New in TDR 5.9.0: User-Based ThreatSync Services
We are excited to announce that Threat Detection and Response has a new feature to try – user-based ThreatSync services.
Have you ever stared at your ThreatSync dashboard and wondered who continues to download and run that malicious file? You might find the file in the home directory of the user, but we all know that is not always the case. Now, you can take out the guesswork with user-based ThreatSync services!
User-Based ThreatSync Services
In TDR 5.9.0, new user pages display user information attributed to each file or process detected by the Host Sensor.
This feature includes these pages:
ThreatSync > Users – This new page displays a combined score for a user, based on the indicators attributed to that user. Only users with a threat score are displayed on this page.
- Color-coded logged in indicator icons display the current status of users logged in to a computer with a Host Sensor installed.
- The Indicators table displays all indicators attributed to that user.
- The Hosts table displays a list of endpoint devices that the user is logged in to.
Devices/Users > Users – This new page displays all users detected by ThreatSync and their login status.
- Color-coded logged in indicator icons display the current status of users logged in to a computer with a Host Sensor installed.
- The Hosts table displays a list of endpoint devices that the user is logged in to.
ThreatSync > Indicators – This feature now includes a new User column to enable you to easily sort and filter indicators.
This feature is open to early access. If you would like to use this feature, in the TDR web UI, go to Settings > General and click Beta Tester. Please provide any feedback through a support case.
We are excited about this new feature and look forward to your feedback.
Thank you.
TDR Product Team