Configure Threat Indicators

There are a few configuration activities for Threat Indicators. First, you can browse and learn about the individual TIs. Then you can:

  • Activate the TIs you want to use in custom App or Device Policies.
  • Change the Org-level or global Risk Level of a TI, if you prefer to assign a lower or higher one.
  • Deactivate TIs when they are no longer relevant for protecting your Organization.

After initial configuration and on an ongoing basis, you review new TIs as they are released by Appthority MTT Researchers. See Review New Threat Indicators.

These activities take place in the Compliance > Threat Indicators tab. For a description of the Threat Indicators interface, see About the Threat Indicators Tab.

To browse and learn about Threat Indicators

  1. Go to the Compliance > Threat Indicators tab. It lists all the TIs available in the system.
  2. Use the All | Device | App buttons in the left panel list to filter the TIs by Type.
  3. Optionally, click a category in the left panel to see just the TIs for that category.
  4. Click Expand (+) to see more information about a particular TI. Some TIs have links to additional relevant information.

To review Threat Indicators

  1. Click Not Reviewed to list the unreviewed TIs.
    Tip: To list them all, make sure that no other filters are applied.
  2. Click Expand (+) to read more information about the TI.
  3. Click Actions > Mark as Reviewed.

To activate a Threat Indicator

  1. Click the checkbox of a TI to select it.
    Tip: To select all the TIs, click the one box at the top of the checkbox column.
  2. Click Actions > Activate.

When a TI is activated, it appears in the Add Threat Indicator dialog when you are creating or updating an App or Device policy.

To change the Global (Org-level) Risk of a Threat Indicator

For an overview of Risk see TI Risk, Policy Risk Scores, and App Risk Scores.

  1. Click the checkbox of a TI to select it.
  2. In the Risk column, click the number icon and select a new number to override the default.

Caution: Changing the Risk for a TI at the Org level may change the Risk Score of any policies that use the TI. This is because the default Risk Score of a policy is the same as its highest-risk TI.

To deactivate a Threat Indicator

  1. Click the checkbox of a TI to select it.
  2. Click Actions > Deactivate.

The TI is not removed from the system, so you can reactivate it at any time.

Copyright ©Appthority, Inc. 2017-2018 All Rights Reserved. Contact Support