User analytics in Incident Workbench

Note:

Check the Access page to learn how to invoke Incident Workbench from different dashboards of Log360 Cloud.
To get user analytics, you can click on any of the following fields that uniquely identify a user:
- Username
- Target User
- VPN UserName
- User Principal Name
- Destination User
- Sourceuser
- Subject Username

The following data will be available in the user analytics section of the Incident Workbench:

User Activity Overview

The User Activity Overview contains the following widgets:


User Account Management	Tracks create, modify, and delete actions related to the user account.
Device Severity Events	Consolidates the device severity events for the devices accessed by the user
Active Sessions Overview	Shows the list of active sessions on different devices and their duration
Software Installations and Updates	List of softwares installed, uninstalled and updated by the user during the selected period
Top 5 File Integrity Monitoring Events	Tracks events related to file creation, deletion, modification and access.
Process Tracking	Tracks process creation and termination activities

incident-workbench-Access

User Details

This sections fetches the Active Directory object details such as:

User Account
Contact Details
Exchange Server Details
Object Details and
Terminal Server Details.

incident-workbench-Access

Note: Minimize the tab to access the Incident Workbench while you traverse through different pages in Log360 Cloud. As long as you don't close the workbench, the analysis will be available even if you log out of Log360 Cloud and login again. You can also save it to an existing incident or create a new one.