The Summary page opens by default in the Monitor > Threats menu for both Service Providers and Subscribers. This page includes graphs, counters, a threat report, and incident data and provides a snapshot of incident activity for your account over a specified period of time.
By default, the Summary page shows ThreatSync incident data for the current date. To filter the incidents by date range, click and select from these time periods:
- Last 24 Hours
- Last 7 Days
- Last 14 Days
- This Month
- Last Month
Three tiles summarize threat information for the specified time period:
- Pending Incidents — A count of incidents with New or Read status that require remediation or investigation.
- Incidents Status — A count of incidents grouped by status: New, Read, or Archived.
- Incident Timeline — A chart that shows pending or archived incidents for the specified time period, plotted by risk score and date.
Click the title of a tile to open the Incidents page, filtered to show those incidents. For more information about incidents, go to Monitor ThreatSync Incidents.
The Pending Incidents tile shows an overview of incidents with New or Read status by risk level, for the specified time period.
Risk level is divided into these categories, based on the risk score:
- Critical — Scores of 9 or 10
- High — Scores of 7 or 8
- Medium — Scores of 4, 5, or 6
- Low — Scores of 1, 2, or 3
ThreatSync calculates the risk score for an incident based on an algorithm that correlates data from multiple WatchGuard products and services.
The different risk scores in each risk level indicate the relative severity of an incident and provide guidance to Incident Responders on which incidents they should prioritize for review. For example, if ThreatSync assigns one critical incident a risk score of 9 and another critical incident a risk score of 10, we recommend that you review the 10 first because it represents a higher risk.
The Incidents Status tile shows a summary of incidents with each status for the specified time period.
Incidents can have a status of New, Read, or Archived:
- New — New incidents not yet reviewed in the Incident Details page.
- Read — Incidents reviewed in the Incident Details page or manually marked as Read.
- Archived — Incidents archived by an automation policy or manually archived because an analyst determined that the threat is no longer a concern.
The Incident Timeline tile provides a history of pending or archived incidents for the specified time period, plotted by risk score and date.
Select the type of information to show in the tile:
- To view the incident timeline for incidents with New or Read status, select Pending.
- To view the incident timeline for incidents with Archived status, select Archived.
In the Incident Timeline:
- The y-axis shows the risk score. The x-axis shows the date.
- The size of each bubble reflects the number of incidents with a specific score for that day
- The color of each bubble corresponds to the color of the risk scores on the Incidents and Incident Details pages
To view the incident creation date, risk score, and count, point to a bubble on the Incident Timeline tile. The larger the size of the bubble, the greater the number of incidents for that risk level and date.
To view specific incidents on the Incidents page, click a bubble.
Download the Threats Summary Report
To download the Threats Summary PDF Report, click .
This report provides a summary of incident data metrics for the specified time period:
- Incident Status — Shows a pie chart of New, Read, and Archived incidents.
- Incident Risk — Shows pie charts of Low, Medium, High, and Critical risk levels for pending and archived incidents.
- Incident Timeline — Shows a timeline graph of pending and archived incidents plotted by risk level and date.
- Actions Performed — Shows a graph of actions performed on the incidents.
For information about how to view incident charts and download the Incident List report, go to Monitor ThreatSync Incidents.
For information about how to schedule ThreatSync reports, go to Schedule ThreatSync Reports in WatchGuard Cloud.