The Threat View dashboard is the home page of the Threat View Administration Interface. It provides an operational overview of recent data to facilitate taking decisions based on the threat landscape.
The Threat View dashboard consists of the following widgets:
Dashboard widgets
Each dashboard widget displays an information icon next to the widget title. When you hover the mouse pointer over this icon, Threat View provides a short explanation of the data presented in this widget.
Total numbers of parameters
The Threat View Dashboard offers quick insights to a given set of analysis parameters with big number charts for the previous day:
Total Events
The total number of events on the previous day.
Threats Detected
The total number of threats that were detected on the previous day.
Total Users
The total number of unique users for who events were detected on the previous day.
Total Devices
The total number of unique devices for which events were detected on the previous day. The figure for this widget is based on the device fingerprints and presents actual devices, not device models.
Total Apps
The total number of unique apps for which events were detected on the previous day. The figure for this widget is based on the unique application identifier.
Events worldwide—number of threat events by country
Threat View creates a world map to visualize the reported events per country. The data in this map shows the total number of reported events for the previous day per country. Data is only available for countries where events occurred. If you hover the mouse pointer over a highlighted country, Threat View displays a tooltip with the country name and the absolute number of events.
To facilitate locating countries, and especially smaller countries, the countries in the map are in different colors. Threat View also provides buttons to zoom into and out of the map, and a Reset button to quickly resize the map to its default display size.
Latest Events
The Latest Events widget lists all events of the current tenant for the previous day. Every event is a separate line with information on the threat event and threat event type that describes what exactly happened for this threat event. The list displays 10 events within the widget but includes up to 100 events. To see the entries further down, scroll the list down within the widget. The list refreshes automatically.
Threat types, event types, and threat events
In Latest Events, Threat View provides threat information on two levels, event type and threat event. The main entries of the list are the event types which are broken down into the relevant threat events to provide more specific information as to what exactly happened during the corresponding event, i.e. for the analyzed threat event.
Reports are available for each threat type, not threat event.
The following table lists the threat types with their event types and threat events. It also indicates which threat types are included in the event list of the All Events page which is closely connected to the Latest Events list. For more information on the All Events page, see All Events: event-based investigation.
Threat/Non-threat type | Event type | Threat event |
|---|---|---|
App in Virtual Space | Alert virtual space | Virtual space detected. |
Application startup | N./A. The app starting up is not considered a threat event and Threat View accordingly does not provide any further analysis details. | |
Debug Bridge Active | Alert developer mode | ADB active detected, i.e., there is an active Android Debug Bridge. |
Developer Mode | Alert developer mode | Developer Mode detected, i.e., the Developer Mode is enabled on this device. |
Emulated Input | Alert input tampering | Emulated input detected. |
Hooking Framework | Alert hooking framework | Hooking framework detected. |
Library Injection | Alert library injection | Library injection detected, i.e. a library has been injected into the app. |
Malware | Alert malware | Malware detected on the device. |
Network Information | N./A. Network information is not considered a threat event and Threat View accordingly does not provide any further analysis details. | |
Private space | Running in Context Private space is not considered a threat event. | The app runs inside a private space or work profile. |
Rooted / Jailbroken | Alert rooted | Rooted / jailbroken device, i.e., the app runs on a rooted / jailbroken mobile device. |
Screen Mirroring | Alert screen capture | Screen mirroring detected. |
Screen Recording | Alert screen capture | Screen recording detected. |
Screenshot | Alert screen capture | Screenshot detected. |
Tapjacking | Alert input tampering | Tapjacking detected, i.e., the app is obscured by a non-system overlay. |
Untrusted Keyboard | Alert screen capture | Untrusted keyboard detected. |
Untrusted Screen Reader | Alert screen capture | Untrusted screen reader detected. |
Threat Events Reports
This is a list with available threat event reports and the number of events for this report. For more information, see Threat event reports.