Focus

AutoFocus™ Administrator’s Guide

Threat Summary Report Overview

Table of Contents

Threat Summary Report Overview

The threat summary report is a rundown of artifacts that AutoFocus and WildFire associate with malware. You can find the threat summary report in the Reports section of the AutoFocus portal. When you View Threat Summary Report Details for the first time, the report for your support account displays with a default time range of 7 days and the industry you selected when you initially set up your AutoFocus support account.

Report Section	Description
Executive Summary	The Executive Summary consists of the following highlights: Malware Applications—The unique number of applications through which malware was delivered. (Application is the App-ID™ matched to the type of application traffic detected in a session.) Total Malware Sessions—The total number of sessions in which WildFire detected a sample with a verdict of malware. Tagged Malware Sessions—Out of the total malware sessions, the percentage of sessions linked to samples that received at least 1 tag. Tagged Malware Samples—The number of malware samples that received at least 1 tag.
Malware Session Percentage By Day	This chart provides: A daily count of sessions associated with malware for devices in your support account. The percentage of malware sessions out of the total number of sessions for devices in your support account. The percentage of malware sessions out of the total number of sessions for all AutoFocus users in an industry. A comparison of the average percentage of malware sessions seen with your account and the average percentage of malware sessions for the industry.
Samples Summary	This chart provides: The number of samples grouped by WildFire verdict (malware, grayware, and benign). The number of tagged malware samples versus untagged malware samples. The percentage of malware samples. The percentage of tagged malware samples.
Top Firewalls	The top 10 firewalls where WildFire detected the most number of malware sessions.
Top Upload Sources	The top 10 upload sources that submitted your samples to WildFire.
Top Filetypes Per Application	The number of malware sessions for the top 5 most frequently used applications for distributing malware. For each application, the malware sessions are broken down by filetype.
Top Applications	The 10 applications that distributed the most malware samples. If there are applications in this list that have no legitimate business purpose in your organization, you may want to create a rule on your firewall blocking these applications.
Bottom Applications	The 10 applications that distributed the least malware samples.
Top Filetypes	The 10 filetypes most frequently associated with malware samples.
Bottom Filetypes	The 10 filetypes least frequently associated with malware samples
Top Malware Family Tags	The top 10 Unit 42 and private Malware Family tags that AutoFocus matched to your samples.
Top Campaign Tags	The top 10 Unit 42 and private Campaign tags that AutoFocus matched to your samples.
Top Malicious Behavior Tags	The top 10 Unit 42 and private Malicious Behavior tags that AutoFocus matched to your samples.
Threats by Source Country	A map of countries from which malware sessions originated (refer to list of Countries and Country Codes). The report highlights the country that sent the most number of malware sessions.
Threats by Destination Country	A map of countries that malware sessions targeted (refer to list of Countries and Country Codes). The report highlights the country that received the most number of malware sessions.

Use the Threat Summary Report to Observe Malware Trends

View Threat Summary Report Details