Skip to main content

MDR

Dashboards

The Dashboards page provides you with several tabs that offer an overview of your company, all relevant activity, recent security events, and more.

125504_1.png
  1. Org. Summary. A high-level overview of endpoint and license status, incidents, investigations, and recommendations for all your managed companies.

  2. Overview. General information about the overall security status of your company and the most recent relevant events.

  3. MDR service. Statistics, lists and information regarding all recent MDR activity performed by the SOC team.

  4. Agent actions. An overview of alerts, incidents and threats that resulted from agent actions.

  5. Configuration. General company information broken down per operating system.

  6. Company selection. Company selector for which you want to display information.

  7. Date selection. Selector for a predetermined time interval, relative to the current time:

    • Last 24 hours.

    • Last 7 days.

    • Last 30 days.

  8. Notifications. Allows you to configure notification settings for your company.

Org. Summary

125504_2.png

The Org. Summary dashboard shows how many organizations are monitored and the total number of endpoints across those organizations, along with how many organizations have licenses expiring soon (or already expired).

The sections are presented in the order that they appear in the console, from top to bottom. The page is separated by title blocks for their respective data sets.

  1. Managed companies. Shows the total number of companies that you manage.

    Tip

    Click the title to view Companies page.

  2. Monitored endpoints. Shows the total number of endpoints you manage. This includes both the endpoints in your company and the companies you manage that have the security agent installed.

  3. License Status. Displays the number of used and available licenses in your company.

  4. Top investigations. Shows the highest number of investigations by type.

    For more information on investigation types, refer to Investigations.

    Tip

    • Click the title to view the Investigations page.

    • Click a specific investigation type from the list to go to the Investigation page, which displays only the type of investigation you have selected.

  5. Recent incidents. Displays the five most recent incidents reported in your managed companies. The following information is displayed for each incident:

    • Date and time of occurrence

    • Company where the incident occurred

    • Investigation code

    • Description of incident

    Tip

    Click any entry to go to the Reports page.

  6. Top customers with recommendations. Displays the companies that have received the most recommendations.

    Tip

    • Click the title to access the Recommendations page

    • Click on a specific company from the list will also take you to the page and filter out the results to display only the recommendations for the company you have selected.

  7. Top customers with open tickets. Displays the companies with the highest number of open tickets.

    Tip

    • Click the title to view the Tickets page.

    • Click on a specific company from the list will also take you to the page and filter out the results to display only the tickets for the company you have selected.

  8. Top customers with investigations. Displays the companies with the highest number of ongoing investigations.

    Tip

    • Click the title to view the Investigations page.

    • Click on a specific company from the list will also take you to the page and filter out the results to display only the investigations for the company you have selected.

Overview

125504_11.png

The Overview dashboard gives you a high-level view across your environment, starting with the number of licenses and monitored endpoints, a glance at the types of threats to the environment, as well as the endpoints and users who are being impacted the most.

  1. Total licenses. The total number of licenses.

  2. Monitored endpoints. Number of endpoints protected by Bitdefenderservices and currently monitored by MDR.

  3. Active incidents. Number of incidents which may derive from alerts in overly vulnerable environments.

  4. Open recommendations. Number of recommendations that are currently open.

    Tip

    Click on the text to go to the Recommendations page.

  5. Activity summary. Provides an overview of the most common types of activity detected on your environment over a specific period, depending on the date selection you opted for.

    Tip

    Hovering over any of the columns, provides an additional tool tip with useful information.

    From left to right, each column indicates the following:

    • Environment telemetry - the number of events registered in the environment.

    • Suspicious events - the number of alerts generated from the total events registered in the first column.

    • Human analysis - the number of alerts from the previous column which resulted in investigations and threat hunts.

    • Analysis outcome - based on the human analysis, this column indicates the number of actions taken and recommendations.

    • Incidents - number of incidents resulted from the investigations.

  6. Activity trend. Provides a timeline in the form of a a line chart of when the investigations took place and it's comprised of the following variables:

    • Investigations

    • Incidents

    • Hunts

  7. Recent activity. Lists the most recent investigations, along with a timestamp and a brief description.

    Tip

    Click on one of the items listed to access the Investigations page.

  8. Recent documents. Lists the most recent documents, along with a timestamp and the document type. Each document will open in a separate page, depending on the document type listed.

  9. Top investigation categories. Shows the highest number of incidents, per category.

    Tip

    Click on one of the items listed to access the Investigations page.

  10. Top impacted users. Displays a list of users with the highest number of related alerts.

  11. Top endpoints by alerts. Displays a list of endpoints with the highest number of related alerts.

MDR Service

125504_4.png

The MDR Service dashboard focuses on the actions taken by the SOC team on your behalf.

  1. Active investigations. Number of currently ongoing investigations.

  2. Pending response. Indicates an action you need to take in the form of a recommendation or a pre-approved action which has not yet been pre-approved and needs a response for SOC to take a certain action on your behalf. For example: quarantine an endpoint or delete a file.

  3. Mean time to acknowledge. The average time required for an alert to result in the initiation of action.

  4. Investigation severity trend. A list of incidents, organized per severity rating and a graph showing a timeline of recent investigations.

  5. Hunt outcomes. A graph providing a breakdown of recent hunt results which can lead to actions and recommendations. The results are displayed in two columns:

    • Targeted - results from the base line of your environment created during onboarding. Original threat line created.

    • Risk-based - results based on external threat intelligence. For example, a new threat actor.

  6. Recent investigations. Summary of the recent investigations.

  7. Recent hunts. A list of recent hunts showing information about the hunt type, and a summary of that specific hunt along with action taken and recommendation, if any applicable.

  8. Top investigation categories. Shows the highest number of incidents, grouped by category.

  9. Top investigation hosts. Displays the hosts which were included in most of the investigations.

  10. Top investigation signature names. Displays the signatures detected most during the investigations.

Agent actions

125504_12.png

The Agent actions dashboard provides a summary of what type of alerts are coming from the endpoint agent, including how many and what types of responses the agent was able to make.

  1. Alerts Shows the number of alerts created by agents on endpoints.

  2. Agent actions. Shows the number of automatically actions taken, based on that number of alerts.

  3. Most mitigated threats. Shows the most common addressed threats along with threat type and number of occurrences.

  4. Alert trend. Shows the evolution of alerts triggered in the selected time interval. The trend may follow a weekly pattern, high during the working days, and low during non-working days.

  5. Top alerts. Displays the highest number of alerts by type.

  6. Automatic actions trend. Provides an overview of actions taken by the agent. For example:

    • Block

    • Block and Disinfect

    • Delete

    • Quarantine

    • Disinfect Only

    • Malicious process killed

Configuration