You are here: Cookbook > Threat Prevention > Finding Malware Attacks via Advanced Threat Detection

Finding Malware Attacks via Advanced Threat Detection

This example shows how to use the Advanced Threat Detection to detect the malicious behavior and recognise the APT attacks, thus find malware earlier and stop the spread of its in internal network .

As shown in the topology, the device is deployed in the data center exit. After enable and configure the Advanced Threat Detection, when a internal host is infected by Trojan attacks, the administrator can find and solve this attack.

* To use Advanced Threat Detection, apply and install the StoneShield license.

Step 1: Enabling Advanced Threat Detection and capture packets to defend internal hosts

Select Network > Zone. Select "trust" zone, click Edit, and select the <Threat Protection>tab.

  • Advanced Threat Detection: Select the Enable check box .
  • Capture Packets: Select the check box , the system will save the evidence messages, and support to download it.
Step 2: Viewing the results of detection
Viewing the results from threat log

1. Select Monitor>Log>Threat, click +Filterto add the conditions.

  • Type: Malware
  • Detected By: Advanced Threat Detection
2. Tthe logs of Trojan attacks will be displayed.

Viewing the results from iCenter

1. Select iCenter>Threat, set up filters as follows:

  • Type: Malware
  • Detected By: Advanced Threat Detection

Viewing the detected time, severity, threat map .etc

2. Click the threat name link in the list, to view advanced threat detection information, malware reliability information etc.

3. Click View PCAP drop-down list and select View, to view the detail of packets.
4. Click View PCAP drop-down list and select Download, the data packets will be downloaded to local.
Step 3: Mark the threat status

In Detail dialog, click , and select the status of threat in the Admin Analysis dialog.

Resolved

When the threat entry status is Fixed , it will not participate in the 'Network Risk Index' score.