Applies To: ThreatSync+ NDR
The Summary page provides quick access to different areas of ThreatSync+ NDR configuration.
To open the ThreatSync+ NDR Summary page, from WatchGuard Cloud:
- Select Configure > ThreatSync+ NDR.
- Select Summary.
The Summary page opens.
The ThreatSync+ NDR page includes these widgets:
Executive Summary Report
Click Executive Summary Report to configure threat score calculation weights and metrics for the Executive Summary Report. Calculation weights control how your threat score is weighted between the metric categories. You can set weights for each category to control how ThreatSync+ NDR calculates your threat score. You can also control which metrics are included in the Executive Summary Report and threat score calculations.
For more information, go to Configure the Executive Summary Report Settings.
Compliance Reports
Click Compliance Reports to enable and disable network defense goals and objectives.
Network defense goals are used to configure your defense goal reports.
For more information, go to Manage Network Defense Goals and ThreatSync+ NDR Reports.
Subnets and Organizations
Click Subnets and Organizations to add and manage subnets.
Configure subnets and ranges of IP addresses to label your internal networks and important systems. ThreatSync+ NDR identifies internal systems that are not labeled as members of an "Untrusted Private" group so that rogue devices can be more easily detected.
For more information, go to Configure Subnets and Organizations.
Devices
Click Devices to add or import the devices you want ThreatSync+ NDR to monitor. You can identify static devices in your network and assign names, roles, and tags to them.
For more information, go to Manage Devices.
Policies
Click Policies to enable and edit ThreatSync+ NDR policies and zones for your network. Policies are built-in or user-defined sets of rules based either directly on traffic or on ThreatSync+ NDR anomalies and events. Default policies detect prohibited sites and countries, as well as data leakage and interaction with critical assets.
For more information, go to Configure ThreatSync+ NDR Policies.
Zones
Click Zones to configure internal and external zones. Internal zones can be:
- All internal nodes
- Assets
- Organizations
- IP addresses
External zones can be:
- All external nodes
- Countries
- Localities
- Organizations
- Domains
- IP addresses
For more information, go to Manage ThreatSync+ NDR Zones.
Alerts
Click Alerts to configure alerts for ThreatSync+ NDR policies. You can also configure Smart Alerts. Smart Alerts are detected through the correlation of specific behaviors, such as a sequence of scans, or the combination of reconnaissance and command and control activity.
For more information, go to Configure ThreatSync+ NDR Alerts and Notification Rules.
Smart Alert Controls
Click Smart Alert Controls to configure rules to filter Smart Alerts. You can disable rules so that they no longer run, enable rules that you previously disabled, or delete rules to remove them from the list.
For more information, go to Configure ThreatSync+ NDR Smart Alert Controls.