SaaS Security Administrator's Guide
    : View Details for the Most Risky Users
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. Behavior Threats
    5. View Details for the Most Risky Users
    Download PDF

    SaaS Security Administrator's Guide

    View Details for the Most Risky Users

    Table of Contents

    View Details for the Most Risky Users

    Get visibility into the most risky users on your tenant, based on the number and severity of threat incidents logged by Behavior Threats.
    Depending on when you first activated and configured Data Security, up to 90 days of historical user data is available to Behavior Threats. Behavior Threats examines this historical user data, and, using data-driven machine learning models, assigns a risk score to each user.
    The Behavior Threats dashboard in the Cloud Management Console prominently displays the
    Top 3 Risky Users
     and you can also
    View All Risky Users
    . To determine whether a user poses a threat to your organization, you can view user details (such as the threat incidents associated with the user and the user's risk score).
    You can also view the most risky users for individual policies on the
    Policies
     tab.

    View the Most Risky Users

    The Behavior Threats dashboard displays the most risky users on your tenant. The most risky users are those with the highest risk scores for your organization. Investigate these most risky users to determine if they pose a threat to your organization.
    1. Navigate to the Behavior Threats dashboard.
    2. View the
      Top 3 Risky Users
       information on the dashboard, which includes the user's risk score and the number of threat incidents associated with the user.
    3. View details
       for each of the
      Top 3 Risky Users
      . The details include more information about the threat incidents associated with the user. Investigate any suspicious activity and take action as needed.
      If you want to monitor a user more closely, you can add them to the watchlist.
    4. After investigating the
      Top 3 Risky Users
      , you can
      View All Risky Users
      .
      View details
       for these users and take action as needed.

    View the Most Risky Users for Individual Policies

    The Policies tab on the Behavior Threats dashboard shows the most risky users for each policy. These risky users are the users with the highest risk scores who are associated with threat incidents for the policy.
    1. Navigate to the Behavior Threats dashboard.
    2. Navigate to
      Policies
      .
      You can display the Policies in a grid view or a list view. By default, the policies display in a grid view.
    3. In the
      Policies
       grid, locate the policy that you are interested in and view the
      Top 3 Risky Users
       for the policy.
      The displayed information includes the user's risk score and the number of threat incidents associated with the user for the policy.
    4. View details
       for each of the
      Top 3 Risky Users
      . The details include more information about the threat incidents associated with the user. Investigate any suspicious activity and take action as needed.
      If you want to monitor a user more closely, you can add them to the watchlist.
    5. After investigating the
      Top 3 Risky Users
      , you can
      view all
      risky users for the policy.
      View details
       for these users and take action as needed.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.