Applies To: ThreatSync+ NDR
This feature is only available to participants in the ThreatSync+ NDR Beta program.
The ThreatSync+ NDR Executive Summary report provides you with an overall threat score for your network and detailed metrics to help you understand your risk.
The metrics included in the report reflect the range of detection and response capabilities provided by ThreatSync+ NDR. The default overall threat score weighs these metrics evenly across three key areas of protection:
- Threat Detection
- Network Visibility
- Policy Assurance
To customize the Executive Summary report, you can configure these report settings:
Set Threat Score Calculation Weights
To control how ThreatSync+ NDR calculates the overall threat score, you can specify weighting factors for each key area of protection. You can also completely exclude an area if you do not want to measure your progress in that area.
Select Metrics to Include
To control which metrics show in the report, you can exclude specific metrics from any of the three areas of protection. Metrics you exclude do not appear in the report and are not included in the overall threat score.
Set Threat Score Calculation Weights
To set the threat score calculation weights:
- Log in to your WatchGuard Cloud account.
- Select Configure > ThreatSync+ NDR > Executive Summary Report.
The Executive Summary Report Settings page opens.
- In the Set Threat Score Calculation Weights section, enter your preferred values for Threat Detection, Network Visibility, and Policy Assurance weights.
- Click Save.
Threat Score Calculation Weights — Configuration Example
If you are not ready to enable some features of ThreatSync+ NDR, you can exclude related metrics from your overall threat score calculation so that you are only scoring yourself on the areas you are ready to work with.
In the example below:
- Threat Detection metrics contribute 75% to the overall threat score.
- Network Visibility metrics contribute 25% of the overall threat score.
- Policy Assurance metrics are not included in the overall threat score.
Policy Assurance metrics are displayed in the report, but not included in the overall threat score calculation. To remove policy metrics from the report, exclude them from the metrics to include in the Executive Summary report.
Select Metrics to Include
Some metrics might not be important or applicable to your network security policies. You can customize which metrics are included in your Executive Summary report and your overall score calculation.
To select metrics to include:
- Log in to your WatchGuard Cloud account.
- Select Configure > ThreatSync+ NDR > Executive Summary Report.
The Executive Summary Report Settings page opens. - In the Select Metrics to Include section, select or clear the check box next to each metric to include or exclude.
- Click Save.
Select Metrics to Include — Configuration Example
In this example, the High Risk Devices metric is excluded from the Network Visibility protection area.
If you exclude a metric in the Select Metrics to Include section, it does not change the weights in the Set Threat Score Calculation Weights section, unless you exclude all the metrics from the protection area.
For example, if the three areas of protection have equal weights (each with 33.33%) and you exclude the High Risk Devices metric, 33.33% of the overall score includes only the two other unexcluded Network Visibility metrics. In this example, the Unidentified Devices metric score consists of 1/2 of 33.33% of the overall score (16.67%).
Each Threat Detection metric consists of 1/3 of 33.33% of the overall score (11.11%) and the Policy Alerts metric, because it is the only metric in the Policy Assurance protection area, consists of 33.33% of the overall score.
When you exclude all metrics from a protection area, that area is not included in the report or the overall threat score.