Even the most secure networks are prone to malware infections. This content pack helps you to track and respond quickly to address malware infections specific to your environment. Monitor and track known infections and malware-related events; build a logical workflow for reviewing malware events, including who is triggering these events, which threats are triggering these events, which resources are being compromised, and which corporate locations are being affected; and gain insight into trending malware infections in specific zones or geolocations.
Content Pack Components
Alarms
Focus on specific malware threats.
- Malware – Conficker Activity
- Malware – Stuxnet Activity
- Malware – Shellshock Activity
- Malware – ePO Malware Detection
- Malware – ePO Recurring Malware Detected
Reports
Useful for providing regular summary data to interested parties.
- Malware - Malware Analysis Report
- Malware - Zone Analysis Report
- Malware - Infected Host
Views
Evidence of higher than normal malware events may be cause for further investigation and other security assessments.
- Infection Analysis
- Malware Host and User Trending View
- Malware Geolocation Trending View
- Corporate Zone Trending View
- Malware Investigation - ePO
- Recurring Malware - ePO
Correlation Rules
Track malware events occurring on the network.
- Malware - Botnet Activity
- Malware - Increasing Number of Malware Events Occurring on Internal Hosts
- Malware - Malware Activity on Local Host
- Malware - Malware Sent from Internal Host
- Malware - Virus Activity Across Multiple Systems
- Malware - Botnet Detection
- Malware - Rootkit Detection
- Malware - ePO Malware Detected
- Malware - ePO Recurring Malware Detected
Watchlists
Store the hostnames and IP addresses for infected resources.
- Malware - Infected Hostname 1Hr
- Malware - Infected Hostname 24Hr
- Malware - Infected Source IP 24Hr
Required Products
- McAfee Enterprise Security Manager (ESM) 11.x, 10.x
- McAfee Advanced Correlation Engine (ACE) 11.x, 10.x
- Some rules require McAfee ePolicy Orchestrator (ePO) to function properly
Download Content Pack
Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.
Read Article