Detected Indicators of Attack Status in Endpoint Manager

Applies To: WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

In Service Provider Endpoint Manager, on the Status page, you can see a list of the detected Indicators of Attack (IOA) for each client account, including the number of affected computers.

To filter the list of client accounts, in Service Provider Endpoint Manager:

  1. From the top navigation bar, select Status.
  2. From the left pane, select Indicators of Attack.
  3. Click Filters.

  1. From the Status drop-down list, select the status you want to filter the list for.
    For example, All, Pending, Archived
  2. To refine the results, select options from these drop-down lists:
    • Indicator of Attack — Select an option to filter the list for accounts with WatchGuard Endpoint Security that is up to date, out of date, or pending update.
    • Tactic — Select an option to filter the list for the MITRE tactic (the goal of a technique).
    • Last Detection — Select an option to filter the list for accounts that last detected an IOA (last 24 hours, last 7 days, or last month).
    • Risk — Select an option to filter the list of the risk level of the IOA (Critical, High, Medium, Low, Unknown).
    • Action — Select an option to filter the list for the action taken by WatchGuard Endpoint Security (Reported, Attack Blocked, All).
    • Technique — Select an option to filter the list for the MITRE technique (the method that an adversary uses to achieve a tactical objective).
  3. Click Filter.

Detected Indicators of Attack Table

The table displays detailed information about the detected and pending indicators of attack for each client account, including the number of affected computers and devices, and when the last detection was recorded.

The table includes this information:

Client

The name of the WatchGuard Cloud account.

Group

The name of the WatchGuard Cloud account group the account belongs to.

Computers

The total number of computers and devices with detected IOA.

Detected Indicators of Attack

The total number of IOA detected in the computers and devices in the client account.

Pending Indicators of Attack

The total number of unconfirmed IOA detected in the computers and devices in the client account.

Last Detection

The date and time when the last IOA was detected.

More information is available in the exported file. To export the table results, in the upper-right corner of the page, click .

See Also

About Service Provider Endpoint Manager

User and Session Activity in Endpoint Manager