Even the most secure networks are prone to malware infections. This content pack helps you to track and respond quickly to address malware infections specific to your environment. Monitor and track known infections and malware-related events; build a logical workflow for reviewing malware events, including who is triggering these events, which threats are triggering these events, which resources are being compromised, and which corporate locations are being affected; and gain insight into trending malware infections in specific zones or geolocations.

Content Pack Components

Alarms

Focus on specific malware threats.

  • Malware – Conficker Activity
  • Malware – Stuxnet Activity
  • Malware – Shellshock Activity
  • Malware – ePO Malware Detection
  • Malware – ePO Recurring Malware Detected

Reports

Useful for providing regular summary data to interested parties.

  • Malware - Malware Analysis Report
  • Malware - Zone Analysis Report
  • Malware - Infected Host

Views

Evidence of higher than normal malware events may be cause for further investigation and other security assessments.

  • Infection Analysis
  • Malware Host and User Trending View
  • Malware Geolocation Trending View
  • Corporate Zone Trending View
  • Malware Investigation - ePO
  • Recurring Malware - ePO

Correlation Rules

Track malware events occurring on the network.

  • Malware - Botnet Activity
  • Malware - Increasing Number of Malware Events Occurring on Internal Hosts
  • Malware - Malware Activity on Local Host
  • Malware - Malware Sent from Internal Host
  • Malware - Virus Activity Across Multiple Systems
  • Malware - Botnet Detection
  • Malware - Rootkit Detection
  • Malware - ePO Malware Detected
  • Malware - ePO Recurring Malware Detected

Watchlists

Store the hostnames and IP addresses for infected resources.

  • Malware - Infected Hostname 1Hr
  • Malware - Infected Hostname 24Hr
  • Malware - Infected Source IP 24Hr

Required Products

  • McAfee Enterprise Security Manager (ESM) 11.x, 10.x
  • McAfee Advanced Correlation Engine (ACE) 11.x, 10.x
  • Some rules require McAfee ePolicy Orchestrator (ePO) to function properly

Content pack demo

Content packs are available directly inside the McAfee Enterprise Security Manager user interface. Watch the video to discover how to access your content pack and get started.

Watch Video

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article

Explore

Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?

Register