Applies To: WatchGuard CloudDR
On the Threats > Rules page, you can review a list of the threat rules used across your integrated cloud applications.
You can filter the rules list by:
- Severity
- Application
- Application
- Actions
- Risk
- Is Starred (favorite)
- Custom Rules
- Is Enabled
To search for a specific rule, enter the rule name in the Search Rule Name box.
Information in the list includes:
- Rule Name — The name of the threat rule and the related security domain. Point to the rule name for a detailed description.
- Organizations — The organizations where the threat was detected.
- Applications — The application where the threat was detected.
- Threats — The number and severity of the threats.
- Updated — The number of days since the threat was detected.
Rules Details Page
To view more detailed information about a rule, click the rule name.
The rules details page shows information about the rule, including:
On the Organizations page, you can review the organizations where the rule is enabled, as well as the affected applications and the number of issues detected.
On the Threats page, you can review a list of the threat actors and the affected cloud applications. The list includes this information:
- Actor
- Application
- Organization
- Events
- Created
- Status
To investigate a threat, click 
.
To report the threat, click 
and select Report Now.
To set a notification to act on the threat at a later time, click and select Set Due Date.
To dismiss the threat, click and select Dismiss Threat.
To view threat details for a specific actor, click the actor name. For more information, go to Threat Details Page by Actor.
Review a description of threat rule, the number of open issues, the severity, and the risk. You can also review the applications affected and the owner of the rule. The rule pass criteria shows as a Boolean equation.
Create a notification rule to receive an email message when a threat is detected.
This page shows the MITRE techniques and sub-techniques associated with the threat.
The Logs page shows the activity logs associated with the threat. The information on this page includes:
- Timestamp
- Activity description
Threat Details Page by Actor
When you click the actor name on the rules details page, the threat details page opens. On this page you can review detailed information about the threat, including the rule detail and threat evidence. You can also start an investigation and respond to the threat. Any actions taken show on the Logs page.
To copy the threat details to a shareable link, in the upper-right corner of the page, click 
. Copy the link to your clipboard so that it can be pasted in an email message.
To view the rule details that detected the threat, in the upper-right corner of the page, click and select View Rule Details. The Threat Rules details page open. For more information, go to Threat Rules in WatchGuard CloudDR.
Respond to a Threat
After you review the details and legitimacy of the actions, you can select to report the threat or dismiss it.
If you report the threat, it can be reported to the CloudDR administrator, the issue user, or another account.
A use case can group multiple threats into a single use case. For use cases, you can respond to the threats in the use case. You can enable or disable individual threats. For more information about use cases, go to Use Cases for Threats in WatchGuard CloudDR.