Troubleshoot Incident Errors

Applies To: ThreatSync

Incident errors occur when ThreatSync could not perform a specified action, and include:

  • Device isolation failed
  • File deletion failed
  • Kill process failed
  • Block connections to access point failed
  • The malicious access point might be no longer active.
  • There are no available access points with a dedicated scanning radio to perform remediation actions on the malicious access point.
  • The malicious access point might use WPA3 security, WPA2 security with Protected Management Frames, or OWA security, or operate on a channel not in the current country of operation of your access points.

View Incident Error Details

On the Incidents page, incidents with remediation errors show with a red exclamation point icon. To view details of the error, point to the icon.

Screen shot of a Device Isolation Failed hover text error on the Incidents page

To troubleshoot an incident error:

  1. Select Monitor > Threats > Incidents.
    The Incidents page opens.
  2. Click the incident with an error.
    The Incident Details page opens.
  3. In the Threat Details section, review the error message.

Screen shot of a remediation blocking error on the Incident Details page

  1. To try to remediate the incident again, click an action.

Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have the ThreatSync Core permission to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.

Related Topics

Monitor ThreatSync

Review Incident Details in ThreatSync

Perform Actions in ThreatSync

Configure ThreatSync