Receiving Information on Anomalies in User Behavior
You can receive information on anomalies detected in users’ behavior in the following ways:
• In the Session List, the monitored sessions that contain detected user behavior anomalies have a special risk score. The risk score indicates the severity level of the session and is calculated according to the risk level of the abnormal user behavior patterns and alerts detected in the monitored sessions.
The risk score is displayed in different colors depending on the severity level:
- A Critical risk score is highlighted in red.
- A High risk score is highlighted in orange.
- A Normal risk score is highlighted in green.
You can click the Risk Score icon next to the user session in the Risk Score column on the left to view the abnormal user behavior patterns and alert events detected in the session on the Session Risk Score page.
• If email notifications are enabled in the rule parameters, the information on anomalies in the user’s behavior will be sent to the specified recipients. To receive notifications by email, define the Email Sending Settings. Each email contains metadata from the monitored session (i.e. the risk score, user name, Client name, time, user behavior anomalies, and alerts), a link for viewing this session risk score details on the Session Risk Score page, and a link for viewing the session in the Session Viewer. You can customize the subjects to be used in the email notifications sent by Ekran System. To define the subjects of the email notifications, click the Configuration navigation link on the left, and select the Customization tab, and then scroll down to the Custom Email Subjects section.
• To receive information about all sessions with user behavior anomalies detected, you can generate a User Behavior Analytics Grid Report on the Reports page on the Report Generator tab.