Security Incidents Dashboard

Applies To: WatchGuard Advanced Reporting Tool

The Security Incidents dashboard shows security status and the incidents detected on the network. It includes information to help you determine the source of threats and the impact on your organization.

Screen shot of Advanced Visualization Tool, ART > Security Incidents dashboard

The Security Incidents dashboard shows:

  • Malware, exploits, potentially unwanted programs (PUPs), and anomalous processes detected, and their execution status
  • Endpoints with the most infection attempts and detected malware

To open the Security Incidents dashboard, from the WatchGuard EPDR or WatchGuard EDR management UI:

  1. In WatchGuard Cloud, select Monitor > Endpoints.
  2. Select Status.
  3. From left pane, select Advanced Visualization Tool.
    A new browser tab opens.
  4. From the left pane, select Advanced Reporting > Security Incidents.
  5. Select a time period to filter the data on.

Screen shot of Advanced Visualization Tool date selector

  1. Click Refresh.
    The dashboard shows information for the time period selected.

There are two tabs in the Security Incidents dashboard:

Key Security Indicators

The Key Security Indicators tab provides an overview of malware activity on your network. This includes the types of malware, potentially unwanted programs (PUPs), and exploits detected, the endpoints affected, and whether the malware executed successfully.

These tiles are available on the Key Security indicators tab:

Alerts Summary (Daily and Weekly)

The Alerts Summary tiles use arrows and percentages to show the variation in the number of detected incidents compared to the previous day (daily) and previous week (weekly).

Screen shot of Advanced Visualization Tool, ART > Alerts Summary tile

Malware and PUPs — Show the incidents detected in processes run on user workstations and in their file systems. Both real-time scans and on-demand scans report these incidents.

Exploits — Shows the number of vulnerability exploit attacks against Windows computers on the network.

Malware, PUP, Exploit Execution Status

Shows the evolution of malware detected on the network. You can see the number of malware detections on all network computers, grouped by day of the month.

Screen shot of Advanced Visualization Tool, ART > Execution Status tiles

These tiles use color codes to indicate the days of the year when most malware detections occurred on the network. This enables you to identify days when your network had the most attacks and investigate the causes.

Calendar of Daily Malware Detections

Shows the evolution of detections of malware on the network. Shows the number of detections of malware on all network computers, grouped by day of the month.

Calendar of Daily Potential Unwanted Program (PUP) Detection

Shows the evolution of detections of Potential Unwanted Programs (PUP) on the network. Shows the number of detections of Potential Unwanted Programs (PUP) on all network computers, grouped by day of the month.

Calendar of Daily Exploit Detections

Shows the evolution of exploit-type threats found on the network. Shows the number of exploit detections on all computers on the network, grouped by day of the month.

Detailed Information

On the Detailed Information tab, you can see information about the endpoints involved in a security incident.

Screen shot of Advanced Visualization Tool, ART > Detailed Information tab

These sections are available on the Detailed Information tab. To open a section, click .

Endpoints Involved in Incidents

Use the information in this table to help you locate the network computers with the most threats detected, and their type.

Incidents on All Endpoints

This table shows a complete list of all endpoints infected over the selected period.

Malware Per Endpoint Hourly

This table shows the number of malware detections in the last hour on each network computer.

Malware in the Network Hourly

This table shows the number of malware detections in the last hour on the whole network.

Malware Executed in Different Endpoints  Hourly

This table shows the number of computers that executed a specific type of malware in the last hour.

Related Topics

About the Advanced Reporting Tool