SA: Malware Top Listing of Possible Zero Day Malware Dashlet

Document created by RSA Information Design and Development on Jul 21, 2016Last modified by RSA Information Design and Development on Jul 24, 2016
Version 2Show Document
  • View in full screen mode
 

The Top Listing of Possible Zero Day Malware dashlet presents the top 10 events indicative of a possible zero day attack in the Malware Analysis Events List or the Files List. This dashlet is available in the dashboard and in the Malware view. When a Malware Analyst first logs in to Security Analytics, by default the only visible dashlet in the view is the What's New dashlet. The analyst must create any additional Malware dashlets.

The Top Listing of Possible Zero Day Malware dashlet is configurable. You can create multiple copies of the dashlet, filter results, and configure the display of results as an Events List or a Files List. From this dashlet, you can launch an Malware Analysis investigation of an event directly by double-clicking the event; you do not have to go to the Investigation > Malware view to begin.

To display this dashlet in the Security Analytics dashboard or as part of a custom dashboard, click ic-addList.PNG > Add Dashlet in the dashboard toolbar and select Malware Top Listing of Possible Zero Day Malware from the Type drop-down menu.

This is an example of the dashlet settings configured to display the Events List.

MalwareZeroDayDashlet.png

This is an example of the dashlet. The features in the dashlet are the same as those on the Malware Analysis Events List or the Files List.

MaTopLstPos0Dlt.png

Features

The following table lists configurable values for this dashlet.

                                       
VariableDescription
TitleIdentifies the name of the dashlet. Each dashlet needs a unique name, especially if you have more than one instance of the same dashlet. The name appears in the title bar of the dashlet.
Influenced by High Confidence OnlyWhen checked, only events and files that were flagged as High Confidence (or likelihood) for containing Indicators of Compromise are displayed in the dashlet.
Static, Network, Community, SandboxFilters the results based on the scores for each scoring module. You can set the value as =, <=, or >=. The operator for the community filter is less than or equal to the applied slider value by default. The operator for the other filters is greater than or equal to by default.
ServiceSelects the service to be monitored.
Time (Relative)Limits the time range of displayed results.
Result LimitSets the number of results to be displayed. Possible values in the drop-down list are 5, 10, 20, 30, or 40.
Show Events or Show FilesSpecifies the form of the results, either Events List or Files List format.
You are here: References > Malware Top Listing of Possible Zero Day Malware Dashlet

Attachments

    Outcomes