Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Cloud Monitoring

            Introduction

            Partners: this page is only accessible when the organization selector is set to a specific client view.


            You must set up your cloud monitoring services in the MDR Portal before this page displays any information.


            The Cloud Monitoring page, a part of the Insights section, is a interactive dashboard where you can view metrics across the following areas sections:

            1. Status and Time Range: shows the total number of cloud services being monitored, along with a status indicator. You can also adjust the date range for the entire page from this section.
            2. Unsuccessful Authorization Attempts: tracks where users are logging in from geographically.
            3. Active Cloud Accounts: lists monitored cloud accounts with columns for cloud service, last login location, and last seen.



            The Sections of the Dashboard

            The following outlines each section of the Cloud Monitoring page and how they can be used for analysis and investigations.

             

            Status & Time Range

            The Status and Range section shows the connection status of cloud services being monitored. From this area you can also switch the page between a 24-hour, 7 days, or 1 month range for the page.



            Unsuccessful Authorization Attempts

            This section can help you track and monitor any unsuccessful login attempts made to a cloud service being monitored by Field Effect MDR. You can use this section to verify the validity of each login attempt to a cloud service. It has three sub-sections:


            Real-Time Map (1)

            The real-time map charts every login attempt made by each user If your organization has no presence in Asia, for example, and login attempts are suddenly appearing in that region, you can use this map to quickly identify and investigate.


            Hovering over a login point will expose more details about the specific login attempt.


            Targeted Accounts (2)

            This section tracks users with the most unsuccessful login attempts, as this may indicate that a threat actor is actively targeting an account(s). This helps narrow the scope of an investigation, better understand the organization’s threat surface, and prioritize targets accounts. Users getting repeatedly attacked should be a focus when educating users about cyber security.


            Top Sources (3)

            This section lists out top sources, either by country or network, of these unsuccessful login attempts. In the example below, the top source by country is the United Startes, with 144 attempts (within the page's selected time frame or 24-hour, 7-day, or 4-week range).



            Monitored Accounts

            From this section you can narrow your search further and investigate individual accounts. Columns are available for cloud service, last login location, and last seen. You can also search for specific accounts in the search bar.


            Clicking on a user exposes more details: ISP, IP address, device, operating system.



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0