User Activity Profile

User Activity Profile

ITM On-Prem (ObserveIT) enables you to access a risky user's profile in order to investigate and view aggregated information about the user's activities, such as:

  • Where do users spend most of their time?

  • Which applications are they using?

  • How much time do users spend in applications?

  • In which sessions were specific applications used?

  • Are any suspicious computers or accounts being used?

  • Does a user's behavior seem abnormal?

  • Does a user's behavior appear different to their peers' behavior?

  • How much time during working hours is the user idle?

This User Activity Profile information enables you to see the context of a risky user's activities, enabling you to solve incidents that might occur and identify insider threats more easily.

Dynamic filtering capabilities enable you to focus your investigation on specific applications, endpoints, login accounts, and/or remote client machines. An overall view of user activity during the specified profile period is displayed in a User Activity Over Time graph.

The User Activity Profile feature is available only for Microsoft SQL Server 2012 databases and higher. If your SQL Server database is an earlier version, a message will be displayed recommending that you contact Support; in order to clear this message from your screen, click any tab other than User Activity Profile.

You can only view and investigate the activities of risky users whom you are permitted to monitor. For details, see Assigning Permissions to Console Users.

The following topics describe how to:

Definitions of the data terms and concepts used in this feature are provided in Profile Data Terms and Concepts.