Hosts that Downloaded Malicious Files (Attacks Allowed By Policy)
Description
In the main Cyber Attack View, in the Attacks Allowed By Policy section, double-click Hosts that Downloaded Malicious Files.
|
|
Note - Select the report period in the top left corner of this view. For example, Last 7 Days, This Month, and so on. |
This drill-down view shows a summary of attacks that used malicious files.
This drill-down view shows all the malicious files caught by Check Point Threat Prevention's multi-layer protections.
Drill-Down View
This is an obfuscated example of the drill-down view:
To see the applicable logs (the next drill-down level), double-click on a value.
Available Widgets
Widgets available in the drill-down view:
|
Widget |
Type |
Description |
|---|---|---|
|
Malicious Downloaded Files |
Infographic |
Shows:
|
|
Malware Families |
Chart |
Shows the top downloaded malware families (based on Check Point ThreatWiki and Check Point Research). Different colors show different families. |
|
Top Users that Downloaded Malicious Files |
Chart |
Shows hosts that downloaded the largest number of malicious files. The chart is sorted by the number of downloaded malicious files. |
|
Top Downloaded Malicious Files |
Chart |
Shows the number of downloads for the top malicious files. The chart is sorted by the number of appearances of downloaded malicious files. |
|
Detected Malicious Files |
Table |
Shows the downloaded malicious files. Shows:
|
|
Timeline of Downloaded Malicious Files (Top 10 Protections) |
Timeline |
Shows the number of logs for downloaded malicious files. Different colors show different files. |
Widget Query
In addition to the Default Query, the widget runs this query:
|
|
Best Practices
Best practices against malicious files:
-
In the Attacks Allowed By Policy section, click Hosts that Downloaded Malicious Files.
-
In the Malicious Downloaded Files widget, double-click the Hosts Were Detected Downloading Malicious Files infographic.
-
Locate events from the IPS
Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. only. -
Examine the IPS protections currently configured in Detect mode and decide if you can change them to Prevent mode.
To configure IPS protections in SmartConsole
Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.: From the left navigation panel, click Security Policies Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection.> click the Threat Prevention section > at the bottom, click IPS Protections > edit the applicable IPS protection > install the Threat Prevention Policy.
-
-
In the Threat Prevention logs from the Security Gateway
Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources., examine the Description field (see Log Fields) to see if the Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV. Software Blade work is in the Background or Hold mode.In addition, read sk74120: Why Anti-Bot and Anti-Virus connections may be allowed even in Prevent mode.