Viewing Overall Risk in the Dashboard

The upper part of the User Risk Dashboard provides an overall assessment of risk according to the number of alerts and of out-of-policy notifications generated per day, the weekly change in user risk and behavior, how many risky users are active including new risky users, the order by contribution to the overall risk of risky applications used by users, and the highest risky alerts that have been triggered.

The default Analytic period during which the ObserveIT_Analytics database collects data on risky users and actions is one month, which means that all data is based on the last 31 days.

The risky users and new users at risk presented in the dashboard are users that you are permitted to monitor. Some risky applications or alerts might not be displayed if you do not have permissions to view alerts that are based on one or more of these applications or alert rules. For detailed information, seeAssigning Permissions to Console Users.

The following information is presented in the upper part of the User Risk Dashboard:

USER BEHAVIOR CHANGE

This area displays graphs that provide an overall view of user risk and behavior trends over a period of time.

For details, see Tracking Overall Risk and User Behavior.

WEEKLY CHANGE

This area shows the change in the number of alerts and out-of-policy notifications in the last week.

For details, see Viewing Changes in Alerts and Notifications.

RISKY USERS

Displays the total number of risky users during the last thirty days.

By clicking the Risky Users title, you can filter the display to show all users at risk.

For details, see Understanding the Risky Users Display.

NEW USERS AT RISK

Displays the number of new risky users whose status increased during the last day.

By clicking the New Users at Risk title, you can filter the display to show all the new users at risk.

For details, see Understanding the Risky Users Display.

TOP RISK APPLICATIONS

Displays the top risk applications ordered by their contribution to the overall risk.

Under each application, the colors of the line indicate the risk levels, and the length of the line indicates the application's contribution to the overall risk.

By clicking an application name, you can filter the display of risky users by accessed application. Hovering over a specific top risk application in the list invokes a tooltip which describes the application, risk contribution, and score reported in percentage.

The maximum number of displayed applications in this view is 5.

As shown in the following example, the tooltip details the full name of the identified risky application (Windows Explorer), indicates how many users triggered an alert for the application (31), describes the risk contribution to the overall risk (23.02%), and details the score based on contribution (87% High risk contribution, 12% Medium risk contribution, and 2% Low risk contribution).

TOP RISK ALERTS

The highest, most risky alerts are displayed according to order by contribution to the overall risk. You can filter a selected alert by clicking on its alert name. Hovering over a specific top risk alert in the list invokes a tooltip which describes the alert, the number of associated risky users, and the risk level and contribution reported in percentage. The maximum number of displayed alerts in this view is 5.

Under each alert name, the color of the line shows the risk level, and the length of the line indicates the alert's contribution to the overall risk.

As shown in the following example, the tooltip details the Category and full name of the identified risk alert (Potential data loss - Perform large file copy - CANNED), indicates how many users triggered the alert (23), describes the risk level (High), and details the risk contribution (39.84%).