Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

View User Risk Score for Sanctioned DLP Incidents

User Risk Score is a near real-time dynamic risk score assigned to the user whenever the incident is updated and it is rated on a scale of 1–9. You can view the risk score of a user on the Sanctioned DLP Incident cloud card (found under Incidents > Policy Incidents > Policy Incidents page). This score is measured based on various factors such as the severity of the violation, the user’s security posture, and metadata about the user's overall compliance history. The score identifies the deviations as High, Medium, and Low-risk types:

  • High (7-9). This score indicates a great potential for cloud services and data to become vulnerable to threats. This level is the least trustworthy. 
  • Medium (4-6). This score indicates a moderate potential for cloud services and data to become vulnerable to threats.
  • Low (1-3). This score indicates little potential for cloud services and data to become vulnerable to threats. This level is the most trustworthy.

The user risk score allows you to track and manage user’s typical usage patterns related to data security, and take necessary actions to strengthen the defense against potential threats in your organization. The Security Operations Center (SOC) can gain unified visibility of the user risk score within Incident Management workflows to efficiently categorize users based on their risk types. This enables SOCs to investigate incidents and outline remediations quickly, thereby enhancing the ability to secure their most sensitive data from risky users.

View User Risk Score

You can view the user risk score for incidents triggered by Sanctioned DLP policies.

To view user risk score for Sanctioned DLP incidents:

  1. Go to Incidents > Policy Incidents.
  2. On the Policy Incidents page, select the Incident Type filter as Sanctioned DLP.
    clipboard_e5b2f6f9aa669fea428e282f588cf27fe.png
  3. Click any incident on the table to see the Cloud Card for that incident. For details, see Sanctioned DLP Policy Incident Cloud Card.
  4. On the Sanctioned DLP Policy Incident Cloud Card, go to User.
    clipboard_e2b9a3c40e4eacdcae22e6f7517e4cfb5.png

You can now view the user risk score of the violated DLP incident.

  • Was this article helpful?