Monitor and manage your endpoints in Nebula on the go with the ThreatDown Admin companion app. This app contains a limited feature set that allows administrators to view their console and take action on threats while away from their desks.
Requirements
The following operating systems are supported for the ThreatDown Admin app.
- iOS: 17, 16, 15, 14, 13
- iPadOS: 17, 16, 15, 14, 13
- Android: 13, 12, 11, 10, 9, 8, 7, 6, 5
Installation
Open the Apple App Store or Google Play Store and search for ThreatDown Admin, or click on the corresponding link from your mobile device.
iOS and iPadOS: ThreatDown Admin on the Apple App Store
Android: ThreatDown Admin - Apps on Google Play
Login
Once the app is installed, log into the app with your Nebula credentials.
When two-factor authentication (2FA) is enabled for your account, a two-factor authentication code is required to log into the app.
If you use Single Sign-On (SSO) to secure your Nebula environment, tap Sign in with SSO to log in through your SSO provider. Service Provider Initiated SSO must be enabled in Nebula. For more information, see Single sign-on in Nebula overview.
If you don't remember your Nebula password, tap Forgot Password and enter your email address to receive a password reset email.
Dashboard
The dashboard displays widgets that provide an overview of your endpoints, filterable by device type. For more information on widgets, see Dashboard page in Nebula. The following widgets are available on the Dashboard:
- Endpoint status: Displays the number of endpoints in each status. Tap on a status to navigate to the Endpoints tab with the selected status as a filter. For information on what to do for each status, see Manage endpoints in Nebula.
- Detections by category: Displays the categories of detections found across your endpoints in the last 7 days. Use this to determine the attack vectors the endpoint agent is blocking within your environment.
- Active endpoints: Displays the total number of endpoints versus the number of endpoints that have communicated with Nebula in the last 7 days. Use this to determine if your endpoints are not communicating with Nebula.
- License usage: Displays the number of licenses used out of the number of licenses available. Use this to determine if you need to contact sales to add licenses.
Endpoints
The Endpoints tab displays information for each endpoint managed in Nebula and allows you to perform actions on them from your mobile device. Only endpoints in Nebula groups that you manage are visible. Super Admins have access to all Nebula groups.
Filter endpoints
Tap Filter to select filters and then tap Show Results to apply the filter. Choose between the following filters:
- Status
- Operating System
- Operating System version
- Operating System type
- Group
- Policy
- Endpoint Name
Tap Clear all to remove all applied filters.
Perform actions
Swipe left on an endpoint to perform an action on it. Choose between the following actions:
- Scan + Report
- Remediate
- Isolate Endpoint
- Scan + Quarantine
- Check for Protection Updates
- Remove Isolation
- Check for Agent Updates
- Update Agent
To perform actions on multiple endpoints at once, tap Actions and select the desired endpoints. Then choose between the actions at the bottom or tap More for additional options.
For detailed information on the available actions, see Perform actions on endpoints in Nebula.
Endpoint view
Tap on an endpoint to display the Endpoint View page. This screen has the following options:
- More details: View additional information such as policy name, agent version, Last User, MAC Address, and Location. We use a 3rd party IP lookup service to determine the device location, which is anonymized to a 25-mile radius for privacy reasons. The accuracy is expected within 99% on a country level, and around 60% on a city level for the United States.
- Detections: View information about detected threats on this endpoint.
- Actions: Perform an action on the endpoint.
For more information on endpoint details, see Manage endpoints in Nebula.
Detections
The detections tab displays threat activity in your Nebula environment from the last 90 days. Use this detailed information to learn more about each malicious activity and take action on those endpoints.
Filter and sort detections
Tap Filter to select filters and then tap Show Results to apply the filter. Choose between the following filters:
- Endpoint Name
- Threat name
- Action taken
- Category
- Type
- Date
Tap Clear all to remove all applied filters.
To change how data is ordered, tap Sort By and select between Newest first or Oldest first.
Detection details
Tap on a detection to view more details. The following information is available:
- Threat name
- Action taken
- Detection category
- Detection type
- Detection location
- MD5 Hash
- SHA256 Hash
- Endpoint name
- Last user
- Scanned at
- Quarantined at
- Reported at
Tap Endpoint actions to perform an action on the endpoint with the detected threat.
Settings
The settings tab lets you manage your settings and other Nebula users, and view the app version.
Account
From the Account page, you can toggle logging in with FaceID or biometrics if it is supported on your device.
Once you're done with the app, tap Sign out to log out of the ThreatDown Admin app. Otherwise, you will be automatically logged out based on your session timeout settings. This setting must be configured from the Nebula console. For more information, see User profile settings in Nebula.
Users
From the Users page, you can add and delete other users.
Tap Add user to add another Nebula user. Enter the email address, select a role, and select which groups the new administrator can access. For more information on user roles and the process of adding a user, see Manage Users in Nebula.
Once a user is added, an invitation email is sent to the new administrator. The user has 14 days to accept the invitation. If the invitation expires, select their name and tap Resend Invite Email.
If a user needs to be deleted from Nebula, select the user and tap Delete User.
Notifications
Enable push notifications to receive real-time alerts about threats and user activities in your environment. To receive notifications for the ThreatDown Admin app, you must first allow them and then configure them to be sent to the app.
From the Notifications page, click or toggle on Allow notifications. If you need to disable a specific notification, you can also use this page to toggle it off.
Once notifications have been allowed in the app, configure your Nebula notifications in the console to include the ThreatDown Admin app as a delivery method. For more information, see Set up notifications in Nebula.