Applies To: WatchGuard CloudDR
CloudDR detects a wide range of security threats across supported cloud applications and provides built-in response actions to help security teams quickly mitigate risks. Each detected threat is mapped to:
- Supported applications such as Microsoft 365, Okta, Google Workspace, and Atlassian.
- Available response actions based on integration capabilities.
Depending on the integration, CloudDR can provide these response actions:
- Report the Threat
- Delete Actor's Account
- Disable Actor's Account
- Remove Privileged Access (Role Removal)
- Revoke All Active Sessions
Not all actions are supported across all integrations. Availability depends on API capabilities and permissions.
Threat Response Support by Integration
Review this table to determine which threats are supported for each cloud integration, and what actions can be taken immediately.
You can then prioritize threats where automated remediation actions are available (for example, Microsoft 365, Atlassian). For integrations with limited actions such as Okta and Google, you can use the Report the Threat action to trigger a manual investigation or external workflow.
| Response Actions | ||||
|---|---|---|---|---|
| Threat | Microsoft | Okta | Atlassian | |
| Account Recovery by an Admin |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
Report the Threat | Report the Threat |
Report the Threat Delete Actor's Account Disable Actor's Account |
| Activity from Unapproved Locations |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
Report the Threat | Report the Threat |
Report the Threat Delete Actor's Account Disable Actor's Account |
| Activity Outside Approved Locations |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
Report the Threat | Report the Threat |
Report the Threat Delete Actor's Account Disable Actor's Account |
| Admin API Key Created | None | Report the Threat | None |
Report the Threat Delete Actor's Account Disable Actor's Account |
| Admin Owned File Public Sharing |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | Report the Threat | None |
| Conditional Access Policy Modified |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | None | None |
| Conditional Access Policy Removed |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | None | None |
| Credential Stuffing |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
Report the Threat | None |
Report the Threat Delete Actor's Account Disable Actor's Account |
| Data Sharing Organization-wide Link Created |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | None | None |
| Domain Configuration Modified |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | None | None |
| File Sensitivity Label Modified |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | None | None |
| File Sensitivity Label Removed |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | None | None |
| Mailbox Delegated Permissions Added (By Admin) |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | None | None |
| Mass Data Deletion |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | Report the Threat | None |
| Mass Data Download |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | Report the Threat | None |
| Mass Data Public Share |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | Report the Threat | None |
| MFA Enforcement Disabled |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
Report the Threat | Report the Threat |
Report the Threat Delete Actor's Account Disable Actor's Account |
| New Conditional Access Policy Created |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | None | None |
| Privilege Granted |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
Report the Threat | Report the Threat |
Report the Threat Delete Actor's Account Disable Actor's Account |
| Privileged Account Credential Stuffing |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
Report the Threat | None |
Report the Threat Delete Actor's Account Disable Actor's Account |
| Public File Sharing |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | Report the Threat | None |
| Service Account Login |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
Report the Threat | Report the Threat |
Report the Threat Delete Actor's Account Disable Actor's Account |
| User Account Password Reset Flooding |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
Report the Threat | None |
Report the Threat Delete Actor's Account Disable Actor's Account |
| User Account Re-Activated |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
Report the Threat | Report the Threat |
Report the Threat Delete Actor's Account Disable Actor's Account |
| User Mail Forwarding Rule Added |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | Report the Threat | None |
| User Mailbox Delegation (By User) |
Report the Threat Delete Actor's Account Disable Actor's Account Remove Privileged Access (Role Removal) Revoke all Active Sessions |
None | None | None |
Use Cases for Threats in WatchGuard CloudDR