About the Anomalous Access Location Workflow
Anomalous Access Locations are indicative of potentially compromised accounts or insider threats. This anomaly is detected when a user registers activity from an IP address, geographic location or an organization that is suspicious, blocklisted, or a competitor. In addition to detecting this anomaly with Skyhigh CASB's blocklists and UEBA, you can add competitor names, known bad IP addresses, and geographic locations to provide supervised learning.
That's where the filters are important. By fine-tuning each filter, you can remove expected network activity noise and have Skyhigh CASB focus attention on truly anomalous events.
To begin using Anomalous Access Locations, your policy manager or security team needs to review how the filters are enabled.
Use the following workflow