Troubleshoot Indicator of Attack Detections

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product.,WatchGuard EDR Core This topic applies to the WatchGuard EDR Core endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product.

WatchGuard Threat Hunting Services help detect Indicators of Attack (IOA). IOAs are confirmed events that are highly likely to be attacks; however, false positives can occur.

For more information about IOAs and how to manage them, go to:

• Indicators of Attack (IOAs)
• Indicators of Attack Dashboard
• Indicator of Attack Details

If you want to report a specific IOA detection as a false positive, before you contact WatchGuard Support, complete these steps to collect information for your Support case:

• Provide a description of the issue.
• Use the PSInfo tool to gather support-related information.
• Enable Support Access to your WatchGuard Cloud account.