search cancel

Find Eavesdropper Apps in Appthority MTP

book

Article ID: 173311

calendar_today

Updated On:

Products

Endpoint Protection Mobile

Issue/Introduction

Important: These instructions refer to the pre-release version of the new Appthority MTP. See Find the Eavesdropper Apps in Appthority for instructions that apply to the current production version.

In these instructions, you activate the TIs listed below, and create a new App Policy that uses the TIs.

  • Uses Twilio Hardcoded Credentials
  • Uses Known Vulnerable Twilio Hardcoded Credentials
  • Uses Amazon Hardcoded Credentials

Resolution

To activate the TIs:

  1. In Appthority MTP, go to Dashboard > Mobile Threat Team Updates dashlet.
    Eavesd_MTTUpdatesDashlet_callouts.png
     
  2. Click one of the TIs to open the Compliance > Threat Indicators tab and see the TI.
    Eavesd_AmazonTI2.png
     
  3. Click the checkbox next to the TI name.
  4. Click Actions > Activate.
    TwilioTIs_Activate.png
    The Status column changes from Inactive to Active.

    TwilioTIs_StatusActive_single.png
  5. Repeat 1-4 for the other two TIs.
     

To create the App Policy:

  1. Go to Compliance > App Policies.

     
  2. Enter a unique name for the policy, such as "Eavesdropper apps". 
     
  3. Enter a description for the policy. 
     
  4. In the Threat Indicators section of the App Policies tab, click Add New.
    Eavesd_AddTIs.png
    The App Threat Indicators selector popup opens.
     
  5. Use the Search box to quickly find the TIs.
     
  6. Select a TI and click the right arrow to add it to the policy. Repeat to select the second and third TIs.
    • Uses Twilio Hardcoded Credentials
    • Uses Known Vulnerable Twilio Hardcoded Credentials
    • Uses Amazon Hardcoded Credentials
      Eavesd_TIpopup.png
  7. Click Add Selected
    The App Policies Threat Indicators section lists the selected TIs and shows important information about each.
     
  8. Optionally, you can add policy filters. See the Help for more information.
     
  9. Save the policy.
    Eavesd_AppPol_SaveButton.png
    Appthority MTP will check the TIs against the apps and update the ?Apps in violation link if any apps are found to be in violation. If there are no violations, the number 0 shows.
    Eavesd_NoAppsInViolation.png
    If there are apps in violation, click the link to see details. 
     
  10. Set up any relevant compliance actions in your EMM.
     
  11. If you have the MTP Mobile App deployed, optionally set up an Appthority Remediation Policy. See the Help for details. 
     
  12. Activate the App Policy.
    EavesD_AppPol_Activate.png
    When you activate the policy, remediation and/or EMM compliance enforcement is initiated.

Attachments

Powered by Wolken Software