Review MDR Connection Service Status

Applies To: WatchGuard Core MDR, WatchGuard Core MDR for Microsoft, WatchGuard Total MDR

The Service Status page in the Managed Services portal shows a real-time overview of connected endpoints, network devices, cloud services, and AuthPoint users managed by WatchGuard MDR.

Screen shot of Service Status dashboard in Managed Services portal

To view the Service Status dashboard, from WatchGuard Cloud:

  1. Select Monitor > Managed Services.
    The Managed Services portal opens in a new browser tab.
  2. Select Connections > Service Status.
    The Service Status page opens.

To export data from the Service Status page to a .CSV file, in the upper-right corner, click Export All Data.

Endpoint

The Endpoint tile shows the total number of active endpoints (computers, servers, and mobile devices) that are managed by WatchGuard MDR. This includes endpoints that run WatchGuard Endpoint Security or Microsoft Defender.

Screen shot of Endpoint tile on Service Status page, Managed Services portal

A circle shows in the tile to indicate the overall connection status of the endpoints:

  • Green — Indicates that the WatchGuard MDR pipeline is actively ingesting endpoint events.
  • Red — Indicates that the WatchGuard MDR pipeline is not ingesting any endpoint events.
  • Gray — Indicates that the connection from WatchGuard MDR to your endpoints is not configured.

The tile shows this information:

  • Events — The number of times that WatchGuard MDR received traffic data from endpoints in the last year.
  • Investigations — The number of investigations opened by WatchGuard MDR for endpoints in the last year.

The graph shows the number of active endpoints each day for the last 30 days.

To open the list of endpoints for an operating system, click the icon. The Endpoints page opens and shows a list of connected endpoints for the operating system you selected. For more information, go to Review MDR Endpoints.

Network

The Network tile shows the total number network devices that are connected and have sent data. This includes data for WatchGuard Fireboxes and ThreatSync+ NDR sent from ThreatSync.

Screen shot of Network tile on Service Status page, Managed Services portal

A circle shows in the tile to indicate the overall connection status of network devices and traffic monitored by ThreatSync and ThreatSync+ NDR.

To view a list of network devices, click Network Device List.
The Network Device List dialog box opens.

The Network Device list shows only unique IP addresses. If you configured multiple network devices with the same public IP address, WatchGuard MDR processes the events for all those devices but the IP address appears only once in the list.

Each IP address in the list shows a circle that indicates the connection status of the device associated with that IP address:

  • Green — Indicates that WatchGuard MDR received traffic for the IP address.
  • Red — Indicates that WatchGuard MDR did not receive traffic for the device with the IP address in the last 12 hours.
  • Gray — Indicates that there is no connection from WatchGuard MDR to the device with the IP address.

The tile shows this information:

  • Last Seen — When WatchGuard MDR received the last incident for a network device.
  • Investigations — The number of investigations opened by WatchGuard MDR for the network devices in the last year.

Cloud

The Cloud tile shows the overall and individual connection status of integrated cloud services in your environment. Depending on your license and connected services, this might include Microsoft 365, AWS CloudTrail, and Google Workspace.

Screen shot of Cloud tile on Service Status page, Managed Services portal

A circle shows in the cloud service tile to indicate the connection status of the service:

  • Green — Indicates that WatchGuard MDR is connected to the cloud service and receiving data.
  • Red — Indicates that WatchGuard MDR is not connected to the cloud service.
  • Gray — Indicates that there is no integration configured with the cloud service.

The tile shows this information:

  • Last Seen — When the last event was received for the cloud service.
  • Events — The number of events received for the cloud service in the last year.
  • Investigations — The number of investigations opened by WatchGuard MDR for the cloud service in the last year.

To view a list of accounts for each connected cloud service, in the cloud service tile, click the Accounts link.

Screen shot of the AWS accounts list dialog box

Identity

The Identity tile shows the number of users that authenticate with AuthPoint.

Screen shot of Identity tile on Service Status page, Managed Services portal

A circle shows in the tile to indicate the overall status of the connection to AuthPoint:

  • Green — Indicates that WatchGuard MDR is connected to at least one user account that authenticates with AuthPoint.
  • Gray — Indicates that there are no connections to user accounts that authenticate with AuthPoint.

The tile shows this information:

  • Last Updated — When the last event was received for an AuthPoint user in the Managed Services portal.
  • Investigations — The number of investigations opened by WatchGuard MDR for AuthPoint users in the last year.

Related Topics

Review MDR Detections

Review MDR Investigations