SA: Malware Malware with High Confidence IOCs and High Scores Dashlet

Document created by RSA Information Design and Development on Jun 22, 2017Last modified by RSA Information Design and Development on Aug 28, 2017
Version 2Show Document
  • View in full screen mode
  

The Malware Malware with High Confidence IOCs and High Scores dashlet presents the events that Malware Analysis detected with Indicators of Compromise, high likelihood of harboring malware, and high scores in the scoring modules. This dashlet is available in the Unified dashboard and in the Malware view. When a Malware Analyst first logs on to Security Analytics, by default the only visible dashlet in the Unified view is the What's New dashlet. The analyst must create any additional Malware dashlets.

The Malware Malware with High Confidence IOCs and High Scores dashlet is configurable. You can create multiple copies of the dashlet, filter results, and configure the display of results as an Events List or a Files List.

To display this dashlet in the Security Analytics Dashboard or as part of a custom dashboard, click ic-addList.PNG > Add Dashlet in the dashboard toolbar and select Malware Malware with High Confidence IOCs and High Scores from the Type drop-down menu.

This is an example of the Malware Malware with High Confidence IOCs and High Scores dashlet settings.

Mal_HighIOCsDashlet.png

This is an example of the Malware Malware with High Confidence IOCs and High Scores dashlet.

MaMaHIOCDlt.png

Features

The following table lists configurable values for this dashlet.

                                       
VariableDescription

Title

Identifies the name of the dashlet. Each dashlet needs a unique name, especially if you have more than one instance of the same dashlet. The name appears in the title bar of the dashlet.
Influenced by High Confidence OnlyWhen checked, only events and files that were flagged as High Confidence (or likelihood) for containing Indicators of Compromise are displayed in the dashlet.
Static, Network, Community, SandboxFilters the results based on the scores for each scoring module. You can set the value as =, <=, or >=.
Result LimitSets the number of results to be displayed. Possible values in the drop-down list are 5, 10, 20, 30, or 40.
ServiceSelects the service to be monitored.
Time (Relative)Limits the time range of displayed results.
Show Events or Show FilesSpecifies the form of the results, either Events List or Files List format.
You are here
Table of Contents > References > Malware Malware with High Confidence IOCs and High Scores Dashlet

Attachments

    Outcomes