Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

View User Details

  1. Last updated
  2. Save as PDF
Limited Availability: To access the Users page, contact Skyhigh Support.

The User Details Page displays compiled information about a particular user, including the count of threats, incidents, anomalies (security metrics), usage metrics, top locations, and the User Risk Score associated with the user. On the User Details page, you can monitor the trend and changes in the User Risk Score, enabling administrators to quickly identify potential threats the user may pose to the organization's cloud services and data, and take appropriate actions to prevent or mitigate any harm.

View User Details Page 

To view the User Details page:

  1. On the Users page, click any user in the table to see the User Cloud Card for the specific user.
  2. From the User Cloud Cardclick the View Full User Details corresponding to the User Details attribute.

The User Details page provides specific information for each user on two tabs:

Overview Tab

Overview Tab.png

The Overview tab provides general information about the user, security metrics, usage metrics, top locations, and User Risk Score, along with the trend and change in risk score. This tab also provides the following information:

  • User UID. Unique identification number of a user in your organization.
  • Email. Email address of the user.
  • User Since. The date on which the user account was created. 
  • Date Created. The date on which the user account was created. 
  • Last Activity. Last activity date of the user.
  • Location. Displays the user's location.
  • Department. Department of the user in the organization.
  • Country Code. Displays the user’s country code.
  • Company. Displays the user’s company.
  • Name. Displays the user’s name.
  • Object Class. Displays the object class of the user in the directory. What type of object the entry represents (for example, user, group, computer, etc.).
  • First Name. Displays the user’s first name.
  • Mail. Displays the user's email address. 
  • Last Name.  Displays the user’s last name.
  • User Account Control. Displays the user's access level (for example, Admin).
  • Web Page. Displays the websites, apps, or resources a user interacted with.
  • Description. Provides a summary about the user.
  • Initials. Displays the user’s initials.
  • Mobile. Displays the user’s mobile number.
  • Country. Displays the user’s country.
  • Object SID. Displays the Security Identifier (SID) of the user.
  • Manager. Displays the user manager's name.
  • Display Name. Displays the user’s name. 
  • User Principal Name. Used to correlate user activities across multiple cloud applications (Sanctioned or Shadow).
  • Given Name. Displays the user’s first name.
  • Primary Group ID. Displays the ID of the user’s primary group.
  • DN. Displays the Distinguished Name (DN) of the user in the directory.
  • City. Displays the user’s city.
  • Object GUID. Displays the Security Identifier (SID) of the user.
  • SAM Account Name. Displays the Security Account Manager (SAM) account name, which is used for authentication and access control within Windows domains.
  • Title. Displays the user’s job title.
  • Risk Rating. The default User Risk Score provided by Skyhigh CASB is based on Sanctioned, Shadow user activities, and incidents, and is scored from 1 to 9. Green is Low (1-3), Yellow is Medium (4-6), and Red is High (7-9). Click to go to the Risk tab for this user. 
  • Change in Risk Score. The change in risk score for a specific duration.
  • Threats. The number of threats caused by the user, categorized by incident level: Critical, Major, Minor, Warning, and Information. 
  • Anomalies. The number of anomalies caused by the user, categorized by incident level: Critical, Major, Minor, Warning, and Information. 
  • DLP Incidents. The number of DLP incidents caused by the user, categorized by incident level: Critical, Major, Minor, Warning, and Information. 
  • Malware Incidents. The number of Malware incidents caused by the user, categorized by incident level: Critical, Major, Minor, Warning, and Information.
  • Upload Activities. Displays the total user upload activities. The time range of available activity data depends on the license type. 
  • Total Upload Data. Displays the total user upload data. The time range of available upload data depends on the license type. 
  • Allowed | Denied. Displays the total count of allowed and denied requests. The time range of available requests depends on the license type.
  • Total Data Volume. Displays the total volume of data uploaded in a day.
  • Usage
    • Top Locations. Displays the top locations where the user has performed cloud activities, along with the world map denoting the top places.
    • Top Services. Lists the top cloud or web services the user has accessed or is associated with.
    • Usage Classifications. Type of user account (for example, shared account).

Risk Tab

Risk tab - the main image.png

The Risk tab provides detailed metrics on user activity within your organization, including:

  • Risk Score. Click each graph to sort the table by category. The Risk tab displays specific details of all the Risk Attributes associated with the user for each category. The two user risk categories are Sanctioned and Shadow:

For details about the User Risk Score, see User Risk Score.

  • Score by color. The current User Risk Score by color. Green is Low (1-3), Yellow is Medium (4-6), and Red is High (7-9). 
  • View.
    • Sanctioned User Risk Score. Displays a user's risk score based on usage of sanctioned SaaS services.
    • Shadow User Risk Score. Displays a user's risk score based on their access to Shadow IT services and Web service usage, derived from observed traffic and risk calculations.
  • Attributes Contributing to Risk. Displays the associated attributes of the selected risk category that contribute to the category risk score.
  • Other Attributes. Displays associated attributes of the selected risk category that do not contribute to the category risk score.
  • View Attribute Weights. Click to view the attribute weight of each risk attribute.
  • Hide Attribute Weights. Click to hide the attribute weights.
  • Attribute. Displays risk attributes of the selected category. 
  • Risk Type. Displays whether the risk attribute is associated with Sanctioned or Shadow services.
  • Score. Displays the weighted scores of each risk attribute corresponding to the selected risk category. The risk score of a category is the sum of all the risk attribute scores.

    sum of weighted risk score.png
     
  • Category. Displays the associated category of the risk attributes. 
  • Category Weight. Displays the selected risk category weights. For details on the default risk category weights, see User Risk Categories.
  • Attribute Weight. Displays attribute weights of the selected risk category. 
How is Each Pattern's Score Calculated?
  • If you select Sanctioned User Risk Score from the View menu, the displayed Sanctioned risk score of a user is the sum of all the Sanctioned category risk scores. For example, if the Sanctioned user risk score is 8, score 8 represents the collective sum of all the Sanctioned risk category scores.

NOTE: The final score is obtained by applying a ceiling operation to the total calculated score. For example, the sum of the Sanctioned category risk score 7.3 results in a final score of 8.

Sum of category weights.png

  • If you select Shadow User Risk Score from the View menu, the displayed Shadow risk score of a user is the sum of all the Shadow category risk scores.
  • If both Sanctioned and Shadow filters are selected from the View menu, the risk score of a user is calculated using 65% of the Sanctioned category score and 35% of the Shadow category score. For example, if the Sanctioned User Risk Score is 8 and the Shadow User Risk Score is 6, then the computed value ((8x0.65)+(6x0.35)) is 7.3. Hence, the final risk score is 8, obtained by applying the ceiling operation to 7.3.

Collective sum of both Sanction and Shadow.png

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.