Mark an Indicator of Attack as Pending

Applies To: WatchGuard EPDR, WatchGuard EDR

When you have not analyzed or resolved the pattern of the IOA, you can mark the IOA as pending further review. You can also change an archived IOA to pending.

To mark an IOA as pending, from the Indicators of Attack (IOA) list:

  1. Click the options menu in a row.
  2. Select Mark IOA as Pending.
    If you already marked the IOA as pending, this option is not available. You can select Archive IOA.

To mark an IOA as pending, from the attack details page:

  1. To open the details for an IOA, in the Indicators of Attack (IOA) list, click a computer row.

  1. In the upper notification section of the page, next to the Detection Date, click Mark IOA as Pending.

See Also

Indicator of Attack Details

Archive an Indicator of Attack