Creating An Account

To get started using Threatcare, you need to first create an account. You can create your own username and password credentials on the sign up page, or just use an existing Google account to sign in.

SignInPage

Help With Your Account

When you sign up to create an account (not using Google credentials), you should receive an email asking you to confirm your account within a few minutes. If you don't, you can use the Resend Confirmation option on the sign up page to have the confirmation email sent to you again.

After you've created your account, if you ever forget your password, just use the Forgot Password option on the Login page to reset your password.

If you ever encounter any issues creating or accessing your account and the above steps don't work, you can get help from us directly by emailing Support.

Getting Up and Running

When you log in, you'll be greeted by the Threatcare dashboard.

At the top, left of the dashboard screen is the menu bar, which contains options to set up environments you wish to analyze, customize how you gather vulnerability data, as well as set up scheduled and ad-hoc intrusion simulations. There are a number of settings and options here you'll need to set up if you are using Threatcare for the first time, which we'll walk you through below.

Set Up Passive Vulnerability Detection

For Threatcare to start tracking vulnerabilities on your network, place our custom Javascript code on a shared internal-facing page, or set up a custom redirect for all users within your environment.

First, make sure you have selected the Environment you wish to analyze. Make sure the environment's name appears in the top menu bar. (to the left of your user name)

Next, click the hamburger icon on the top left, then click the "Embeded Code" link in the left menu.

A lightbox will appear with the custom Javascript snippet you'll need to place in the header or footer of an internal-facing page that your organization controls and that your users frequent.

Embed Code

For example, we recommend intranets, or internal-facing instances of platforms like Wordpress, Confluence, Sharepoint, Jive, or Wikimedia. The key thing is that it is in the header or footer of an internal-facing page that your users frequent.

You can post this same Javascript snippet in multiple places if you'd like to get a cumulative understanding of threats across all your environments.

Alternately, you can generate new Javascript snippets for each of your environments. This can be beneficial if you'd like to compare and contrast performance between different environments, for example, between different office locations or localizations.

Configure Automated Intrusion Simulations

In order to determine the true risk presented by vulnerabilities in your environment, you'll want to run simulations. While you can run simulations on an ad-hoc basis (which we'll cover later), we strongly recommend running simulations whenever vulnerabilities are detected.

To do this, click the hamburger icon in the upper left corner and select "Instructions." In the next screen, you can select what kinds of simulations you want to run: * Credit card exfiltration * SSN exfiltration * Medical record exfiltration * DNS tunneling * Egress scan * Custom text: You can set Threatcare to try and exfiltrate specific strings, such as sensitive text proprietary information relevant to their organization.

Add Custom Text

To set the custom text to be exfiltrated during simulations, click the hamburger icon in the top menu and select "Custom Text." In the next screen, you can add the value for the strings by hitting "New Custom Text." You can monitor for multiple strings, or deselect strings you wish to ignore.

CustomText

Run Ad-Hoc Attack Simulations

In addition to automated intrusion simulations, you can also run a number of ad-hoc intrusion simulations.

There are three different ways to run ad-hoc simulations:
1)Test local environments on-demand.
2) Send a simulation to someone who might not be on premises.
3) Email a simulation to test email security systems

Since Threatcare is cloud-based, there's no need to make configuration changes or to set up a VM or an agent to run any of these types of simulations, including those you send to others.

To get started, click the Hamburger Icon on the top left, then click "On Demand Simulations". You can scroll through the drop-down menu for the types of simulations available, or just type in a keyword to find a specific simulation.

OnDemandSimulations

Send Someone Else A Simulation

In the simulation drop-down list, any simulation that starts with "I want to send..." will send your simulation to someone else.

Select the type of simulation you wish to send, press the "play" button, and then enter their email address.

The recipient will receive an email from Threatcare, with the subject line of "(your email address) sent a Threatcare simulation, and there will be a link in the email that says "Run Simulation" they'll need to click so the assessment can take place.

SendSimulation

They'll be able to click "See Results" upon completion of the simulation to see how it performed.

Email Yourself A Simulation

Any simulation in the simulation drop-down menu that starts with "I want to email myself..." will allow you to email yourself a simulation to check that your email filtering is working and that malicious attachments are being blocked as they should be. Attachment types include Meterpreter EXE and JAR files, executables, EICAR, Mimikatz, and Powershell files.

If your systems are working as they should be, you'll get an email without an attachment (as the malicious attachment should be blocked by your systems). Still, the text of the email you'll receive will show the hash for the attachment, just in case it does get through and you want to verify the file you received is what Threatcare sent.

Receive

Important Note: Any ad-hoc simulations are NOT logged in analytics in order to prevent contaminating an environment you're testing; however, the Threatcare analytics dashboards Data Exfiltration and Financial Loss tabs DO reflect the results of ad hoc simulations.

Review Results of Automated and Ad-Hoc Attack Simulations

To view the results of your automated intrusion simulations, simply click "Simulation Results" in the top menu bar.

The Simulation Results screen will show you the type of simulation run (whether it was run locally or sent to someone else), the simulation or exfiltration attempted, whether or not it was successful and when the simulation occurred.

Results

To drill down into the results, click on the entry of the simulation. The detailed results screen will show you the full information about how the simulation was run.

Specifically for credit card information, you'll also see relevant context about compliance.

CCExfiltration

Account Administration

Adding Members To Your Team

To add members to your team, click your username and click "Members" in the dropdown menu that appears. Next, hit "Invite Member" and type in your team member's email address.

Your team member will receive an email letting them know they've been invited to the team, and they'll need to click the link in the email to confirm their registration (it's not phishing, we promise).

If the team member already has a Threatcare account, when they click the link in their email, they'll be asked to confirm that they want to join your team.

If the team member does not have a Threatcare account yet, they'll first be prompted to sign up and create their account. They'll then be asked to confirm that they want to join your team.

Note: Only paid license holders can have teams, and only the account owner can add or remove team members. (You cannot use the trial version.) To obtain a license, please work with our Customer Service team. Once your account is activated, if you are still having trouble adding team members, please talk to Support.

Modifying or Cancelling Your Account

If you need to change your password or update the email associated with your account, click your username and then click the "Settings" option.

You won't see this information if you logged in with OAUTH/your Google account.

You can also cancel your account from this screen using the "Cancel my account" button, though we hope you'll be in touch and let us know what we could do to improve before you cancel!