Appdome Logo Positive
How to > Advanced Threat Intelligence > ThreatScope™ Mobile XDR > ThreatScope Mobile XDR - Using Threat-Inspect™

ThreatScope Mobile XDR - Using Threat-Inspect™

Last updated September 11, 2023 by Appdome

What is ThreatScope Mobile XDR

ThreatScope Mobile XDR provides visibility on the actual attacks and threats that an Appdome-protected app faces when released in production. The data in the dashboard updates every 24 hours, which means that security can track in real-time how attacks evolve and react quickly to emerging trends. There are no requirements or prerequisites needed, no API integrations are required from the Operation teams and no code changes are needed from the mobile development teams, in order for attacks and threats that a protected app faces to appear in the dashboard. Learn more about ThreatScope Mobile XDR.

Using Threat-Inspect™

The Threat-Inspect™ menu on the left side panel allows to easily filter and create custom Threat Views of the Threat Scope data.
With custom Threat Views, security teams can zoom in on specific aspects of the threat data. Whether it’s a particular app, a specific time frame, or a geographic region, custom Threat Views enable granular analysis, which is essential for identifying patterns and trends in the mobile threats apps are facing.

Threat Inspect Menu

1. Select the Data displayed from one of the following categories

Threat Inspect All Data ButtonAll Data – Displays all accumulated data by the number of individual events. If a specific device experiences several events of the same type, all events will be counted.

Threat Inspect Impacted Devices ButtonImpacted Devices – Summarizes the number of unique devices any event occurred on. If one specific device experiences a certain event a number of times, it will still be counted as one device.

Threat Inspect Ibuilt To Test ButtonBuild to Test Events – Summarizes the Threat Events data only for apps that were built with the Build-to-Test feature. These apps are built specifically for testing via third-party vendors. Learn more about Appdome’s Build-to-Test

2. Filter the data

You can filter the data using each one of the following filters, you can combine filters to create unique Threat Views and gain further insight on the events your Appdome-built apps are facing.

The filters that can be used for controlling the displayed data are:

  • Threat Stream – The type of defense implemented in Threat Events.
  • Event Type – The name of the protection on FAC.
  • Task ID – The unique ID for a protected app on FAC.
  • Bundle ID – The app’s identifier as listed in the AndroidManifest.xml or Info.plist file.
  • Fusion Set Name – The name of the fusion set to which the protected app is subscribed.
  • Fusion Set ID – The ID of the fusion set to which the protected app is subscribed.
  • Manufacturer – The device manufacturer associated with the detected attack.
  • OS – The platform associated with the detected attack.
  • OS Version – The OS Version associated with the detected attack.
  • Country – For further information, see section Reviewing the geographical source of threats.
  • ReasonCode – The Threat/Attack user-facing code from the mobile device. The Reason Code is used in the “ThreatScope™ User Remediation Center”, to understand the specific events or metadata that triggered the threat. Customer support organizations can use this information to instruct the mobile user on how to remediate the threat and get back to using the mobile app.Threat Scope Filters Example

3. Create Custom Threat Views

When the data is filtered, you can save it by creating a view.

Threat Inspect Create View

You can access your custom Threat Views via the main drop-down menu.

Threat Scope Drop Down Menu

Custom Threat View options

Custom Views Edit Edit View Settings

Enables editing of the parameters of the Custom View.

Edit Custom View

After editing you’ll be able to update the current Custom Threat View or save it as a new view.

Edit Menu Custom View

You can also lock the Custom View to disable editing.

Lock Custom View

 

Custom Views Copy Duplicate View

Enables duplication of the Custom Threat View. After duplication, you can edit the parameters of the new view.

Duplicate Custom View

Custom Views Fav Set As Favorite

Set your Custom Threat View as a favorite.

Favorite Custom View

Custom Views Delete Delete Threat View

Delete Custom View

Related Articles

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

 

NEED HELP?

let's solve it together

ShlomiMaking your security project a success!
By filling out this form, you opt-in to recieve emails from us.