Multi-Tenant Management — Detected Indicators of Attack

Applies To: Endpoint Security Elite This topic applies to Endpoint Security Elite., Endpoint Security 360 This topic applies to Endpoint Security 360., Endpoint Security Prime This topic applies to Endpoint Security Prime., WatchGuard EDR This topic applies to WatchGuard EDR., Endpoint Security Basic This topic applies to Endpoint Security Basic.

To open the multi-tenant management UI for endpoint security, your Service Provider account must have an active Endpoint Security product license in its inventory.

As a Service Provider, you can see a list of the detected Indicators of Attack (IOA) for each client account, including the number of affected computers on the Status page.

To filter the list of client accounts, from WatchGuard Cloud:

1. From Account Manager, select a Service Provider account.
   To select your own Service Provider account, select Overview. Or, select a tier-n Service Provider account.
2. Select Monitor > Endpoint Security.
3. On the Status page, select Indicators of Attack.
4. Click Filters.

5. From the Status drop-down list, select the status you want to filter the list for.
   For example, All, Pending, Archived
6. To refine the results:
   • Indicator of Attack — Select an option to filter the list for accounts with WatchGuard Endpoint Security that is up to date, out of date, or pending update.
   • Tactic — Select an option to filter the list for the MITRE tactic (the goal of a technique).
   • Last Detection — Select an option to filter the list for accounts that last detected an IOA (last 24 hours, last 7 days, or last month).
   • Risk — Select an option to filter the list of the risk level of the IOA (Critical, High, Medium, Low, Unknown).
   • Action — Select an option to filter the list for the action taken by WatchGuard Endpoint Security (Reported, Attack Blocked, All).
   • Technique — Select an option to filter the list for the MITRE technique (the method that an adversary uses to achieve a tactical objective).
7. Click Filter.

Detected Indicators of Attack Table

The table displays detailed information about the detected and pending indicators of attack for each client account, including the number of affected computers and devices, and when the last detection was recorded.

The table includes this information:

Client

The name of the WatchGuard Cloud account.

Group

The name of the WatchGuard Cloud account group the account belongs to.

Computers

The total number of computers and devices with detected IOA.

Detected Indicators of Attack

The total number of IOA detected in the computers and devices in the client account.

Pending Indicators of Attack

The total number of unconfirmed IOA detected in the computers and devices in the client account.

Last Detection

The date and time when the last IOA was detected.

More information is available in the exported file. To export table results, in the upper-right corner of the page, click .

Related Topics

About Multi-Tenant Management in Endpoint Security

Multi-Tenant Management — Session and User Actions