ThreatScope Mobile XDR - Using Threat-Inspect™

What is ThreatScope Mobile XDR?

ThreatScope Mobile XDR provides visibility on the actual attacks and threats that an Appdome-protected app faces when released to production. The data in the dashboard updates every 24 hours, which means that security teams can track in real-time how attacks evolve and react quickly to emerging trends. There are no requirements or prerequisites needed, no API integrations are required from the operation teams, and no code changes are needed from the mobile development teams in order for attacks and threats that a protected app faces to appear in the dashboard. Learn more about ThreatScope Mobile XDR.

Using Threat-Inspect™

The Threat-InspectTM menu on the left side panel allows you to easily filter and create custom Threat Views of the Threat Scope data.
With custom Threat Views, security teams can zoom in on specific aspects of the threat data. Whether it’s a particular app, a specific time frame, or a geographic region, custom Threat Views enable granular analysis, which is essential for identifying patterns and trends in the mobile threats apps are facing.

1. Select the data displayed from one of the following categories:

All Data: Displays all accumulated data by the number of individual events. If a specific device experiences several events of the same type, all events will be counted.

Impacted Devices: This summarizes the number of unique devices any event occurred on. If one specific device experiences a certain event a number of times, it will still be counted as one device.

Build2TestEvents summarizes the Threat Events data only for apps that were built with the Build2Test feature. These apps are built specifically for testing via third-party vendors.

Learn more about Appdome’s Build2Test

Unique Attacks: This section displays an in-depth diagnosis of each attack, enabling precise identification of critical cyber and fraud attacks on mobile apps in production. It covers geo-location, source identification, attack methods, and techniques for effortless threat detection.

Bot Defense Data: Access complete payload data from Appdome’s MobileBOTTM Defense (MBD) solution for insights on mobile infrastructure. Detect and prevent attacks like credential stuffing and DDoS by correlating and validating real attacks.

2. Filter the data

You can filter the data using each one of the following filters; you can combine filters to create unique Threat Views and gain further insight on the events your Appdome-built apps are facing.

The filters that can be used for controlling the displayed data are:

• Threat Stream: The type of defense implemented in Threat Events.
• Event Type: The name of the protection on FAC.
• Task ID: The unique ID for a protected app on FAC.
• Bundle ID: The app’s identifier is listed in the AndroidManifest.xml or Info.plist file.
• Account Name: The name of the account plus the team type.
• Fusion Set Name: The name of the fusion set to which the protected app is subscribed.
• Fusion Set ID: The ID of the fusion set to which the protected app is subscribed.
• Manufacturer: The device manufacturer associated with the detected attack.
• OS: The platform associated with the detected attack.
• OS Version: The OS Version associated with the detected attack.
• Country: For further information, see section Reviewing the geographical source of threats.
• ReasonCode: The Threat/Attack user-facing code from the mobile device. The reason code is used in the “ThreatScopeTM User Remediation Center” to understand the specific events or metadata that triggered the threat. Customer support organizations can use this information to instruct the mobile user on how to remediate the threat and return to using the mobile app.

3. Create Custom Threat Views

When the data is filtered, you can save it by creating a view.

You can access your custom Threat Views via the main drop-down menu.

Custom Threat View options

Edit View Settings

Enables editing of the parameters of the Custom View.

After editing, you’ll be able to update the current Custom Threat View or save it as a new view.

You can also lock the Custom View to disable editing.

Duplicate View

Enables duplication of the Custom Threat View. After duplication, you can edit the parameters of the new view.

Set As Favorite

Set your Custom Threat View as a favorite.

Delete Threat View

Related Articles:

• Threat-Events™, In-App Threat Intelligence in Native iOS Apps
• How to Use ThreatScope™ User Remediation Center
• Understanding ThreatScope Mobile XDR Threat Views

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission of your project.