The Threat View dashboard is the home page of the Threat View Administration Interface. It provides an operational overview of recent data to facilitate taking decisions based on the threat landscape.
The Threat View dashboard consists of the following widgets:
Dashboard widgets
Each dashboard widget displays an information icon next to the widget title. When you hover the mouse pointer over this icon, Threat View provides a a short explanation of the data presented in this widget.
Total numbers of parameters
The Threat View Dashboard offers quick insights to a given set of analysis parameters with big number charts for the previous day:
Total Events
The total number of events on the previous day.
Threats Detected
The total number of threats that were detected on the previous day.
Total Users
The total number of unique users for who events were detected on the previous day.
Total Devices
The total number of unique devices for which events were detected on the previous day. The figure for this widget is based on the device fingerprints and presents actual devices, not device models.
Total Apps
The total number of unique apps for which events were detected on the previous day. The figure for this widget is based on the unique application identifier.
Events worldwide—number of threat events by country
Threat View creates a world map to visualize the reported events per country. The data in this map shows the total number of reported events for the previous day per country. Data is only available for countries where events occurred. If you hover the mouse pointer over a highlighted country, Threat View displays a tooltip with the country name and the absolute number of events.
To facilitate locating countries, and especially smaller countries, the countries in the map are in different colors. Threat View also provides buttons to zoom into and out of the map, and a Reset button to quickly resize the map to its default display size.
Latest Events
The Latest Events widget lists all events of the current tenant for the previous day. Every event is a separate line with information on the threat event and threat event type that describes what exactly happened for this threat event. The list displays 10 events within the widget but includes up to 100 events. To see the entries further down, scroll the list down within the widget. The list refreshes automatically.
Event categories and event types
In Latest Events, Threat View provides threat information on two levels, threat event and threat event type. The main entries of the list are the event categories which are broken down into the relevant threat event types to provide more specific information as to what exactly happened during the corresponding event, i.e. for the analyzed threat event.
Reports are available for each threat event, not threat event type.
The following table lists the event categories and their relevant threat event types.
Threat events and threat event types | |
Threat event | Threat event type |
|---|---|
Application shutdown | N./A. The app shutting down is not considered a threat event and Threat View accordingly does not provide any further analysis details. |
Alert screen capture | Screenshot detected |
Screen recording detected | |
Screen mirroring detected | |
Untrusted keyboard detected | |
Untrusted screen reader detected | |
Alert hooking framework | Hooking framework detected |
Alert virtual space | App is run in virtual space |
Alert library injection detected | Library injection into the app detected |
Alert rooted | App runs on rooted/jailbroken mobile device (including the rooting/jailbreaking probability, indicated as a number between 0 and 100) |
Threat Events Reports
This is a list with available threat event reports and the number of events for this report. For more information, see Threat event reports.