>
    Strata Copilot
    View the Users on the Watchlist
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. View Threats and Incidents
    4. View the Users on the Watchlist
    Download PDF
    SaaS Security

    View the Users on the Watchlist

    Table of Contents

    View the Users on the Watchlist

    In Behavior Threats, you can monitor a user more closely by adding them to the watchlist. You can filter the Users table to show only users in the watchlist.
    1. Log in to Strata Cloud Manager.
    2. Select to ConfigurationSaaS SecurityBehavior ThreatsUsers.
    3. Add Filter to the table and add the Watchlist filter.
    4. Set the Watchlist filter to show only the users in the watchlist (WatchlistIn Watchlist).
    5. In the Userstable, review high-level information for the users on the watchlist.
      The displayed information includes the user's risk score and the number of threat incidents associated with the user for the policy.
    6. (Optional) Click the table's download icon to export a CSV file with a list of the users in the watchlist.
    7. To view more details for a user, including threat-incident details, click the name of the user.

    © 2026 Palo Alto Networks, Inc. All rights reserved.