Contents

Advanced Malware (APT) Report

The Advanced Malware (APT) report shows a summary of the malware and malicious activity on your network that was detected by APT Blocker.

This report is available when log messages with data for this report exist in the specified time frame. To make sure that your Firebox sends log messages required to generate this report, follow the steps to Enable Logging for this Report.

How to Use this Report

This report can show you the top instances of malware downloaded by users on your network. Here are some ways to use this report:

  • Select the Recipient/Destination and Sender/Source pivots to identify the sender and recipient of malicious files and the connection source and destination.
  • Select the Protocols, MIME Type, and Malicious Activity pivots to identify the protocols and file types used to introduce malicious files to your network, and to see the malicious behaviors associated with those files.
  • Select the Activity Trend pivot to see malware activity over time.
  • Select the Content Name pivot to see the names of files identified as malicious by APT Blocker and to troubleshoot files that cause false positives. If you identify files that cause false positives, add them to the File Exceptions list.

View the Report

This report is available in WatchGuard Cloud and in Dimension.

Pivots

You can use pivots to change the view of the data on the report.

To switch to a different view, select a pivot from the drop-down list above the report.

This report includes these pivots:

Activity Trend

Summary report of the trend of malware detected by APT Blocker over time.

Content Name

Summary of the malware detected by APT Blocker, organized by content name. Includes allowed and denied hits.

Malicious Activity

Summary of the different types of malicious activity detected on your network by APT Blocker.

MIME Type

Summary of the MIME types used for malicious activity detected on your network by APT Blocker.

Protocol

Summary of the protocols used for malicious activity detected on your network by APT Blocker.

Recipient/Destination

Summary of the recipient names and destination addresses for malicious activity on your network.

Sender/Source

Summary of the sender names and source addresses for malicious activity on your network.

Threat ID

Summary of the malware detected by APT Blocker, organized by the Threat ID.

Threat Level

Summary of the threat levels assigned to malicious activity on your network.

Detail View

To view a detailed report of all malicious activity detected by APT Blocker, click the View Details link at the top of the report.

Screen shot of View Details link in a report

The Advanced Malware (APT) Detail report includes a row for each instance of malicious activity detected by APT Blocker:

Column Description
Disposition The action taken by the Firebox for this traffic, such as Stripped or Allowed.
Time Date and time that the event occurred.
Threat Level Severity of the threat (High, Medium, or Low).
Threat ID Identification number assigned to the threat.
Content Name Name of the file or content that included the threat.
Source IP address of the traffic source.
Destination IP address of the traffic destination.
Policy Name of the Firebox policy that examined the traffic.
Protocol Protocol used to send the traffic.
Host Host name used to send the traffic.
Sender For SMTP, POP3, or IMAP protocols, the email address that sent the email.
Recipient For SMTP, POP3, or IMAP protocols, the email address the email was sent to.
Hits Number of attempts.
More Information To see more detailed information (includes MD5 and Threat Level information), click Threat Details.

Enable Logging for this Report

To collect the data required for this report:

  • In the General Settings for all proxy actions that have APT Blocker enabled, select Enable logging for reports.
  • In all APT Blocker Actions, select the Log check boxes for threat levels you want to appear on the report. For more information, see Configure APT Blocker.

See Also

WatchGuard Cloud Device Reports List

Give Us Feedback  ●  Get Support  ●  All Product Documentation  ●   Technical Search