Malware Monitoring

In the Reports Portal, select Repository > Standard Content > Foundation > Malware Monitoring.

Malware, or malicious software, represents all the variations of programs designed to damage computers, servers, clients, devices, applications, and networks.

To monitor unusual activity that affects hosts, use the following reports:

Dashboards	Reports
Attack and Suspicious Activity Overview Malware Overview Web Application Attacks	Reported Malware by Host Worm Infected Systems

Attacks and Suspicious Activity Overview

Displays an overall view of new threats and monitor your devices.

Charts:

• Suspicious Activity Relationship

• Attack/Target Matrix

• Events Table

• Top 5 Ports

• SSH Attacks- drilldown to SSH Attacks Overview Dashboard

• Web Attacks- drilldown to Web Attacks Overview Dashboard

Filters:

• Agent Severity

• Attack Technique

Malware Overview

Displays the number of malware events, malware detected in your environment, and the infected hosts.

Charts:

• Top Reported Malware

• Malware Distribution

• Infected Assets

• Outcome, Action, and Malware

• Events Table

Filters:

• Device Vendor and Product

• Login Outcome

• Severity

Web Application Attacks

Displays information from web-based attacks on your environment.

Charts:

• Type of Web Application Attack
• Targeted Host
• Attacker IPs
• Events Table

Filters:

• Device Vendor and Device Product

• Category Techniques

• Agent Severity

Reported Malware by Host

Lists the malware found on the specified hosts.

You must specify one host.

Worm Infected Systems

Lists the hosts infected by worms, and provides a chart that shows the malware by count found in your enterprise.