Manage WatchGuard Orion

WatchGuard Orion is an endpoint security module available by request for endpoints with WatchGuard EDR, EPDR, and Advanced EPDR. Only WatchGuard approved tier-1 Service Providers or Subscribers can manage Orion threat hunting services. To become an approved partner, contact your WatchGuard Representative.

When WatchGuard approves your account, you can then activate Orion licenses at WatchGuard.com. Tier-1 Subscriber accounts can only manage Orion services for their own account. Tier-1 Service Providers can allocate the Orion module to their managed accounts in WatchGuard Cloud. After the tier-1 Service Provider account allocates the module from an Orion license to managed Subscriber accounts, they must request access to the accounts in order to manage the Orion services for the accounts. They cannot manage Orion for a managed account that is in a different cloud region.

For information on how to activate and allocate endpoint security modules, go to Activate an Endpoint Security License and Allocate Endpoints.

Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have the Manage Tenants permission to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.

Enable Orion Management for Your Own Account

Tier-1 Subscriber and Service Provider accounts can manage Orion services for their own account.

To enable Orion management for your account:

  1. Log in to WatchGuard Cloud.

    If you have a Service Provider account, from Account Manager, select My Account to view your Subscriber account.
  2. Select Administration > Managed Access.
  3. In the WatchGuard Orion section, click Manage Access.

Screen shot of Orion Management dialog box for tier-1 Subscriber, managed access

  1. Select I will manage WatchGuard Orion for this account.
  2. Click Manage Access.
  3. Click Grant Access.

Request Orion Management Access — Tier-1 Service Provider Accounts

To request management access for Orion from an account you manage, you must generate a verification code and then send the code to the owner or administrator of the account you want to manage Orion services for. The account owner uses the verification code to approve your Orion management access request.

To request Orion management access from an account:

  1. From Account Manager, select the account you want to request management access for.
  2. Select Administration > Managed Access.

Screen shot of Managed Access page in WatchGuard Cloud, WatchGuard Orion section

  1. In the WatchGuard Orion section, click Request Access.
  2. To generate a verification code, click Next.
  3. Click Copy Message Text to copy the email message text. The copied text includes the generated verification code.

Screen shot of Managed Access page in WatchGuard Cloud, Copy Email Message

  1. Paste the copied text into an email message and send it to the owner of the account you want to manage.

The account owner uses the verification code to give you management access for their Orion services. The request is Pending until they approve it. When they approve your request, the account shows as Managed on the Managed Access page.

Screen shot of Managed Access page in WatchGuard Cloud, WatchGuard Orion section

Edit Orion Management Access

You cannot revoke Orion management access from an account. You can change the Service Provider account that has management access. You could also deallocate the module from the account to remove access to the module.

For information on how to deallocate modules from an account, go to Remove the License or Deallocate Endpoints in the topic, Allocate Endpoints.

Before you begin, make sure that you have a new verification code from the Service Provider you want to enable Orion management access for.

To edit management access:

  1. Log in to WatchGuard Cloud.

    If you have a Service Provider account, from Account Manager, click My Account to view your Subscriber account.
  2. Select Administration > Managed Access.

    The Managed Access page opens.
  3. On the Managed Access page, click Edit Management Access.

Screen shot of Managed Access page in WatchGuard Cloud, Edit Management Access

  1. Select Another account will manage WatchGuard Orion for this account.

Screen shot of Managed Access page in WatchGuard Cloud, WatchGuard Orion Management dialog box

  1. In the Verification Code text box, paste the new verification code.
  2. Click Manage Access.
  3. Click Grant Access.

Manage Orion Management Access Requests

You can see and manage pending Orion management access requests on the Managed Access page.

Screen shot of Managed Access page in WatchGuard Cloud, WatchGuard Orion section

The Token ID column shows the relevant verification code and the Expiration Date column shows the date that the verification code expires.

When you remove a pending token, it is no longer valid and does not work if an account tries to use it to give you management access to Orion. The action cannot be undone.

To remove the pending token:

  1. To show Orion management access requests that have not yet been accepted, from the drop-down list, select Pending
  2. Next to the pending token ID that you want to remove, click More options icon.
  3. Select Remove Pending Token.
  4. Click Delete.

Screen shot of WatchGuard Cloud, Remove Pending Token

Related Topics

Enable WatchGuard Orion Management

WatchGuard Endpoint Security Modules