ThreatSync
Applies To: ThreatSync
ThreatSync is a WatchGuard Cloud service that provides eXtended Detection and Response (XDR) technology for WatchGuard Network and Endpoint Security products. ThreatSync provides extended detection capabilities through the correlation of data from different WatchGuard security products that indicates the presence of threats.
Correlation of activities across domains monitored by different security products enables ThreatSync to detect and score malicious scenarios that could be indicators of compromise (IoCs), and present them as incidents in WatchGuard Cloud for Incident Responders to review and remediate. This reduces the Mean Time to Detect or Discover (MTTD) threats and the impact, severity, and scope of security incidents.
ThreatSync+ NDR extends the existing ThreatSync functionality in WatchGuard Cloud and offers enhanced network detection and response, network device identification, and advanced reporting for Fireboxes, third-party firewalls, and LAN infrastructure. To learn more, go to About ThreatSync+ NDR in WatchGuard Cloud Help.
For information about how to get started with ThreatSync, go to:
- About ThreatSync
- Quick Start — Set Up ThreatSync
- ThreatSync Best Practices
- Configure ThreatSync Device Settings
- About ThreatSync Automation Policies
- Monitor ThreatSync Incidents
- Monitor ThreatSync Endpoints
- Review Incident Details
- Close or Change the Status of Incidents
- Perform Actions on Incidents and Endpoints
- Configure ThreatSync Notification Rules