Threat Report

Where Checks evaluate for posture-related configurations, the Threat Report captures events that may constitute risk for the organization. We've categorized these events into three groups. Note that some events may overlap groups. Use the 'Preset Filters' section to navigate between groups, or click 'View All Threats' to see all threats in the 'Alarm' state.

Groups

We categorize events into three groups: Attacks, Anomalous Behavior, and Insights.

Viewing Individual Entries

For a given threat, we provide 7 attributes:

1. State: Alarm, Warning, or Clear

2. Name: ID of the threat

3. Warning threshold: Threshold in which Warning will trigger

4. Alarm threshold: Threshold where Alarm will trigger

5. Category: Type of threat

6. Count in warning: How many instances of the threat are in warning. If threats are in Warning, we recommend monitoring.

7. Count in alarm: How many instances of the threat are in alarm. If threats are in Alarm, we recommend immediate remediation.

Click into the Name of the threat to view each instance of the threat surfaced by DataDefender.

Click the checkmark next to each instance to view detailed information about the threat. Information provided include threat details, contextual details (if applicable), metadata, and user action history.

Threat Dismissal

There may be situations where you want to dismiss a threat from the Threat Report. We offer the ability to dismiss a threat. Users who dismiss threats are required to provide the category and state a reason for dismissal.

Current categories are

1. Expected

2. Remediated

3. False Positive

After a threat is dismissed, it can be accessed in the 'Filters' section of the Threat page. Setting 'Dismissed?' to 'Yes' only and clicking 'Filter' to apply will show only threats that have been dismissed. If you wish to undo that action, click 'Re-open' and we'll surface that instance as a threat again.