Botnets/Trojan horses/Worms Top N

Prerequisites

The function of detecting Botnets, Trojan horses, and worms is enabled.

Function

Botnets/Trojan horses/Worms Top N ranks top N Botnets, Trojan horses, and worms by name, source IP address, or destination IP address.

Parameter

**Table 1** Query parameters of Botnets/Trojan horses/Worms Top N
Parameter	Description
NE	Select an NE from the drop-down list. Total Cleaning and Total Detecting are described as follows: Total (Cleaning): Indicates that Botnets/Trojan horses/Worms attack counts on all cleaning devices is queried. Total (Detecting): If two or more detecting devices in a defense group work in Load Redundancy mode, the maximum Botnets/Trojan horses/Worms attack counts in the defense group is queried and the sum of Botnets/Trojan horses/Worms attack counts among defense groups is queried. If two or more detecting devices in each defense group work in Load Balancing mode, the sum of Botnets/Trojan horses/Worms attack counts within each defense group and among defense groups is queried.
Zone	Click , select a Zone on the Zone page that is displayed, and then click OK.
Type	Selects the Botnet/Trojan horse/worm type.
Ranking Mode	Selects the ranking mode. Botnets, Trojan horses, and worms can be ranked by name, source IP address, and destination IP address.
Time	Click to select the start time and end time of statistics. Or you can change the time values in corresponding text boxes. The end time should be later than the start time and the interval cannot be longer than one year. If the query interval is longer than or equal to seven days and shorter than one year, statistics are collected daily. If the query interval is longer than or equal to one day and shorter than seven days, statistics are collected hourly. If the query interval is shorter than one day, statistics are collected every five minutes.
Top N	Enter the value of N.

Example

If the NE is set to Total (Cleaning) and type to worm, the Botnets/Trojan horses/Worms top N within a period of time is displayed in Figure 1.

Figure 1 Botnets/Trojan horses/Worms Top N

Procedure

Choose Report > Report > Botnets/Trojan horses/Worms Analysis.
Click the Botnets/Trojan horses/Worms Top N tab.
Set query parameters.
Click Search.
Top N Botnets/Trojan horses/worms that meet search conditions are displayed.
Optional: Open or save the query results as files, or send queried reports to the specified email address.
- Click to open or save the query results as PDF files. A maximum of 10,000 entries can be displayed.
- Click to open or save the query results as EXCEL files. A maximum of 10,000 entries can be displayed.
- Click to enter a recipient mail address and select an attachment format. Then click OK.