User Details Page on Threats
The User Details page displays compiled information about a particular user, including the count of threats, incidents (DLP and Malware), anomalies (security metrics), usage metrics, top locations, and the User Risk Score associated with the user. On the User Details Page, you can monitor the trend and change in the User Risk Score, which allows admins to discover at a glance any possible threats posed by the user to an organization's cloud services and data and take the necessary actions to prevent or remediate any harm.
Access the User Details page from the Incidents > Threats page.
View User Details Page
To view the User Details page for a threat:
- On the Threats page, click any threat in the table to see the Threat Cloud Cards for the specific user.
- From the Threat Cloud Card, click User to see the User Details Cloud Card for that user.
- From the User Details Cloud Card, click View Full User Details corresponding to the Usage attribute.
The User Details page provides specific information for each user on two tabs:
Overview Tab
The Overview tab provides general information about the user, security metrics, usage metrics, top locations, and User Risk Score along with the trend and change in risk score. This tab also provides the following information:
- Email. The email address of the user.
- Phone. The phone number of the user.
- Roles. The role of the user in the organization.
- Department. The department of the user in the organization.
- Manager. The name of the user's manager.
- Managers Email. The email address of the user's manager.
- Location. The location of the user.
- Account. The account number of the user.
- User Group. The name of the group the user belongs to.
- User Since. The date the user joined the organization.
- Last Activity. The last activity date of the user.
- Risk Rating. The default Risk Score provided by Skyhigh CASB is based on sanctioned user activities and incidents and is scored from 0 to 10. Green is Low (0-3), Yellow is Medium (4-6), and Red is High (7-10). Click to go to the Risk tab for this user.
- Change in Risk Score. The change in risk score for a specific duration.
- Threats. The number of threats caused by the user, broken down by incident level: Critical, Major, Minor, Warning, and Info.
- Anomalies. The number of anomalies caused by the user, broken down by incident level: Critical, Major, Minor, Warning, and Info.
- DLP incidients. The number of DLP incidents caused by the user, broken down by incident level: Critical, Major, Minor, Warning, and Info.
- Malware incidents. The number of Malware incidents caused by the user, broken down by incident level: Critical, Major, Minor, Warning, and Info.
- Usage. Includes details about the top cloud services, top locations, and activity count of the user.
- Top Locations. Displays a world map denoting the top locations the user has used.
Risk Tab
The Risk tab provides details about metrics on usage within your company, including:
- Risk Score. Click each graph to sort the table by category. The Risk tab displays specific details about 44 Risk Attributes associated with the user for each category:
- Score by color. The current User Risk Score by color. Green is Low (0-3), Yellow is Medium (4-6), and Red is High (7-10).
- Category. The Risk Attribute category.
- Attribute. The Risk Attribute.
- Category Weight. The current Category Weight. For details on the default risk category weights, see User Risk Categories.
- Attribute Weight. The current Attribute Weight.
- Weighted Score. The weighted score for this attribute.