Hosts that Accessed Malicious Sites (Prevented Attacks)
Description
In the main Cyber Attack View, in the Prevented Attacks section, double-click Hosts that Accessed Malicious Sites.
The drill-down view summarizes access attempts to malicious sites from the internal network.
To see the applicable logs (the next drill-down level), double-click on a value.
Available Widgets
Widgets available in the drill-down view:
|
Widget |
Type |
Description |
|---|---|---|
|
Hosts that Accessed Malicious Sites |
Infographic |
Shows the number of internal hosts that accessed malicious websites. |
|
Top 10 Protection Types |
Chart |
Shows the number of events reported by web attack protections for the detected malware families (based on Check Point ThreatWiki and Check Point Research). Different colors show different malware families. |
|
Top 15 Hosts |
Chart |
Shows the internal hosts that accessed malicious websites. The chart is ordered by the number of connections from each host. Shows:
Different colors show different malware families. |
|
Top Malicious Sites |
Table |
Shows the information about malicious websites. Shows:
|
|
Timeline Showing Access to Malicious Sites |
Timeline |
Shows the detected malware families and their timeline. The timeline is divided into protection types. Different colors show different malware families. |
Widget Query
In addition to the Default Query, the widget runs this query:
|
|
|
|
Best Practices
Best practices against malicious sites:
-
Examine the Top 15 Hosts to determine if these hosts are at risk and if you need to clean and reconfigure them.
-
Examine the Top 10 Protection Types to understand if the websites your internal hosts accessed are compromised.