The User Profile view provides detailed information about all the alerts and related indicators of a user.
What do you want to do?
*You can complete the tasks here.
- Begin an Investigation of High-Risk Users
- Investigate Top Alerts
- Filter Alerts
- Investigate Events
- Export a list of High-Risk Users
To access this view:
Go to INVESTIGATE > Users. Do any of the following:
- In the OVERVIEW tab, under High Risk Users panel, select a user and click on either the username or the user score.
- In the USERS tab, select a user and click on the username.
- In the ALERTS tab, select an alert name or an entity name.
The Users Profile consist of the following panels:
|1||User Risk Score panel|
|2||Alerts Flow panel|
User Risk Score Panel
The User Risk Score panel contains the following information:
Alert Flow Panel
The Alert Flow panel displays the following information:
Click on a graph icon in the Alert Flow panel to open the Indicator panel. The following table describes the indicator panel elements:
In the Indicator panel the events table list events specific to the data sources.
The following tables list events specific to all the data sources.
- Windows File Servers
The following tables list events specific to Windows file servers.
- Active Directory
The following tables list event specific to Active Directory.
- Logon Activity
The following tables list events specific to Logon Activity.
The following tables list events specific to Process.
The following tables list events specific to Registry.