ThreatScope Mobile XDR - Using Threat Query

Last updated February 22, 2024 by Appdome

What are Threat Queries?

Threat Queries are a powerful tool within Appdome’s ThreatScope designed to help security and development teams gain deeper insights into potential security threats affecting their mobile applications.

Benefits of Using Threat Queries:

  • Sort and prioritize threats based on severity and frequency.
  • Drill down into specific threat details to understand the scope and potential impact.
  • Export query results for further analysis or for sharing with your security team.

Types of Threat Queries:

  • GeoSource IP Addresses: Investigate threats originating from specific IP addresses.
  • Impacted Devices: Identify devices potentially compromised by security threats.
  • Top Attacks: Analyze the most prevalent attack types targeting your applications.

Query Input

When constructing a query, you should provide:

  • Parameters: Specify attributes like device ID, or IP address.
  • Enter device IDs or IP addresses manually. For bulk queries, upload a CSV file with ‘Impacted Device IDs’ or ‘GeoSource IP Addresses’.

Timeframe

Selecting the appropriate timeframe is crucial for pinpointing threats accurately. Analyze past data according to Last Day, Last Week and Last Month to identify trends or investigate incidents that occurred in a specific period.

Running a Threat Query:

  1. Click on ThreatScope.
    Screenshot 2024 02 21 At 12.19.45
  2. Click on the Reports & Queries cogwheel.
    Cogwheel
  3. Select Threat Query.
    Threat Query
  4. Select View/Workspace: Choose the specific app or data set you want to query.
    View/Workspace
  5. Set Timeframe: Specify the timeframe for your query (e.g., Last Day, Last Week, Last Month).
    Time frame
  6. Choose Query Type: Select the type of information you want to investigate (GeoSource IP Addresses, Impacted Devices, or Top Attacks).Query Type
  7. Input Query Parameters:
    Threat Query

    • GeoSource IP Addresses: Manually enter specific IP addresses or upload a CSV file containing a list of IPs.
    • Impacted Devices: Manually enter device IDs or upload a CSV file containing device IDs.
    • Top Attacks: Select the desired number of top attacks to display.
      Run Query
  8. Run Query: Click the “Run Query” button to retrieve results.

The query will return a detailed list based on your chosen parameters. This list may include information such as:

  • Top attack types identified within the specified timeframe.
  • Affected devices potentially compromised by threats.
  • Originating IP addresses associated with the threats.

Appdome’s Threat Query is an essential feature for security-conscious organizations. By understanding how to specify the query type, input, and timeframe, you can efficiently pinpoint threats and derive actionable insights that lead to informed decision-making and an enhanced security posture.

Related Articles:

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Appdome

Want a Demo?

ThreatScope™ Mobile XDR

TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.