I am planning to build one report which tells me what type of malware [ ransomware, Trojan horses, e.t.c, ] was blocked and country from which attack happened.
is there any predefined report for that or can anyone tell me how to build one?
I created one for WannaCry and Petya
1. Querirs -> Events -> Threat Events -> Labels are: Threat Naem
2. Columns you can choose what you need
In this example I used this query to detect WannaCry,
You can also create queries for ExtraDat compliancy etc