TDR Reporting

You can run Threat Detection and Response reports that show a summary of the infections and remediations for hosts on your network. Each report is generated as a PDF file that you can download. All Threat Detection and Response user roles can generate reports.

There are three report types:

Executive Summary

The Executive Summary Report includes high-level and summary information for the reporting period and includes details such as endpoint hosts deployment and coverage, infected hosts, unresolved indicators that should be remediated, hosts that have been remediated, details on the types of actions that have been executed (automated and manual), and network activity. Well-managed and clean networks will have endpoint host sensors as widely deployed as possible, and all host indicators remediated as soon as possible, which lowers the opportunity for an adversary to take control and operate in the network.

Infection Activity

The Infection Activity Report includes summary and detailed information for the reporting period on hosts that have been newly or currently infected. This reports shows the malware detected with the WatchGuard platform that evaded other security controls in the enterprise, which includes anti-virus, secure web gateways, secure email gateways, perimeter devices, and more. If you run this report from current time, you get information about the active infection status of the enterprise as detected by WatchGuard. If full automated response policies are enabled, this report can be very limited or have no data when generated for the current time period.

Remediations Activity

The Remediation Activity Report includes summary and detailed information for the reporting period on hosts that have been remediated, details on the types of actions that have been executed (automated and manual), and detailed malware information. This reports shows the malware detected and remediated with the WatchGuard platform that evaded other security controls in the enterprise, which includes anti-virus, secure web gateways, secure email gateways, perimeter devices, and more.

You can generate on-demand reports, and you can also schedule reports. For more information, see:

• Generate TDR On-Demand Reports
• Schedule TDR Reports

You can also create and export charts from the Indicators page. For more information, see Manage TDR Indicators.

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Technical Search

© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.