User Details Cloud Card on Anomalies
The User Details Cloud Card on the Anomalies page allows you to drill down for more information about a user, which includes the User Risk Score along with the severity of the user, usage metrics, and the count of threats, anomalies, and incidents (DLP and malware).
Access the User Details Cloud Card from the Incidents > Anomalies > Anomalies page.
View User Details Cloud Card
To view user details and user risk score in the Cloud Card:
- On the Anomalies page, click any anomaly in the table to see the Anomaly Cloud Card for the specific user.
- From the Anomaly Cloud Card, click User to see the User Details Cloud Card for that user, including general user details, risk score, security metrics, and usage metrics.
- Click View Full User Details to view the User Details Page and User Risk Score for the user. For more information, see the User Details Page on Anomalies and User Risk Score on Anomalies.
The User Details Cloud Card provides the following information:
- User Name. User Name of the user.
- Risk. The default User Risk Score provided by Skyhigh CASB is based on sanctioned user activities and incidents and is scored from 1 to 9.
- Severity. The values (Green is Low (1-3), Yellow is Medium (4-6), and Red is High (7-9)) are used to determine how much the risk score of each associated user exceeds the threshold.
- Threats. Number of threats detected from numerous activities in your cloud environment.
- Anomalies. Number of anomalies detected from numerous activities in your cloud environment.
- DLP incidents. Number of DLP policy violations of each type detected in your cloud environment.
- Malware incidents. Number of malware detected from numerous files in your cloud environment.
- Email. Email address of the user.
- Phone. The phone number of the user.
- Roles. Role of the user in the organization.
- Department. Department of the user in the organization.
- Location. Location of the user.
- User Group. The name of the group the user belongs to.
- Top Services. Top cloud services used by the user.
- Top Locations. Top locations used by the user to perform cloud activities.
- Activities. Number of activities performed by the user.
- User Since. The date on which the user account was created.
- Last Activity. Last activity date of the user.
- Usage Classifications. Type of user account.