Multi-Tenant Management — Detected Indicators of Attack

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product.

To access the multi-tenant management UI for endpoint security, your Service Provider account must have an active WatchGuard Endpoint Security license in its inventory.

On the Status page, Service Providers can see a list of the detected Indicators of Attack (IOA) for each client account, including the number of affected computers.

To filter the list of client accounts, from WatchGuard Cloud:

1. From Account Manager, select a Service Provider account.
   To select your own Service Provider account, select Overview. Or, select a tier-n Service Provider account.
2. Select Monitor > Endpoints.
3. On the Status page, select Indicators of Attack.
4. Click Filters.

5. From the Status drop-down list, select the status you want to filter the list for.
   For example, All, Pending, Archived
6. To refine the results:
   • Indicator of Attack — Select an option to filter the list for accounts with WatchGuard Endpoint Security that is up to date, out of date, or pending update.
   • Tactic — Select an option to filter the list for the MITRE tactic (the goal of a technique).
   • Last Detection — Select an option to filter the list for accounts that last detected an IOA (last 24 hours, last 7 days, or last month).
   • Risk — Select an option to filter the list of the risk level of the IOA (Critical, High, Medium, Low, Unknown).
   • Action — Select an option to filter the list for the action taken by WatchGuard Endpoint Security (Reported, Attack Blocked, All).
   • Technique — Select an option to filter the list for the MITRE technique (the method that an adversary uses to achieve a tactical objective).
7. Click Filter.

Detected Indicators of Attack Table

The table displays detailed information about the detected and pending indicators of attack for each client account, including the number of affected computers and devices, and when the last detection was recorded.

The table includes this information:

Client

The name of the WatchGuard Cloud account.

Group

The name of the WatchGuard Cloud account group the account belongs to.

Computers

The total number of computers and devices with detected IOA.

Detected Indicators of Attack

The total number of IOA detected in the computers and devices in the client account.

Pending Indicators of Attack

The total number of unconfirmed IOA detected in the computers and devices in the client account.

Last Detection

The date and time when the last IOA was detected.

More information is available in the exported file. To export the table results, in the upper-right corner of the page, click .

Related Topics

About Multi-Tenant Management in WatchGuard Endpoint Security

Multi-Tenant Management — Session and User Actions