: View Details for the Most Risky Users
Focus
Focus

View Details for the Most Risky Users

Table of Contents

View Details for the Most Risky Users

Get visibility into the most risky users on your tenant, based on the number and severity of threat incidents logged by Behavior Threats.
Depending on when you first activated and configured Data Security, up to 90 days of historical user data is available to Behavior Threats. Behavior Threats examines this historical user data, and, using data-driven machine learning models, assigns a risk score to each user.
The Behavior Threats dashboard in the Cloud Management Console prominently displays the Top 3 Risky Users and you can also View All Risky Users. To determine whether a user poses a threat to your organization, you can view user details (such as the threat incidents associated with the user and the user's risk score).
You can also view the most risky users for individual policies on the Policies tab.

View the Most Risky Users

The Behavior Threats dashboard displays the most risky users on your tenant. The most risky users are those with the highest risk scores for your organization. Investigate these most risky users to determine if they pose a threat to your organization.
  1. Navigate to the Behavior Threats dashboard.
  2. View the Top 3 Risky Users information on the dashboard, which includes the user's risk score and the number of threat incidents associated with the user.
  3. View details for each of the Top 3 Risky Users. The details include more information about the threat incidents associated with the user. Investigate any suspicious activity and take action as needed.
    If you want to monitor a user more closely, you can add them to the watchlist.
  4. After investigating the Top 3 Risky Users, you can View All Risky Users. View details for these users and take action as needed.

View the Most Risky Users for Individual Policies

The Policies tab on the Behavior Threats dashboard shows the most risky users for each policy. These risky users are the users with the highest risk scores who are associated with threat incidents for the policy.
  1. Navigate to the Behavior Threats dashboard.
  2. Navigate to Policies.
    You can display the Policies in a grid view or a list view. By default, the policies display in a grid view.
  3. In the Policies grid, locate the policy that you are interested in and view the Top 3 Risky Users for the policy.
    The displayed information includes the user's risk score and the number of threat incidents associated with the user for the policy.
  4. View details for each of the Top 3 Risky Users. The details include more information about the threat incidents associated with the user. Investigate any suspicious activity and take action as needed.
    If you want to monitor a user more closely, you can add them to the watchlist.
  5. After investigating the Top 3 Risky Users, you can view all risky users for the policy. View details for these users and take action as needed.