The ThreatLocker Detect Dashboard compiles your environment’s incident and alerts data into easy-to-digest bar charts, line graphs, and pie charts. Its intuitive layout ensures quick insights with tooltips for deeper analysis and swift action. These insights include information about responses taken and the reason behind each.
As part of the incident response process, the Cyber Hero team provides policy recommendations; which ones to enable or disable along with detailed recommendations on how to respond to each incident.
Navigate to the dashboard by clicking on Response Center menu item, and then the Dashboard tab.
1 | Total Incidents Reviewed | Broken down by user that reviewed alerts |
2 | Incident Outcomes | Actioned incidents and Incidents cleared without action |
3 | Top Alerts | Top alert occurrences by policy |
4 | Top Impacted Assets | Top impacted assets by number of incidents |
5 | Open Recommendations | Unactioned incident recommendations |
6 | Exclusions Added | Most recent added exclusions |
The dashboard contains two types of widgets, filtered and unfiltered. Open Recommendations and Exclusions Added make up the unfiltered widgets, and are sorted by most recent.
The filtered widgets encompass all other available widgets, and can be filtered by:
- Parent or Child Organization, Computer Group, and specific Computers
- Endpoint or Cloud Detect Module
- Timeframe of Last Seven Days, Current Month, Previous Month, 90 Days or by entering a Custom Range
You will be able to add/remove different Filterable Widgets as more become available in future releases.
Widget Detail Dialogue
Clicking on an element within any filterable widget will bring up a dialogue with expanded details.
Open Recommendations
The Open Recommendations widget introduces new functionaity to now allow the Cyber Hero MDR team to provide ThreatLocker Administrators with actionable recommendations that can include suggested policies to enable or disable in your environment. This helps reduce friction and accelerates remediation time.
Policies are suggested based on the alerts being reviewed and best practices. The Cyber Hero MDR team is not fully aware of everything in your environment. You should evaluate each policy recommendation before enabling or disabling any policy.
- Clicking the Resolve button opens the Recommendation Details dialogue
- Toggle the desired recommendation and click Resolve to take the recommended actions
- Click Mark Rejected to reject the recommednation
- Click Cancel to close the dialogue without taking any recommendation actions