Product and Support News

Oct
20

New in TDR 5.9.0: User-Based ThreatSync Services

Profile picture for user rarroyo
Categories:

We are excited to announce that Threat Detection and Response has a new feature to try – user-based ThreatSync services.

Have you ever stared at your ThreatSync dashboard and wondered who continues to download and run that malicious file? You might find the file in the home directory of the user, but we all know that is not always the case. Now, you can take out the guesswork with user-based ThreatSync services!

User-Based ThreatSync Services

In TDR 5.9.0, new user pages display user information attributed to each file or process detected by the Host Sensor.

This feature includes these pages:

ThreatSync > Users – This new page displays a combined score for a user, based on the indicators attributed to that user. Only users with a threat score are displayed on this page.

  • Color-coded logged in indicator icons display the current status of users logged in to a computer with a Host Sensor installed.
  • The Indicators table displays all indicators attributed to that user.
  • The Hosts table displays a list of endpoint devices that the user is logged in to.

Devices/Users > Users  – This new page displays all users detected by ThreatSync and their login status.

  • Color-coded logged in indicator icons display the current status of users logged in to a computer with a Host Sensor installed.
  • The Hosts table displays a list of endpoint devices that the user is logged in to.

ThreatSync > Indicators  – This feature now includes a new User column to enable you to easily sort and filter indicators.

This feature is open to early access. If you would like to use this feature, in the TDR web UI, go to Settings > General and click Beta Tester. Please provide any feedback through a support case.

We are excited about this new feature and look forward to your feedback.

Thank you.

TDR Product Team

 

Browse by Category


 

EMAIL UPDATES

Sign up to get the latest product news, updates, and support alerts from WatchGuard.

Subscribe

 

Resources


Beta Program

Resource Center

End of Life Info

Product Certifications

Product & Support News

Secplicity

"The 443" Podcast

 

Keep in Touch


  Subscribe by Email

  Subscribe by RSS

   Facebook

  LinkedIn

  Twitter

  YouTube