Generating a threat detection report

Edit online

You can generate reports of threat detection activity in your IBM® Verify tenant.

Before you begin

  • You must have administrative permission to complete this task.
  • Log in to the IBM Verify administration console as an Administrator.

About this task

This feature allows administrators to generate reports about the suspicious IP activity and other attributes that you can filter in your IBM Verify tenant. This capability brings an endpoint detection and better response management.

Procedure

  1. Select Reporting & diagnostics > Reports.
  2. Select the View Report on the Threat Detection activity tile.
  3. In addition to the further suggested steps, you can also use the Ask watsonx chatbot to ask questions that are related to potential risks with context to a threat, users, applications, IP addresses, and also vulnerability in systems. See Threat detection reports for further details.
  4. Date range for the report. Select the From and To dates to display the calendar drop downs for the report. You can't go back more than 90 days.
    Note: The To date cannot exceed the current date.
    1. Select Run report.
    The results of the report are displayed in the dashboard.
    Table 1. Threat alerts charts
    Field Description
    Threat alert severity distribution This pie chart is measured in percentage.
    • Critical
    • Warning
    Threat alert trends by rule This line chart is measured by date and number of attempts.
    • Count (Number of attempts)
    • Time (Date)

    The Threat Event Attributes are detailed shown in the page:

    • Time stamp
    • Rule
    • Severity
    • Suspicious IP count
    • Impacted user count
    • Impacted apps count
  5. Optional: Select Filters to filter the results.
    Table 2. Filters
    Field Description
    Rule Name
    • X-Force actionable IP
    • Multiple failed logins
    • Compromised credentials
    • Login deviation
    • Credential stuffing
    Severity
    • Critical
    • Warning
    Applications
    • SSO Custom Application
    You can use any combination of filters to refine your results. Select Apply filters to modify the report. The selected filters precede the graph. You can clear the filters by selecting the Reset link.
    Note: The search fields are case-sensitive.
  6. Change the date range for the report.
    Select the From and To dates to display the calendar drop downs and select the dates for the report. You can't go back more than 90 days.
    Note: The To date cannot exceed the current date.
  7. Select Run Report.
    The Report information is refreshed.
  8. Optional: Generate a CSV file for the report.
    1. Click Generate CSV.
    2. Follow the directions in Downloading a CSV report.