Threats

Threat Dashboard

The Threat Dashboard provides a filtered view of all online threats affecting your distributed global enterprise. Threats are displayed by severity including critical, high, and medium-low. The Threat Dashboard classifies devices threats based on asset type, corporate affiliation, trust level, current status and sensor discovery. Classification occurs automatically, continuously and in real time. Severities indicate the threat’s potential to cause damage or disruption to your devices, networks, or services.

By default, the Threat Dashboard displays all threats that have been active since the user’s last login, and are currently online. Use filter drop-downs to select a particular date range, or specific attributes (corporate status, sensor, asset type, etc.).



The Pulse analytics engine automatically scans for and classifies threats based on the following:

  • Real-time data
  • Pwnie Labs threat intelligence
  • Known asset classifications

This data is also used to create automated reports in Pulse. Threats are available to view through the Threat Dashboard or through individual asset views.

Threats can be viewed on the affected asset record, or in aggregate.

To display more details, click a section of chart to go to the sorted work list of assets that meet the description.

To view all individual threats

  1. In the Pulse web application, open the Assets tab.
  2. Under Assets, select Threats. In the Threats view, detected threats can be filtered or organized by risk level, corporate status, threat type, device type, trust level, sensor detected by, vendor, and device status.



  3. To display a threat description, click a threat, or click an asset with associated threats.

Managing Threat Severity Levels

You can tune Pulse so that it reflects the main threat concerns in your environment by changing the severity level of a threat, or muting particular threats.

Note

To change threat severity levels, you must be an Admin user.

Changing threat severity level – After you change a threat’s severity level, Pulse begins the process of reclassifying the threat at the asset level in the Threat Dashboard, and reflects the change in the next nightly report.

Changes to threat severity levels occur at the Pulse instance level, so if one Admin user mutes a threat, it is muted for all users on that Pulse instance. The audit logs track all changes to the threat severity levels. See Audit Logs section for more information on this.

Mute threats – A muted threat no longer appears in the Threat Dashboard, Reports, or Asset tabs. This includes inactive threats. If Pulse detects any muted threats, they are tracked but do not appear anywhere in the UI.

To manage threat severity levels

  1. In the Pulse web application, select Tools > Manage Threat Severity Levels



    The Manage Threat Severities page is displayed, listing current threats and their respective severity levels.
  2. Reclassify or mute threats as follows:
    • Single change at a time – Select a severity level from the drop-down list to the right of the threat.



    • Multiple changes at once – Select check boxes and select a severity level from the Severity Level drop—down list that appears at the top of the threat list.



  3. With multiple threats selected, click Preview Change to see current and future changes.



  4. Click Save to save your changes and apply the new settings.

Changes to threat severity levels can take up to 30 minutes to take effect, while historical data is updated.
The next nightly report will reflect the changes to the threat severities.