Tim wants to check the status of malware infections in his organization using the orga- nization’s security information and event management (SIEM) device. What SIEM dash- board will tell him about whether there are more malware infections in the past few days than normal?

Tim should look at the trend information for malware detections to check to see if there are more infections being detected than during recent weeks. This can be a useful indicator of a change, due to a new malware technique or package; a successful attack that has resulted in staff members clicking malicious links or opening malicious emails; or other paths into the organization. Tim could then check with users whose systems reported the malware to see what had occurred. Alerts might show the infections but would not show the data over time as easily as trends. Sensors will show individual places data is gathered, and bandwidth dashboards can show useful information about which systems are using more or less bandwidth, but the trends dashboard remains the right place for Tim to look in this situation.