{"id":1394,"date":"2018-07-12T21:43:23","date_gmt":"2018-07-12T21:43:23","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=1394"},"modified":"2020-05-06T10:27:04","modified_gmt":"2020-05-06T17:27:04","slug":"top-security-report-2-malicious-activity-by-client","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/community\/top-security-report-2-malicious-activity-by-client\/","title":{"rendered":"Top Security Report #2: Malicious Activity by Client"},"content":{"rendered":"

This blog discusses the report #2 in a series of seven top security reports that can help you defend against bad actors.<\/p>\n

Here are the previous parts:\u00a0part 1<\/a>, part 2<\/a>,\u00a0part 3<\/a>,\u00a0part 4<\/a>,\u00a0part 5<\/a>,\u00a0part 6<\/a><\/p>\n

Malicious Activity by Client<\/h2>\n

Our top #2 report drives data protection and malware mitigation by showing which clients have the most malicious activity on the network based on threat intel RPZ rules defined through Active Trust.\u00a0Network\u00a0admins<\/em><\/strong>\u00a0need to know which clients are engaged in network service-impacting behavior, so they can monitor and block them if needed.\u00a0\u00a0Security admins<\/em><\/strong>\u00a0use this report to discover which devices are infected with malware and are leveraging the DNS attack vector so that they can take pre-emptive action.\u00a0 A common security use case occurs when a device is known to have been compromised in the past, so this report is used to determine which real-time and historical malicious activities are linked to the device.\u00a0 It\u2019s especially helpful to see how far back a device has been infected to identify the related impact and take corrective action.<\/p>\n\n\n\n\n\n\n\n\n\n
Top Report #2: Malicious Activity by Client<\/strong><\/td>\n<\/tr>\n
Service Area<\/strong><\/td>\nData Protection & Malware Mitigation<\/td>\n<\/tr>\n
Purpose<\/strong><\/td>\nShows clients with the most malicious network activities<\/td>\n<\/tr>\n
Primary User<\/strong><\/td>\nNetwork & Security Admins<\/td>\n<\/tr>\n
Importance<\/strong><\/td>\nIdentifies which clients are performing malicious activities within a given timeframe & which clients require corrective action<\/td>\n<\/tr>\n
Use Case<\/strong><\/td>\nEnables Security admins to investigate compromised devices to determine which malicious real-time and historical activities are linked to it<\/td>\n<\/tr>\n
Available<\/strong><\/td>\nOut-of-the-box & requires Active Trust\/Active Trust Cloud (AT\/ATC)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

This report is found under the security dashboard and requires Active Trust\/Active Trust Cloud.\u00a0 Filters include time, top Number of clients, top Number of domains, hit count and data views by bar chart, table or combined.\u00a0 By selecting the client ID, admins can drill down to see the number of hits, domains impacted and the last active date\/time stamp for deeper forensic insights.\u00a0 Admins can often also identify the malware based on the domains associated with the client, so there is a lot of intel and insights available through the Malicious Activity by Client report.<\/p>\n

\"Top<\/p>\n

Here are the seven (7) security reports that can give you an edge over the bad actors.<\/p>\n