Login
      Contents x
      Review Daily and Weekly Email Summaries
      • 03 Jul 2024
      • 3 Minutes to read
      • PDF
      Contents

      Review Daily and Weekly Email Summaries

      • Updated on 03 Jul 2024
      • 3 Minutes to read
      • PDF
      Article summary

      Red Canary sends daily and weekly email summaries with information such as how many endpoints are actively monitored, new threats that have occurred, and if telemetry is not being received, so you can be confident you're being protected. We know this is a lot of information, so we have broken down each section of these emails.

      A couple of things to take note of before diving into the emails:

      • Daily email summaries are generated at approximately 16:00 UTC and show a snapshot of activity over the previous 24 hours.

      • Weekly email summaries start at approximately 10 a.m. UTC every Monday and show a snapshot of activity over the previous seven days.

      Daily Email

      Daily1_email_3.png

      1. Recently active endpoints—shows the number of licensed endpoints that were active and checked in 24 hours prior to the report being generated. The report is generated at approximately 16:00 UTC.

        Note: Licensed endpoints differ from commissioned endpoints.

      2. Threats to your organization—shows new threats (any threats that were published on the report date) and open threats (any threats, including new threats, that are published on the report date and marked as unread).

      3. Uncommunicative servers—lists servers that have a sensor installed and haven’t been decommissioned, but that haven’t checked in for the previous three hours. (Uncommunicative workstations are those that have not communicated with Red Canary in more than a week.)

      4. Endpoints missing telemetry—lists endpoints that have checked in but that haven’t sent telemetry since the previous day. Click …and [number] more to launch Red Canary to see these endpoints.

        Daily2.png

      5. Decommissioned endpoints by users—lists endpoints that have been decommissioned by an individual.

      6. Automatically decommissioned endpoints—lists endpoints that have been decommissioned by automation. For example, if there are duplicate endpoints, the automation will decommission the extraneous endpoints. 

      7. Monthly monitored endpoints—counts the number of active workstations and servers that have been monitored in the last month.

      8. Status Checks for Cb Response—provides a health check of your unique configurations. Click your status page to view these configurations and see which have passed or failed.

      Weekly email

      Weekly2.png

      1. Monitored—counts the number of active workstations and servers that have been monitored out of your licensed endpoints in the past week, which is from the previous Monday to the most recent Sunday.

      2. Newly observed endpoints—lists monitored endpoints that were created during the reporting week.

      3. Decommissioned endpoints by user—lists of endpoints that have been decommissioned by an individual.

      4. Automatically decommissioned endpoints—lists endpoints that have been decommissioned by Red Canary automation. For example, if there are duplicate endpoints, the automation will decommission the extraneous endpoints.

      5. Reviewed—shows the number of events that were reviewed and determined to be either a threat or not a threat.

      Note: Events that were determined to be a threat may have the status of Confirmed Threat, Execution Prevented, or Unlicensed while non-threatening events may have the status of Not a Threat, False Positive, Ignored Product, Mitigated, or Testing.

      Weekly3.png

      1. Detected—shows the number of new and open threats that were detected during the reporting week.

      2. Impact Summary—provides an overview of any new, active, or unremediated threats.

      3. Threat Breakdown—lists detections by classification of malicious software, suspicious activity, or unwanted software.

        1. Newly detectedthreats that have been published during the reporting week.

        2. Still active—threats that were last seen during the reporting week.

        3. Unremediated—threats that are still unread or unacknowledged by you.
          Weekly4.png

      4. New threats detected—shows new events that are considered a threat.

      5. Previously detected threats with new activity—shows threats that were detected the previous week but still have ongoing activity, such as additional suspicious or threatening events.

      6. Monitored monthly endpoints—shows the number of active workstations and servers that have been monitored in the last month.

      7. Status Checks for Cb Response—provides a health check of your unique configurations. Click your status page to view these configurations and see which have passed or failed.

      Was this article helpful?
      What's Next
      PRODUCTS
      USE RED CANARY
      SUPPORT
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout