Applies To: ThreatSync+ NDR, ThreatSync+ SaaS
The Manage Network Defense Goals page is where you manage your network defense goals and objectives for defense goal reports. A network defense goal is a collection of defense objectives, each organized around a specific prevention area. Each defense objective consists of a set of controls that should be enabled and monitored to help prevent attacks.
You can enable specific defense goals, configure which defense objectives to include in your defense goal reports, configure the defense controls for each objective, and modify compliance thresholds for your organization.
The Ransomware Prevention Defense Goal Report is available by default with a ThreatSync+ NDR license. We recommend you add the WatchGuard Compliance Reporting license to configure additional defense goals. For more information, go to About WatchGuard Compliance Reporting.
The Microsoft 365 Defense Goal Report is only available with a ThreatSync+ SaaS license. For more information, go to About ThreatSync+ SaaS Licenses.
Configure Defense Goals and Objectives
To configure defense goals and objectives for your defense report, from WatchGuard Cloud:
- Select Configure > ThreatSync+ > Compliance Reports.
The Manage Network Defense Goals page opens. - Enable the defense goals you want to include in the report.
The Ransomware Prevention toggle is enabled by default with a ThreatSync+ NDR license. The Microsoft 365 toggle is enabled by default with a ThreatSync+ SaaS license.
- Expand the defense goals to show a list of objectives. Enable the objectives you want to include in the report.
- Expand each objective to configure the defense controls.
- Within each objective, disable controls you want to exclude or enable the policies that provide the data for the controls.
When you first enable a defense goal, some of the underlying policies for the controls might be disabled. Disabled policies show a Not Active status. Click the status to change the policy to Live. If there are no policies associated with a control, a No Policy Exists status shows. Click the status to go to the Policies page where you can create a new policy. For more information, go to Configure ThreatSync+ Policies.
- Each control has a threshold that it uses to determine if the control is compliant or not. Modify the compliance thresholds for controls to align with the business policies of your organization.
The default threshold values are set so that when there is an alert count greater than zero, or the threat score of any alert is greater than 50, the control shows as Not Compliant in defense goal reports.
Import a Defense Goal
On the Manage Network Defense Goals page, you can download a defense goal in JSON format, customize the JSON file, and then import it to ThreatSync+. This enables you to easily customize defense goals and import them to the accounts you manage. For example, you might customize and import several JSON files to build a custom report to use across your managed accounts.
Each JSON file you download contains one defense goal.
To download a sample Network Defense Goal JSON file:
- On the Manage Network Defense Goals page, click Import Network Defense Goal.
The Import Network Defense Goal page opens. - To download a sample Network Defense Goal JSON file, click Download.
To download a JSON file of a specific defense goal:
- On the Manage Network Defense Goals page, click
next to the defense goal.
To import a network defense goal:
- Click Import Network Defense Goal.
The Import Network Defense Goal page opens. - Click Choose a file and select a JSON file to upload.
Ransomware Prevention Defense Goal Report