How to use ThreatScope™ - Threat Alerts
Overview
ThreatScope™ Threat Alerts is an advanced security feature designed for app developers, DevSecOps teams, and security professionals to enhance the protection of mobile applications. It enables real-time monitoring and management of potential security threats by allowing you to set custom rules based on the severity of attacks, frequency of incidents, and their impact on mobile devices. This functionality ensures that teams can quickly identify and address any unusual or potentially harmful activities within their app environments.
Benefits of Using Threat Alerts
- Customizable Alerts: Tailor alert conditions to your applications’ specific needs, focusing on critical aspects like attack severity and device impact.
- Proactive Notifications: Receive immediate email notifications when set conditions are met, complete with details of the incident and a link to the related ThreatScope view for further analysis.
- Versatile Configuration: Easily configure alerts within various workspace types—team, personal, or company—and ensure comprehensive coverage across both current and future app versions.
Setting Up Threat Alerts
Follow these steps to set up and use ThreatScope™ Threat Alerts effectively:
- Select a View/Workspace
Threat Alerts can be configured within different types of workspaces such as team, personal, or company. Choose the appropriate workspace to associate your threat alert configurations. - Select Applications
Determine which mobile applications should be monitored by the Threat Alerts system.- Select Apps: Choose specific applications from your workspace. Only the current versions of selected apps will have Threat Alerts applied by default.
- Select All: Use this option to ensure that Threat Alerts apply to both current and future versions of your apps.
- Define Event Scope
Configure the specific conditions under which alerts should be triggered.- Security Features: Select which Appdome security features should trigger an alert. You can choose all enabled features or specific ones tailored to your needs.
- Security Features: Select which Appdome security features should trigger an alert. You can choose all enabled features or specific ones tailored to your needs.
- Define Alert Criteria: Define the type of events that should trigger alerts. Options include:
- Total Attacks: Alerts when the total number of attacks exceeds or falls below a specified threshold over a set period.
For example, the total number of minor/moderate/major/critical attacks exceeded 100 over 30 days. - Impacted Devices: Alerts if the number of devices impacted by attacks exceeds a predefined number.
For example, the total number of devices impacted by all critical attacks is greater than 100 devices over 14 days. - Attack Rate Change: Notifies you of any significant changes in the rate of attacks, whether increases or decreases.
For example, the daily consecutive increase in the moderate attack rate has been 25% greater over the last 30 days. - Anomaly Attacks: Alerts for anomalous attacks compared to typical patterns.
For example, Any minor anomaly attack is greater than 50% of the average in the last 7 days.
- Total Attacks: Alerts when the total number of attacks exceeds or falls below a specified threshold over a set period.
- Manage Duplicate Rules
Ensure each rule is unique to avoid duplicate alerts. If a potential duplication is detected, adjust the rule parameters to maintain distinct conditions.
- Trigger Conditions
Set alerts to trigger when either all specified rules are met or when any individual rule is met.
- Notification Settings
- Notify By: Enter a unique and descriptive name for each alert for clarity and tracking purposes.
- Alert Aggregation: Choose how often to receive notifications—daily, weekly, or monthly. Email notifications are enabled by default.
Important Note on Alert Aggregation: It’s essential to be aware that if any alert rules are changed during a specific period, the aggregation report will only include alerts from the newly modified or added rules from the time of their modification onward. For instance, if you introduce new rules mid-month, the subsequent reports will only reflect alerts triggered by these new rules, ensuring the focus remains on the most current and relevant data.
- Review & Activation
Before activating the alerts, thoroughly review all settings to ensure they match your security needs. Click “Save” to activate the alerts and start monitoring your applications.
Related Articles
- Understanding ThreatScope
- How to Use ThreatScope™ User Remediation Center
- Threat Events in Android & iOS Apps Explained
How Do I Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. Wwe’ree we’re living up to the mission with your project.