Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Threat Sources Overview

Access this page from the Monitor > ATP > Threat Sources menu.

The Threat Sources page lists information of servers that have attempted to contact and compromise hosts on your network. A threat source is a centralized computer that issues commands to botnets (compromised networks of computers) and receives reports back from them.

Benefits

  • Using C&C feeds adds another layer of protection to your network, preventing the creation of botnets from within your network. Botnets gather sensitive information, such as account numbers or credit card information, and participate in distributed denial-of-service (DDoS) attacks.

  • Using C&C feeds also prevents botnets from communicating with hosts within your network to gather information or launch an attack.

You can allowlist threat sources from the details page. See Threat Source Details.

Note:
  • At this time, C&C URL feeds are not supported with SSL forward proxy.

The following information is available on this page.

Table 1: Threat Source Data Fields

Field

Definition

External Server

The IP address or host name of the suspected threat source.

Blocked Via

Displays the custom feed name.

Highest Threat Level

The threat level of the threat source as determined by an analysis of actions and behaviors.

Count

The number of times hosts on the network have attempted to contact the threat server.

Country

The country where the threat source is located.

Last Seen

The date and time of the most recent threat source hit.

Protocol

The protocol of the threat source.

Action

The action taken on the communication (permitted, sinkhole, or blocked).

Category

Displays the DNS feed category. The available options are custom, global, and whitelist.

DNS Record Type

Displays the query type of the DNS request. The supported DNS query types are A, AAAA, MX, CNAME, SRV, SRV NoErr, TXT, ANY, and so on.

Report False Positive

Displays the status of report false positives.