The Malware Top Listing of Highly Suspicious Malware dashlet presents the top 10 most suspicious events in the Malware Analysis Events List or the Files List. This dashlet is available in the dashboard and in the Malware Analysis view. When a Malware Analyst first logs in to Security Analytics, by default the only visible dashlet dashboard is the What's New dashlet. The analyst must create any additional Malware Analysis dashlets.
The Malware Top Listing of Highly Suspicious Malware dashlet is configurable. You can create multiple copies of the dashlet, filter results, and configure the display of results as an Events List or a Files List.
To display this dashlet in the Security Analytics Dashboard or as part of a custom dashboard, click > Add Dashlet in the dashboard toolbar and select Malware Top Listing of Highly Suspicious Malware from the Type drop-down menu.
This is an example of the dashlet.
The features are the same as the features of the Malware Analysis Events List and Files List (see the Investigation and Malware Analysis Guide for details). To launch a Malware Analysis investigation of an item in the dashlet, double-click an event or file name in the grid.
The following table lists configurable values for this dashlet.
|Title||Identifies the name of the dashlet. Each dashlet needs a unique name, especially if you have more than one instance of the same dashlet. The name appears in the title bar of the dashlet.|
|Influenced by High Confidence Only||When checked, only events and files that were flagged as High Confidence (or likelihood) for containing Indicators of Compromise are displayed in the dashlet.|
|Static, Network, Community, Sandbox||Filters the results based on the scores for each scoring module. You can set the value as =, <=, or >=.|
|Service||Selects the service to be monitored.|
|Time (Relative)||Limits the time range of displayed results.|
|Result Limit||Sets the number of results to be displayed. Possible values in the drop-down list are 5, 10, 20, 30, or 40.|
|Show Events or Show Files||Specifies the form of the results, either Events List or Files List format.|