About Data Anomalies
Data Anomalies represent unusual access to files and records within your Sanctioned Services. They may indicate malicious users inside the organization, users who have access to a lot of data they are not authorized for, or users who have access to a lot of data that may be at risk of loss.
Insider Threats anomalies may also indicate users accessing an unusual number of files for a special project, or a change in responsibilities.
Data anomalies work in concert with Administrative Anomalies and Access Anomalies to determine threats. These anomalies are all based on established activity thresholds and are mapped to specific service actions.
- Data Access. The user has accessed an abnormally large amount of data in the specified duration, exceeding the expected threshold. This can represent a combined threshold of uploads and downloads or can represent an abnormally large number of page views.
- Data Download. The user has downloaded an abnormally large amount of data in the specified duration, exceeding the expected threshold.
- Report Execution. The user has created or generated an abnormally large number of reports in the specified duration, exceeding the expected threshold.
- Data Sharing. The user shared an abnormal amount of data internally in the specified duration. This applies only to sharing between users of your enterprises' CSPs (from one employee to another).
- External Data Sharing. The user shared an abnormally large amount of data externally. This applies only to sharing from internal users to outside users (like sharing an external link or public folder).
- Data Updates. The user has updated (edited or changed) an abnormally large amount of data.
- Data Upload. The user has uploaded an abnormally large amount of data. These anomalies are all based on established activity thresholds and are mapped to specific service actions.
- Service Usage. The user has shown an abnormally high amount of usage of the service in the specified duration.
- Data Delete. The user deleted an abnormally large amount of data.