View User Details

Last updated
Save as PDF

Limited Availability: To access the Users page, contact Skyhigh Support.

The User Details Page displays compiled information about a particular user, including the count of threats, incidents, anomalies (security metrics), usage metrics, top locations, and the User Risk Score associated with the user. On the User Details page, you can monitor the trend and changes in the User Risk Score, enabling administrators to quickly identify potential threats the user may pose to the organization's cloud services and data, and take appropriate actions to prevent or mitigate any harm.

View User Details Page

To view the User Details page:

On the Users page, click any user in the table to see the User Cloud Card for the specific user.
From the User Cloud Card, click the View Full User Details corresponding to the User Details attribute.

The User Details page provides specific information for each user on two tabs:

Overview
Risk

Overview Tab

Overview Tab.png

The Overview tab provides general information about the user, security metrics, usage metrics, top locations, and User Risk Score, along with the trend and change in risk score. This tab also provides the following information:

User UID. Unique identification number of a user in your organization.
Email. Email address of the user.
User Since. The date on which the user account was created.
Date Created. The date on which the user account was created.
Last Activity. Last activity date of the user.
Location. Displays the user's location.
Department. Department of the user in the organization.
Country Code. Displays the user’s country code.
Company. Displays the user’s company.
Name. Displays the user’s name.
Object Class. Displays the object class of the user in the directory. What type of object the entry represents (for example, user, group, computer, etc.).
First Name. Displays the user’s first name.
Mail. Displays the user's email address.
Last Name. Displays the user’s last name.
User Account Control. Displays the user's access level (for example, Admin).
Web Page. Displays the websites, apps, or resources a user interacted with.
Description. Provides a summary about the user.
Initials. Displays the user’s initials.
Mobile. Displays the user’s mobile number.
Country. Displays the user’s country.
Object SID. Displays the Security Identifier (SID) of the user.
Manager. Displays the user manager's name.
Display Name. Displays the user’s name.
User Principal Name. Used to correlate user activities across multiple cloud applications (Sanctioned or Shadow).
Given Name. Displays the user’s first name.
Primary Group ID. Displays the ID of the user’s primary group.
DN. Displays the Distinguished Name (DN) of the user in the directory.
City. Displays the user’s city.
Object GUID. Displays the Security Identifier (SID) of the user.
SAM Account Name. Displays the Security Account Manager (SAM) account name, which is used for authentication and access control within Windows domains.
Title. Displays the user’s job title.
Risk Rating. The default User Risk Score provided by Skyhigh CASB is based on Sanctioned, Shadow user activities, and incidents, and is scored from 1 to 9. Green is Low (1-3), Yellow is Medium (4-6), and Red is High (7-9). Click to go to the Risk tab for this user.
Change in Risk Score. The change in risk score for a specific duration.
Threats. The number of threats caused by the user, categorized by incident level: Critical, Major, Minor, Warning, and Information.
Anomalies. The number of anomalies caused by the user, categorized by incident level: Critical, Major, Minor, Warning, and Information.
DLP Incidents. The number of DLP incidents caused by the user, categorized by incident level: Critical, Major, Minor, Warning, and Information.
Malware Incidents. The number of Malware incidents caused by the user, categorized by incident level: Critical, Major, Minor, Warning, and Information.
Upload Activities. Displays the total upload activities of the user over the past 7 days.
Total Upload Data. Displays the total upload data of the user over the past 7 days.
Allowed | Denied. Displays the total count of allowed and denied requests over the past 7 days.
Total Data Volume. Displays the total volume of data uploaded in a day.
Usage
- Top Locations. Displays the top locations where the user has performed cloud activities, along with the world map denoting the top places.
- Top Services. Lists the top cloud or web services the user has accessed or is associated with.
- Usage Classifications. Type of user account (for example, shared account).

Risk Tab

Risk tab.png

The Risk tab provides detailed metrics on user activity within your organization, including:

Risk Score. Click each graph to sort the table by category. The Risk tab displays specific details of all the Risk Attributes associated with the user for each category. The two user risk categories are Sanctioned and Shadow:
- Sanctioned User Risk Score. The categories mentioned below and the associated risk weights are used to calculate the Sanctioned user risk score of a specific user:
  - Download
  - Cloud Usage
  - Privilege
  - Login
  - Upload
  - Access
  - Incident
  - Threat
  - Collaboration
- Shadow User Risk Score. The categories mentioned below and the associated risk weights are used to calculate the Shadow user risk score of a specific user:
  - Upload
  - Download
  - Network
  - Device
  - Anomaly
  - CSP
  - Incident

For details about the User Risk Score, see User Risk Score.

Score by color. The current User Risk Score by color. Green is Low (1-3), Yellow is Medium (4-6), and Red is High (7-9).
View.
- Sanctioned User Risk Score. Displays the risk score of a user based on the usage of sanctioned SaaS services.
- Shadow User Risk Score. Displays the risk score of a user based on their access to Shadow IT services and Web service usage, derived from observed traffic and risk calculations.
Category. The Risk Attribute category.
Risk Type. Displays whether the risk is associated with Sanctioned or Shadow services.
Attribute. The Risk Attribute.
Category Weight. The current Category Weight. For details on the default risk category weights, see User Risk Categories.
Attribute Weight. The current Attribute Weight.
Weighted Score. The weighted score for this attribute.