Manage Clients with the Endpoint Security Plug-In in ConnectWise Automate
When you select a specific client from the Clients section, you can perform these actions:
- View a report of security incidents
- View WatchGuard Endpoint Security product license information
- Show devices that do not have WatchGuard Endpoint Security products installed
- Install WatchGuard Endpoint Security products on a device
- Perform actions such as assign security configurations, perform file scans, and isolate devices
Before You Begin
Before you can manage your clients, you must configure the WatchGuard Endpoint Security plug-in and associate your ConnectWise Automate client accounts and WatchGuard Cloud managed accounts.
- If you have not yet configured the plug-in, go to Configure the WatchGuard Endpoint Security Plug-in.
- To associate your ConnectWise Automate clients with WatchGuard Cloud accounts, go to Map ConnectWise Automate Clients and WatchGuard Cloud Accounts.
Manage Clients
To manage your clients, in the Clients section, select a specific client.
The WatchGuard Client name and WatchGuard Cloud ID appear at the top of the page.
The Licenses section shows the total number of WatchGuard Endpoint Security product licenses, the number of licenses available, and the number of licenses in use.
Click to refresh the data shown on the page.
You can filter the data based on these time periods:
- Last 24 hours
- Last 7 days
- Last month
Overview
The Overview tab shows statistics for all computers and devices in the selected client account.
Threats Detected
This section shows the number of security incidents detected for each threat category:
- Programs Blocked — Specific programs blocked by the administrator
- Phishing — A technique to obtain confidential information, such as user names and passwords or financial information from end users
- Intrusion attempts blocked — Malformed network traffic designed to cause unwanted system behavior on the targeted computer
- Blocked devices — An attempt by a user to use a restricted device
- Malware URLs blocked — Web addresses of pages that contain malware
- Exploits — Exploit attacks that compromised or tried to compromise trusted programs on computers
- Indicators of Attack (IOA) — Confirmed events that are highly likely to be an attack. The WatchGuard Security team reviews events received from endpoints to confirm they match a specified attack hypothesis.
Malware Activity
Shows the number of malware incidents, the number of computers on which they occurred, the number of malware programs run, the number of incidents where data was accessed, and the number of incidents that involved external communications.
PUP Activity
Shows the number of PUP (Potentially Unwanted Program) incidents, the number of computers on which they occurred, the number of programs run, the number of incidents where data was accessed, and the number of incidents that involved external communications.
Managed Computers
The Managed Computers tab shows all devices in the selected client account that have WatchGuard Endpoint Security products installed.
The Manage Computers tab shows this data:
- Computer — The name of the device.
- IP Address — The IP address of the device.
- Operating System — The detected operating system of the device.
- Advanced Protection — The status of Advanced Protection on the device.
- Enabled
- Disabled
- Antivirus — The status of antivirus protection on the device.
- Installing
- Error
- Enabled
- Disabled
- No License
- Updated Protection — The status of the protection module and whether the device requires an update.
- Updated
- Not updated (7 days since the last update)
- Pending restart
- Knowledge —The status of knowledge signature files on the device.
- Updated
- Not Updated (3 days since the last update)
- License Status — Indicates the status of the WatchGuard Endpoint Security product license.
- Assigned
- No License
- Excluded
- Last Connection — Indicates the date and time the device was last connected to the network
To perform security actions on a device, click for the computer on which you want to perform the action, then select an action from the list. If you select more than one device, the action applies to all selected devices.
You can perform these actions:
- Assign Security Configurations (Windows, Mac, and Linux computers) — A security configuration is a set of WatchGuard Endpoint Security settings that you define and assign to your managed devices. Select a security configuration from the list, then click Apply.
- Uninstall WatchGuard Endpoint Protection (Windows, Mac, and Linux computers) — Uninstall WatchGuard Endpoint Security products from the computer.
- Scan Computer (Windows and Mac computers only) — Perform a file scan on the selected managed devices. To perform a file scan, the device must be connected to the network. If the device is not connected to the network, the request remains active for 7 days (by default). The scan runs when the device connects to the network.
- Isolate Computer(Windows computers only) — Isolate a device. To isolate a device, the device must be connected to the network to receive the request. The request remains active indefinitely for unconnected devices. The isolate request is performed when the device connects to the network. A icon appears when the device is isolated. The isolation icon flashes while the request to isolate the device is active.
- Stop Isolating Computer (Windows computers only) — Stop isolation for a device. To stop device isolation, the device must be connected to the network to receive the request. The request remains active indefinitely for unconnected devices. The request to stop isolation is performed when the device connects to the network. The isolation icon flashes while the request to stop isolation is active.
Unmanaged Computers Discovered
The Unmanaged Computers Discovered tab shows all detected devices in the client account that do not have a WatchGuard Endpoint Security product installed. To manage and perform actions on an unmanaged device, you must install a WatchGuard Endpoint Security product on the device.
To install WatchGuard Endpoint Security products from the plug-in, the device must already have the ConnectWise Automate agent installed to process and schedule the WatchGuard Endpoint Agent installation.
The Unmanaged Computers Discovered tab shows this information:
- Computer — The name of the device.
- IP Address — The IP address of the device.
- Status — The current installation status of WatchGuard Endpoint Security products on the device.
- Unmanaged
- Installing
- Installation Error
- Last Seen — The date and time the device was last connected to the network.
The only action you can take for an unmanaged computer is to install a WatchGuard Endpoint Security product on the device.
Click for the device on which you want to install WatchGuard Endpoint Security products, then select Install WatchGuard Endpoint Protection. If you select multiple devices, the WatchGuard Endpoint Agent installs on all selected devices.
The installation process for the device is scheduled after approximately two minutes.
Reports
The Reports tab shows data about detected threats based on the threat type and the selected time period.
In the Security Overview page, you can click a threat count to open the Reports page.
- In the Hostname search text box, enter a hostname to filter the results.
- From the Type drop-down list, select the type of threat for the report (Malware, PUPs, Programs blocked, Exploits, and Indicators of attack).
- From the Time Range drop-down list, select a time period for the report. You can choose Last 7 days or Last 24 hours.
The Reports tab shows this information:
- Hostname — The hostname of the device where the threat was detected.
- Threat — The type of detected threat.
- Path — The path on the device where the threat was detected.
- Action — The action performed on the threat.
- Date — The date and time of the incident.
Configure the WatchGuard Endpoint Security Plug-in
Map ConnectWise Automate Clients and WatchGuard Cloud Accounts