ThreatScope Mobile XDR - Using Threat-Inspect™
What is ThreatScope Mobile XDR
ThreatScope Mobile XDR provides visibility on the actual attacks and threats that an Appdome-protected app faces when released in production. The data in the dashboard updates every 24 hours, which means that security can track in real-time how attacks evolve and react quickly to emerging trends. There are no requirements or prerequisites needed, no API integrations are required from the Operation teams and no code changes are needed from the mobile development teams, in order for attacks and threats that a protected app faces to appear in the dashboard. Learn more about ThreatScope Mobile XDR.
Using Threat-Inspect™
The Threat-Inspect™ menu on the left side panel allows to easily filter and create custom Threat Views of the Threat Scope data.
With custom Threat Views, security teams can zoom in on specific aspects of the threat data. Whether it’s a particular app, a specific time frame, or a geographic region, custom Threat Views enable granular analysis, which is essential for identifying patterns and trends in the mobile threats apps are facing.
1. Select the Data displayed from one of the following categories
All Data – Displays all accumulated data by the number of individual events. If a specific device experiences several events of the same type, all events will be counted.
Impacted Devices – Summarizes the number of unique devices any event occurred on. If one specific device experiences a certain event a number of times, it will still be counted as one device.
Build2TestEvents – Summarizes the Threat Events data only for apps that were built with the Build2Test feature. These apps are built specifically for testing via third-party vendors. Learn more about Appdome’s Build2Test
Unique Attacks – Displays an in-depth diagnosis of each attack enabling precise identification of critical cyber and fraud attacks on mobile apps in production. Geo-location, source identification, attack methods, and techniques for effortless threat detection are all covered.
Bot Defense Data – Access complete payload data from Appdome’s MOBILEBot™ Defense (MBD) solution for insights on mobile infrastructure. Detect and prevent attacks like credential stuffing and DDoS by correlating and validating real attacks.
2. Filter the data
You can filter the data using each one of the following filters, you can combine filters to create unique Threat Views and gain further insight on the events your Appdome-built apps are facing.
The filters that can be used for controlling the displayed data are:
- Threat Stream – The type of defense implemented in Threat Events.
- Event Type – The name of the protection on FAC.
- Task ID – The unique ID for a protected app on FAC.
- Bundle ID – The app’s identifier as listed in the AndroidManifest.xml or Info.plist file.
- Fusion Set Name – The name of the fusion set to which the protected app is subscribed.
- Fusion Set ID – The ID of the fusion set to which the protected app is subscribed.
- Manufacturer – The device manufacturer associated with the detected attack.
- OS – The platform associated with the detected attack.
- OS Version – The OS Version associated with the detected attack.
- Country – For further information, see section Reviewing the geographical source of threats.
- ReasonCode – The Threat/Attack user-facing code from the mobile device. The Reason Code is used in the “ThreatScope™ User Remediation Center”, to understand the specific events or metadata that triggered the threat. Customer support organizations can use this information to instruct the mobile user on how to remediate the threat and get back to using the mobile app.
3. Create Custom Threat Views
When the data is filtered, you can save it by creating a view.
You can access your custom Threat Views via the main drop-down menu.
Custom Threat View options
Edit View Settings
Enables editing of the parameters of the Custom View.
After editing you’ll be able to update the current Custom Threat View or save it as a new view.
You can also lock the Custom View to disable editing.
Duplicate View
Enables duplication of the Custom Threat View. After duplication, you can edit the parameters of the new view.
Set As Favorite
Set your Custom Threat View as a favorite.
Delete Threat View
Related Articles:
- Threat-Events™, In-App Threat Intelligence in Native iOS Apps
- How to Use ThreatScope™ User Remediation Center
- Understanding ThreatScope Mobile XDR Threat Views
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
