • Top Scanned File Categories—Lists the top file categories that are scanned.

C&C Server and Malware Locations

This section contains the following information:

  • Top C&C Server Location by Count—Lists the top countries for command and control (C&C) servers by number of communication attempts (C&C hits).

  • Top Malware Threat Locations by Count—Lists the top countries with malware threats.

Hosts

This section contains the following information:.

  • Top Compromised Hosts—Lists the top hosts that may have been compromised based on their associated threat level.

Risky Files

This section contains the following information:

  • Top Risky File Categories by Count—Lists the top risky file categories by count for known and newly discovered malicious files.

  • Top Risky Files Detected by Count—Lists the top risky files detected by count.

  • Top IPs Detected Attempting to Access Risky Files by Count—Lists the top IP addresses attempting to access risky files.

  • Top Risky Files Detected by IPs—Lists the top risky files detected per top IP address attempting to access the files.

Risky Domains, URLS, AND IPs

This section contains the following information: top risky domains, URLs, and IP addresses detected by the number of times access was attempted. It also includes the top users who have attempted to access these risky domains, URLs, and IP addresses.

  • Top Detected Risky Domains, URLs, and IPs by Count—Lists the top risky domains, URLs, and IP addressess detected by the number of times access was attempted.

  • Most Active Users for Risky Domains, URLs, and IPs by Count—Lists the top users who are most active in attempting to access the risky domains, URLs, and IP addresses by count.

  • Top Detected Risky Domains, URLs, and IPs by Threat Level—Lists the top risky domains, URLs, and IP addressess detected by the threat level.

Email

This section contains the list of actions taken on scanned emails. It also includes email attachments determined to be malware and users who are risky email senders.

  • Actions Taken—Lists the action taken for scanned e-mail.

  • High-Risk Email Data—Lists the count of e-mail attachments with malware and risky senders.

  • Malicious SMTP Email by Count—The report breaks scanned e-mail down by protocol and lists SMTP e-mails found to be malicious.

  • Malicious IMAP Email by Count—The report breaks scanned e-mail down by protocol and lists IMAP e-mails found to be malicious.

  • Top Risky File Categories Detected for Email Attachments—Lists the top risky file categories that were detected from files received as e-mail attachments.

  • Top Risky Email Attachments Detected by Count—Lists the top risky files that are detected from email attachments.

  • Top Users Receiving Risky Email Attachments—Lists the top users who are receiving risky file attachments through e-mail.

  • Top Risky Email Attachments Detected per Top Users—Lists the top users and their most risky file attachments.

  • Top Risky Email Sender Domains by Count—Lists the top risky sender domains based on the threat level of file attachments sent in email.

  • Top Sender Domains of Risky File Attachments by Count—Lists the top sender domains with risky file attachments and the count of how many times the the risky file attachments that were detected.

  • Actions on SMTP Malicious Email by Count—Lists actions taken for malicious SMTP e-mails.

  • Actions on IMAP Malicious Email by Count—Lists actions taken for malicious IMAP e-mails.

Related Documentation