ThreatSync Incident Summary

The Summary page opens by default in the Monitor > Threats menu for both Service Providers and Subscribers. This page includes graphs, counters, a threat report, and incident data and provides a snapshot of incident activity for your account over a specified period of time.

Screenshot of the ThreatSync Summary Page with PDF icon in WatchGuard Cloud

By default, the Summary page shows ThreatSync incident data for the current date. To filter the incidents by date range, click Screen shot of the calendar icon for the date picker and select from these time periods:

  • Today
  • Yesterday
  • Last 24 Hours
  • Last 7 Days
  • Last 14 Days
  • This Month
  • Last Month
  • Custom

Three tiles summarize threat information for the specified time period:

  • Pending Incidents — A count of incidents with New or Read status that require remediation or investigation.
  • Incidents Status — A count of incidents grouped by status: New, Read, or Archived.
  • Incident Timeline — A chart that shows pending or archived incidents for the specified time period, plotted by risk score and date.

Click the title of a tile to open the Incidents page, filtered to show those incidents. For more information about incidents, go to Monitor ThreatSync Incidents.

Pending Incidents

The Pending Incidents tile shows an overview of incidents with New or Read status by risk level, for the specified time period.

Screenshot of the Pending Incidents tile on the Summary page

Risk level is divided into these categories, based on the risk score:

  • Critical — Scores of 9 or 10
  • High — Scores of 7 or 8
  • Medium — Scores of 4, 5, or 6
  • Low — Scores of 1, 2, or 3

ThreatSync calculates the risk score for an incident based on an algorithm that correlates data from multiple WatchGuard products and services.

The different risk scores in each risk level indicate the relative severity of an incident and provide guidance to Incident Responders on which incidents they should prioritize for review. For example, if ThreatSync assigns one critical incident a risk score of 9 and another critical incident a risk score of 10, we recommend that you review the 10 first because it represents a higher risk.

Incidents Status

The Incidents Status tile shows a summary of incidents with each status for the specified time period.

Screen shot of the Incidents Status tile on the Summary page

Incidents can have a status of New, Read, or Archived:

  • New — New incidents not yet reviewed in the Incident Details page.
  • Read — Incidents reviewed in the Incident Details page or manually marked as Read.
  • Archived — Incidents archived by an automation policy or manually archived because an analyst determined that the threat is no longer a concern.

Incident Timeline

The Incident Timeline tile provides a history of pending or archived incidents for the specified time period, plotted by risk score and date.

Select the type of information to show in the tile:

  • To view the incident timeline for incidents with New or Read status, select Pending.
  • To view the incident timeline for incidents with Archived status, select Archived.

Screen shot of the Incident Timeline tile on the Summary page

In the Incident Timeline:

  • The y-axis shows the risk score. The x-axis shows the date.
  • The size of each bubble reflects the number of incidents with a specific score for that day
  • The color of each bubble corresponds to the color of the risk scores on the Incidents and Incident Details pages

To view the incident creation date, risk score, and count, point to a bubble on the Incident Timeline tile. The larger the size of the bubble, the greater the number of incidents for that risk level and date.

Screen shot of the bubble hover text that shows the creation date, risk, and count of an incident

To view specific incidents on the Incidents page, click a bubble.

Download the Threats Summary Report

To download the Threats Summary PDF Report, click Screenshot of the PDF icon on the ThreatSync Summary page.

This report provides a summary of incident data metrics for the specified time period:

  • Incident Status — Shows a pie chart of New, Read, and Archived incidents.
  • Incident Risk — Shows pie charts of Low, Medium, High, and Critical risk levels for pending and archived incidents.
  • Incident Timeline — Shows a timeline graph of pending and archived incidents plotted by risk level and date.
  • Actions Performed — Shows a graph of actions performed on the incidents.

For information about how to view incident charts and download the Incident List report, go to Monitor ThreatSync Incidents.

For information about how to schedule ThreatSync reports, go to Schedule ThreatSync Reports in WatchGuard Cloud.

Related Topics

Monitor ThreatSync

Monitor ThreatSync Incidents

Monitor ThreatSync Endpoints

Review Incident Details

Configure ThreatSync

About ThreatSync Automation Policies