TRM Configuration Options
The following TRM threat response policy options are available:
Option by Column |
Description |
---|---|
Enable
Click to enable |
Enable or disable threat detections The MTD console administrator has the option of disabling certain threat detections and, therefore, the collection of associated forensics. In the Severity column, you can disable the status of "Elevated" or "Lower" by clearing the radio button in the row of the event. This change is effective next time you click Deploy. After deploying /syncing with Ivanti Neurons for MDM, when a threat is detected, the MTD console instructs Ivanti Neurons for MDM to move the device to the chosen custom attribute in the TRM. The workflow assigned to that custom attribute determines the action that Ivanti Neurons for MDM takes on the device. The communication from the MTD console to Ivanti Neurons for MDM is performed securely through a MTD API call. |
Severity
Select one of four levels |
Severity threat levels Administrators have the option of changing the threat severity levels. This is useful for different business cases. The options are "Critical," "Elevated," "Low," and "Normal." |
Threats
auto-populated |
Threat classes detected The threats listed in the Threat column represent the classes of threats that MTD detects. Threat classes are recognized by MTD, which is able to determine when a malicious event is happening. |
Set User Alert
Click the gear to open. |
Enable or disable user alerts. Administrators cannot manage MTD alerts through the MTD console. In order to implement and localize MTD alerts, use the Show Notifications option in the MTD Local Actions configuration in Ivanti Neurons for MDM. |
Device Action
Click the gear to open. |
Select from these menu options to enable device actions on MTD console: Android:
iOS
Samsung Knox
|
MDM Action
Click the gear to open. |
When an actionable threat is detected, you can define what actions to take, through the Ivanti Neurons for MDM administrator console. The custom attributes you created in Creating Ivanti Mobile Threat Defense custom attributes will populate this column, but you can't modify them from MTD console. |
Mitigation Action
Select an option |
When a threat that was detected by the MTD console has been remediated and is no longer posing a threat to the device, you can define specific actions that can be taken. For example, when a device is determined to be under a man-in-the-middle attack, it can be prevented from accessing various corporate resources. When the device is moved to a clean network, you can automatically allow the device to access those resources again. The Mitigation Action column can be used to assign actions. To remove the action that was performed as a response to a threat that is now mitigated, choose Remove. This action removes the device from the group it was assigned to when the threat was detected. Possible mitigation actions for a threat Due to the nature of some threats, not all threat classifications can be mitigated. The following list provides possible mitigation actions for a threat when the trigger action occurs.
|
Notification (Notify Me) Click an icon |
You can set up an email or SMS notification process for each specific threat. SMS notifications require the administrator’s telephone information to be set up in the User page of a given administrator. Each email or SMS contains an event summary and a link to the actual event that can be viewed in a browser after log-in. |