With Teramind you can define risks based on your use cases using the ADVANCED mode in behavior policies and rules. Each rule lets you assign a risk factor to a user's behavior or activity. Risk can be configured based on frequency, threshold, and severity. Teramind can then take different actions depending on the risk factor, how often the rule is violated, etc. For example, you can set an email rule that sets a Low risk when a user sends 5 emails in a day. However, if they send more than 10 emails a day, then the rule will set a Moderate risk level and trigger a Notification action.
Anomalous or dripping risks can be automatically measured based on adaptive baselines using the Anomaly Rule (On-Premise deployments only). For example, you can set up a website anomaly rule that assigns a high risk to a user’s behavior if they spend more than 20% of their time over their departmental baseline. The risk score will then auto-adjusthttps://intercom.help/teramind-54fbd732679c/en/articles/8791031-user-guide# over time as both the user’s and the department’s activities change.
An automated risk score is then calculated to identify high-risk employees, policies & rules and objects (apps/websites). A thorough risk analysis can be conducted using the dedicated Risk report or from the BI Reports > Behavior Alerts > Risk tab.