Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Weekly Report

            Introduction

            The Weekly Report collects metrics for every network, service, and device monitored by Field Effect during a week and tracks weekly trends over time. 


            Use these reports to detect early signs of vulnerabilities. As they are generated over time, you'll gain historical context that can help gauge the progress of your organization’s security posture. Reports can be viewed or downloaded from the Reports View.


            Table of contents


            Sample Weekly Report



            The Sections of the Weekly Report

            Overall Status

            At the top of the report, you can get a snapshot of your overall security posture. Any outstanding Action AROs will be highlighted as a reminder to follow up and resolve the issue(s).



            Cloud Monitoring

            Here you can see statistics on your cloud services, such as the number of newly created accounts for the week, and the number of total users being monitored for suspicious activity.



            Endpoint Monitoring

            This section shows the number of new, as well as active, endpoints Field Effect discovered on your network. 



            Email Security

            This section summarizes the most targeted email accounts in terms of unsuccessful authorization attempts and their locations. The percentage attributed to each email account represents their total percentage of all authorization attempts.


            In the example below, the account "Zachariah.O'Connell@balticauto.com" had 19 unsuccessful authorization attempts, representing 3% of all attempts.  And of these attempts, the top three locations they are coming from are the United States. India, and China; with the United States at the top spot, with 101 attempts representing 15% of all attempts.


            If your organization has SEAS enabled and actively submit emails to the service, high-level details including the number of emails submitted week over week, and the number of emails which were deemed suspicious or malicious, are shown in this section.



            DNS Firewall

            The DNS Firewall section presents details about requests and blocks with a week over week comparison. You can also follow the "See more detailed data from the DNS Firewall" link to access more granular details on the Field Effect MDR Portal. 



            Network Summary

            From the Network Summary section, you can view the amount of inbound and outbound traffic to occur with the week, as well as the domains that saw the most resolution, and the total percentage each domain represents.



            Security Events

            How many visit attempts to blacklisted domains occurred week over week? How many different sites are being beaconed to by devices on your network? These, along with Signature Evaluation and Connection Monitoring, are just some examples of the events Field Effect may alert on with an ARO. Every event from the week is aggregated into this view.



            Blacklisted Domains

            These events are based on dynamic lists of indicators, usually domain names and IP addresses, which are produced and shared by security researchers and professionals. False positive events in blacklist monitoring are extremely common which is why these events alone are rarely a sufficient indication of an issue. Instead, these events are combined with, and used to augment other analytics.


            Blacklisted Traffic

            These events are based on dynamic lists of indicators, usually domain names and IP addresses, which are produced and shared by security researchers and professionals. False positive events in blacklist monitoring are extremely common which is why these events alone are rarely sufficient indication of an issue. Instead, these events are combined with, and used to augment other analytics.


            New Beacons

            Beacons are periodic communications from your network to systems on the Internet. Beacons are commonly used by software to manage updates and maintain connections. Unfortunately, malware and other types of unwanted attack activity often use beacons as a method of command and control, and data exfiltration.


            New Scans

            Scanners are automated tools that seek to identify systems on the Internet and gather information about them. Most scanning activity is benign; however, it is also a common precursor to an attack. Field Effect leverages advanced analytic profiling techniques to identify and alert on suspicious scans that could indicate a potential threat as well as those of Internet researchers and security firms.


            The Security Intelligence Feed

            To enrich the report with news and general cyber security topics, the report includes a link to our Security Intelligence Feed. Here you will find our thoughts, analyses, and best practices surrounding the latest news and events in cyber security.



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0