Malware Content Pack

Overview

Even the most secure networks are prone to malware infections. This content pack helps you to track and respond quickly to address malware infections specific to your environment. Monitor and track known infections and malware-related events; build a logical workflow for reviewing malware events, including who is triggering these events, which threats are triggering these events, which resources are being compromised, and which corporate locations are being affected; and gain insight into trending malware infections in specific zones or geolocations.

Content Pack Components

Alarms

Focus on specific malware threats.

  • Malware – Conficker Activity
  • Malware – Stuxnet Activity
  • Malware – Shellshock Activity
  • Malware – ePO Malware Detection
  • Malware – ePO Recurring Malware Detected
Reports

Useful for providing regular summary data to interested parties.

  • Malware - Malware Analysis Report
  • Malware - Zone Analysis Report
  • Malware - Infected Host
Views

Evidence of higher than normal malware events may be cause for further investigation and other security assessments.

  • Infection Analysis
  • Malware Host and User Trending View
  • Malware Geolocation Trending View
  • Corporate Zone Trending View
  • Malware Investigation - ePO
  • Recurring Malware - ePO
Correlation Rules

Track malware events occurring on the network.

  • Malware - Botnet Activity
  • Malware - Increasing Number of Malware Events Occurring on Internal Hosts
  • Malware - Malware Activity on Local Host
  • Malware - Malware Sent from Internal Host
  • Malware - Virus Activity Across Multiple Systems
  • Malware - Botnet Detection
  • Malware - Rootkit Detection
  • Malware - ePO Malware Detected
  • Malware - ePO Recurring Malware Detected
Watchlists

Store the hostnames and IP addresses for infected resources.

  • Malware - Infected Hostname 1Hr
  • Malware - Infected Hostname 24Hr
  • Malware - Infected Source IP 24Hr

Required Products

  • McAfee Enterprise Security Manager (ESM) 10.0.x, 9.6.x, 9.5.x
  • McAfee Advanced Correlation Engine (ACE) 10.0.x, 9.6.x, 9.5.x
  • Some rules require McAfee ePolicy Orchestrator (ePO) in order to function properly.

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article

Explore

Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?

Register for Free Trial