ThreatSync

Applies To: ThreatSync This topic applies to ThreatSync.

ThreatSync is a WatchGuard Cloud service that provides eXtended Detection and Response (XDR) technology for WatchGuard Network and Endpoint Security products. ThreatSync provides extended detection capabilities through the correlation of data from different WatchGuard security products that indicates the presence of threats.

Correlation of activities across domains monitored by different security products enables ThreatSync to detect and score malicious scenarios that could be indicators of compromise (IoCs), and present them as incidents in WatchGuard Cloud for Incident Responders to review and remediate. This reduces the Mean Time to Detect or Discover (MTTD) threats and the impact, severity, and scope of security incidents.

For information about how to get started with ThreatSync, go to:

• About ThreatSync
• Quick Start — Set Up ThreatSync
• ThreatSync Best Practices
• Configure ThreatSync Device Settings
• About ThreatSync Automation Policies
• Monitor ThreatSync Incidents
• Monitor ThreatSync Endpoints
• Review Incident Details
• Archive or Change the Status of Incidents
• Perform Actions on Incidents and Endpoints
• Configure ThreatSync Notification Rules