Malware Content Pack

Even the most secure networks are prone to malware infections. This content pack helps you to track and respond quickly to address malware infections specific to your environment. Monitor and track known infections and malware-related events; build a logical workflow for reviewing malware events, including who is triggering these events, which threats are triggering these events, which resources are being compromised, and which corporate locations are being affected; and gain insight into trending malware infections in specific zones or geolocations.

Content Pack Components

Alarms

Focus on specific malware threats.

Malware – Conficker Activity
Malware – Stuxnet Activity
Malware – Shellshock Activity
Malware – ePO Malware Detection
Malware – ePO Recurring Malware Detected

Reports

Useful for providing regular summary data to interested parties.

Malware - Malware Analysis Report
Malware - Zone Analysis Report
Malware - Infected Host

Views

Evidence of higher than normal malware events may be cause for further investigation and other security assessments.

Infection Analysis
Malware Host and User Trending View
Malware Geolocation Trending View
Corporate Zone Trending View
Malware Investigation - ePO
Recurring Malware - ePO

Correlation Rules

Track malware events occurring on the network.

Malware - Botnet Activity
Malware - Increasing Number of Malware Events Occurring on Internal Hosts
Malware - Malware Activity on Local Host
Malware - Malware Sent from Internal Host
Malware - Virus Activity Across Multiple Systems
Malware - Botnet Detection
Malware - Rootkit Detection
Malware - ePO Malware Detected
Malware - ePO Recurring Malware Detected

Watchlists

Store the hostnames and IP addresses for infected resources.

Malware - Infected Hostname 1Hr
Malware - Infected Hostname 24Hr
Malware - Infected Source IP 24Hr

Required Products

McAfee Enterprise Security Manager (ESM) 11.x, 10.x
McAfee Advanced Correlation Engine (ACE) 11.x, 10.x
Some rules require McAfee ePolicy Orchestrator (ePO) to function properly

Content pack demo

Content packs are available directly inside the McAfee Enterprise Security Manager user interface. Watch the video to discover how to access your content pack and get started.

Watch Video

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article

Explore

Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?

Register

Soluzioni in evidenza

Esplora la nostra gamma

Obiettivi di sicurezza

Settori

Prodotti

Soluzioni in evidenza

Esplora la nostra gamma

Prodotti MVISION

Formazione e servizi

Ricerca minacce

Le nostre ricerche

Dashboard sul panorama delle minacce

Strumenti

Contattaci

Risorse

Download

Aiuto sui prodotti

Unisciti a noi

Esplora

La nostra azienda

Le nostre attività

Altre risorse

Lavora con noi

Collaborazioni