The dashboard provides a brief overview of anomalous behavior based on users and entities in the network. Since it gathers multiple data sources into a single interface, administrators can quickly check upon the status of their organization's security posture.
Anomalous user behavior
- A cumulation of all the anomalies based on user behavior including, data exfiltration, compromised accounts, and insider threats.
- A list of the most dangerous users based on their risk scores.
- A list of all watchlisted users.
- A list of users with the highest risk score gain.
- The users' photo will be shown along with their risk scores due to a sync with Active Directory.
To get complete details about the anomalous activities performed by every user on the network:
- Navigate to Users' dashboard.
- A pane on the left hand side will display every user on the network and their associated risk score.
- Click on the user whose details you wish to see.
- A widget will open to show the user's Average Risk Score, Peak Risk Score, and risk scores associated with four types of threats:
- Insider threats
- Data exfiltration
- Compromised accounts
- Logon anomalies
This widget will also show user's Risk Score Trend over time, and all the anomalous activities performed by the user along with a timestamp.
User's anomaly activities and risk scores
Anomalous entity behavior
- A list of the most dangerous entities based on their risk scores.
- A list of all watchlisted entities.
- A list of entities with the highest risk score gain.
Hiding users and entities from dashboard