ThreatScope Mobile XDR - Using Threat-Inspect™

Last updated December 6, 2023 by Appdome

What is ThreatScope Mobile XDR

ThreatScope Mobile XDR provides visibility on the actual attacks and threats that an Appdome-protected app faces when released in production. The data in the dashboard updates every 24 hours, which means that security can track in real-time how attacks evolve and react quickly to emerging trends. There are no requirements or prerequisites needed, no API integrations are required from the Operation teams and no code changes are needed from the mobile development teams, in order for attacks and threats that a protected app faces to appear in the dashboard. Learn more about ThreatScope Mobile XDR.

Using Threat-Inspect™

The Threat-Inspect™ menu on the left side panel allows to easily filter and create custom Threat Views of the Threat Scope data.
With custom Threat Views, security teams can zoom in on specific aspects of the threat data. Whether it’s a particular app, a specific time frame, or a geographic region, custom Threat Views enable granular analysis, which is essential for identifying patterns and trends in the mobile threats apps are facing.

Alldata400

1. Select the Data displayed from one of the following categories

AlldataAll Data Displays all accumulated data by the number of individual events. If a specific device experiences several events of the same type, all events will be counted.

Impacteddevices Unavaliable304Impacted Devices –  Summarizes the number of unique devices any event occurred on. If one specific device experiences a certain event a number of times, it will still be counted as one device.

Build2testBuild2TestEvents – Summarizes the Threat Events data only for apps that were built with the Build2Test feature. These apps are built specifically for testing via third-party vendors. Learn more about Appdome’s Build2Test

Unique AttackUnique Attacks – Displays an in-depth diagnosis of each attack enabling precise identification of critical cyber and fraud attacks on mobile apps in production. Geo-location, source identification, attack methods, and techniques for effortless threat detection are all covered.

Bot Defense DataBot Defense Data – Access complete payload data from Appdome’s MOBILEBot™ Defense (MBD) solution for insights on mobile infrastructure. Detect and prevent attacks like credential stuffing and DDoS by correlating and validating real attacks.

2. Filter the data

You can filter the data using each one of the following filters, you can combine filters to create unique Threat Views and gain further insight on the events your Appdome-built apps are facing.

The filters that can be used for controlling the displayed data are:

  • Threat Stream – The type of defense implemented in Threat Events.
  • Event Type – The name of the protection on FAC.
  • Task ID – The unique ID for a protected app on FAC.
  • Bundle ID – The app’s identifier as listed in the AndroidManifest.xml or Info.plist file.
  • Fusion Set Name – The name of the fusion set to which the protected app is subscribed.
  • Fusion Set ID – The ID of the fusion set to which the protected app is subscribed.
  • Manufacturer – The device manufacturer associated with the detected attack.
  • OS – The platform associated with the detected attack.
  • OS Version – The OS Version associated with the detected attack.
  • Country – For further information, see section Reviewing the geographical source of threats.
  • ReasonCode – The Threat/Attack user-facing code from the mobile device. The Reason Code is used in the “ThreatScope™ User Remediation Center”, to understand the specific events or metadata that triggered the threat. Customer support organizations can use this information to instruct the mobile user on how to remediate the threat and get back to using the mobile app.

Threat Events Filters

3. Create Custom Threat Views

When the data is filtered, you can save it by creating a view.

Threat Inspect Create View

You can access your custom Threat Views via the main drop-down menu.

Screen Shot 2023 09 28 At 14.31.49

Custom Threat View options

Custom Views Edit Edit View Settings

Enables editing of the parameters of the Custom View.

Update View

After editing you’ll be able to update the current Custom Threat View or save it as a new view.

Save View

You can also lock the Custom View to disable editing.

Unlock View

 

Custom Views Copy Duplicate View

Enables duplication of the Custom Threat View. After duplication, you can edit the parameters of the new view.

Duplicate Custom View

Custom Views Fav Set As Favorite

Set your Custom Threat View as a favorite.

Unset Favorite

Custom Views Delete Delete Threat View

Delete View

Related Articles:

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

 

Appdome

Want a Demo?

ThreatScope™ Mobile XDR

GilWe're here to help
We'll get back to you in 24 hours to schedule your demo.