Skip to main content
Risk
A
Written by Arick Disilva
Updated over a month ago

Introduction to the Risk Report

As an alternative to the Risk report, you can also use the BI Reports > Behavior Alerts > Risk tab to conduct granular risk analysis.

The Risk report allows you to conduct organization-wide risk assessment. The report shows top risky users, rules and objects (applications and websites). The report also lets you plot risk trend by department, severity, number of violations, tags (tags are used to identify a rule) etc. Unique risk score helps you identify high-risk users or policies so that plans can be developed for treating the risks. You can filter the report by employee, department, severity and tag.

image-100.png

Configuring Rules for the Risk Report

The Risk report uses data from the Behavior Rules. You will need to set up rule Tags (Rules Editor > General > MARK THIS POLICY WITH TAGS TO IDENTIFY ITS PURPOSE) and rule Risk Threshold (Rules Editor > Actions > Advanced Mode) for the rule violation information to show up on the Risk report.

Note that Tags for the Anomaly Rules can be found under the GENERAL SETTINGS section and Risk can be found under the RULE RISK LEVEL section.

Accessing the Risk Menu

image-101.png

1. You can access the Risk report by clicking the RISK menu.

Plotting the Risk Trend

image-102.png

You can control what the top two graphs on the Risk report will show through their three pull-down menus:

1. The first menu lets you choose the frequency of the data being plotted. You can choose from Daily, Weekly or Monthly options.

2. The second menu lets you choose the X-axis (horizontal) categories for the graphs. You can choose from Tags, Departments and Severity.

3. The third menu lets you choose the Y-axis (vertical) values for the graphs. You can choose between Violations or Risk Scores.

Identifying High Risk Users, Rules and Objects

image-103.png

The bottom part of the Risk report has three panels that show the top risky users, rules and objects.

1. At the top-right corner of the users and rules panels, you can see how many users/rules are identified as the top risk, how many of them are new, and how many risk items were dropped (based on the time period you have selected for the report).

2. The third column of the risk items shows the up, down arrows or no change (no indicator arrow) trend for each risk.

3. You can click on any risk item to expand it. When expanded, it shows the top risky items causing the risk. For example, if you click a Rule item, it will show the three top users who are associated with the risk and a break down of their risk contribution (in percentage).

Did this answer your question?