Dashboard

The dashboard provides a brief overview of anomalous behavior based on users and entities in the network. Since it gathers multiple data sources into a single interface, administrators can quickly check upon the status of their organization's security posture.

Anomalous user behavior

• A cumulation of all the anomalies based on user behavior including, data exfiltration, compromised accounts, and insider threats.
• A list of the most dangerous users based on their risk scores.
• A list of all watchlisted users.
• A list of users with the highest risk score gain.
• The users' photo will be shown along with their risk scores due to a sync with Active Directory.

To get complete details about the anomalous activities performed by every user on the network:

• Navigate to Users' dashboard.
• A pane on the left hand side will display every user on the network and their associated risk score.
• Click on the user whose details you wish to see.
• A widget will open to show the user's Average Risk Score, Peak Risk Score, and risk scores associated with four types of threats:
• Insider threats
• Data exfiltration
• Compromised accounts
• Logon anomalies

This widget will also show the user's:

• Average Risk Score: The average of the risk scores of the user in all the sessions during the specified time rage.
• Peak Risk Score: The highest risk score of the user for all the sessions during the specified time range.
• Contextual Risk Score: This is a measure of the risk posed by the user currently irrespective of the specified time range. It is calculated by taking the Average Risk Score as a baseline over which the risk contributed by all the subsequent sessions after the specified time range is taken into account. You have the option to enable or disable contextual risk scoring.

In the user's dashboard, you can also view the user's Risk Score Trend over time, and all the anomalous activities performed by the user along with a timestamp.

User's anomaly activities and risk scores

This widget will also show user's Risk Score Trend over time, and all the anomalous activities performed by the user along with a timestamp.

User's anomaly activities and risk scores

Anomalous entity behavior

• A list of the most dangerous entities based on their risk scores.
• A list of all watchlisted entities.
• A list of entities with the highest risk score gain.

Adding notes about users' and entities' anomalous activities

Technicians can select any user or entity from the Users' or Entities' Dashboard, and add or update notes about them. The technician entering the note and the timestamp will also be recorded. Notes help the security team to document and share their findings, and to collaborate efficiently.

To add a note about a user:

• Navigate to the Users' Dashboard
• Select a user and click on View Notes

• Key in your notes and click on Add Note

Notes can also be updated or deleted when required. A similar process can be followed for adding or updating notes about entities.

Hiding users and entities from dashboard

• In case you do not wish to see a particular user or entity details on the dashboard, you can choose to Hide from Dashboard. This will remove the user or entity details from the dashboard; however, the user's or entity's anomalous activities can still be viewed under Anomaly Reports.



• After hiding a user or entity on the dashboard, if you decide to see it again on the dashboard, you can do that by filtering for hidden users or entities.



Then you need to choose a hidden user or entity and Show in Dashboard.