About the ThreatSync+ Summary Page

Applies To: ThreatSync+ NDR, ThreatSync+ SaaS

The Summary page provides quick access to different areas of ThreatSync+ configuration.

Available pages and features vary and depend on your license type. Throughout this documentation, ThreatSync+ refers generally to all products. If you do not see a page or feature in the ThreatSync+ UI, it is not supported by your product.

Screen shot of ThreatSync+ NDR, Summary page

To open the ThreatSync+ Summary page, from WatchGuard Cloud:

  1. Select Configure > ThreatSync+.
  2. Select Summary.
    The Summary page opens.

The ThreatSync+ Summary page includes these widgets:

Executive Summary Report

Click Executive Summary Report to configure threat score calculation weights and metrics for the Executive Summary Report. Calculation weights control how your threat score is weighted between the metric categories. You can set weights for each category to control how ThreatSync+ NDR calculates your threat score. You can also control which metrics are included in the Executive Summary Report and threat score calculations.

For more information, go to Configure the Executive Summary Report Settings.

Compliance Reports

Click Compliance Reports to enable and disable network defense goals and objectives.

Network defense goals are used to configure your defense goal reports.

For more information, go to Manage Network Defense Goals and ThreatSync+ NDR Reports.

Subnets and Organizations

Click Subnets and Organizations to add and manage subnets.

Configure subnets and ranges of IP addresses to label your internal networks and important systems. ThreatSync+ NDR identifies internal systems that are not labeled as members of an "Untrusted Private" group so that rogue devices can be more easily detected.

For more information, go to Configure Subnets and Organizations.

Devices

Click Devices to add or import the devices you want ThreatSync+ NDR to monitor. You can identify static devices in your network and assign names, roles, and tags to them.

For more information, go to Manage Devices.

Policies

Click Policies to enable and edit ThreatSync+ policies and zones for your network. Policies are built-in or user-defined sets of rules based either directly on traffic or on ThreatSync+ anomalies and events. Default policies detect prohibited sites and countries, as well as data leakage and interaction with critical assets.

For more information, go to Configure ThreatSync+ Policies.

Zones

Click Zones to configure internal and external zones. Internal zones can be:

  • All internal nodes
  • Assets
  • Organizations
  • IP addresses

External zones can be:

  • All external nodes
  • Countries
  • Localities
  • Organizations
  • Domains
  • IP addresses

For more information, go to Manage ThreatSync+ Zones.

Alerts

Click Alerts to configure alerts for ThreatSync+ SaaS collectors, ThreatSync+ policies, and Smart Alerts. Smart Alerts are detected through the correlation of specific behaviors, such as a sequence of scans, or the combination of reconnaissance and command and control activity.

For more information, go to Configure ThreatSync+ Alerts and Notification Rules.

Smart Alert Controls

Click Smart Alert Controls to configure rules to filter Smart Alerts. You can disable rules so that they no longer run, enable rules that you previously disabled, or delete rules to remove them from the list.

For more information, go to Configure ThreatSync+ NDR Smart Alert Controls.

Related Topics

Configure ThreatSync+