User activity monitoring

Using the User activity monitoring tab, administrators can customize the IOBs (modify the IoB predefined severity and exclude or include certain users and groups).

User activity monitoring tab

This view displays the following columns:

1
IOB No: Every IoB has a unique identification number icon is to show the modified IoB. Modified IoBs are marked using the icon.
2
Rule name: Associated rule that is matched when a specific user activity is observed.
3
Status: Indicates whether the IoB is enabled or disabled.
4
Severity: Informative, Low, Medium, High, Critical, Dynamic.
5
Category: Indicates the nature of the security threat.
6
Channel: Indicates the channels to which this IoB applies.
7
Description: Specifies the suspicious behavior or user activity.
8
User exceptions: Indicate the user or groups that are exempted from monitoring for the specific behavior.
9
Enable/Disable: Select an IOB and then right-click on it to enable, disable or edit. Or you can also click the icon on top right and select enable or disable as required.
10
Column Selector: Add or remove columns from view.

Filtering capability allows for filtering based on a specific column in the User activity monitoring tab. On mouse over the column this icon is displayed. Click the icon to filter on the selected column.