The Global Adversaries by Location map provides you with a country-by-country visual representation of the number of adversaries that have recently conducted targeted attacks. These numbers are calculated daily based on the information that acquired from Symantec's Dynamic Adversary Intelligence (DAI) feed. This feed contains Indicators of Compromise (IoCs) for the file and network traffic that are associated with targeted attacks and then correlated with your event data.
The circles on the map represent the country from where Symantec has determined that adversaries have coordinated their activities. The number alongside each circle represents the number of adversaries within that country. The size of the circle is based on the number of incidents that are detected from within that country relative to the number of incidents that are detected from other countries.
The circle is black if no correlations were found between the IoCs in the DAI feed and those in your environment.
The circle is red if one or more correlations were found between the IoCs in the DAI feed and those in your environment.
These circles do not imply that there is any government involvement in the attacks.
Hover over a circle to display the name of the country, the adversaries within that country which conducted a targeted attack, and the status as to whether your environment was affected by the attack. If your environment was not affected, the status is No attacks detected; if your environment was affected, the status lists the number of incidents detected.
Click on a circle to display the Adversary Intelligence Summary for each adversary within that country.