Security Incidents Overview

The Security Incidents Overview page provides a dashboard of all your client accounts. The dashboard indicates the number of computers and devices (including Windows, Mac, Android, and Linux devices) in the client account, and indicates any specific security incidents on devices that have WatchGuard endpoint security products installed.

Select a specific client account to view statistics and manage the devices in the account.

Click a specific threat count indicator to view the information in a report. For more details, see the Reports section in Manage Clients.

You can filter the data based on these time periods:

  • Last 24 hours
  • Last 7 days
  • Last month

The Security Incidents overview page shows these columns:

  • Client — Shows the name of the client account. You can click the client name to see more detailed information about the client and the devices in the account. For more information, see Manage Clients.
  • WatchGuard Computers — Indicates the number of computers and devices in the client account.
  • The first number indicates the number of computers and devices in the client account that have WatchGuard endpoint security products installed.
  • The second number in brackets indicates the total number of computers and devices that are registered in ConnectWise. This includes both devices with WatchGuard endpoint security products installed and devices that do not have endpoint security installed.

The number of devices reported by ConnectWise and WatchGuard might differ because of their different discovery processes.

  • Auto Deploy — Indicates if the client account is configured to automatically deploy WatchGuard endpoint security products on computers in the account. You can configure this option on the Associate Clients page. For more information see Map ConnectWise Automate Clients and WatchGuard Cloud Accounts.
  • Malware — Indicates the number of incidents of malware on devices in the client account. Malware is software intended to damage the contents of a computer or allow unauthorized access.
  • PUPs — Indicates the number of incidents of potentially unwanted programs (PUPs) on devices in the client account. PUPs can include unwanted programs installed by the end user or tools used by hackers to gain access to target computers.
  • Programs Blocked — Indicates the number of incidents of blocked programs on devices in the client account.
  • Phishing — Indicates the number of phishing incidents on devices in the client account. Phishing is a technique to obtain confidential information, such as user names and passwords or financial information from end users.
  • Intrusion attempts blocked — Indicates the number of intrusion attempts that were blocked on devices in the client account.
  • Devices blocked — Indicates the number of devices that were blocked in the client account. A device is blocked after an end user tries to use a restricted device.
  • Malware URLs blocked — Indicates the number of malware URLs that were blocked on devices in the client account. Malware URLs are web addresses of pages that contain malware.
  • Exploits — Indicates the number of incidents of exploit attacks that compromised or tried to compromise trusted programs on computers.
  • Indicators of Attack (IOA) — Indicates the number of confirmed incidents that are highly likely to be an attack.