Timeline and Alert details

Shows information on user activity time line and alerts generated.

1 & 2
User risk score: Displays the current risk score of the selected user.

Administrators can also manually edit the user risk score by clicking the edit icon and then selecting the required risk level and the duration during which the set risk score should apply. For details, see Override user risk score dialog.

3
Show user details: Click to show user details - user type and user group information.
4
User Insights: displays detailed information about specific user activities. For details, see User insights.
5
Show only risk impacting alert: Display alerts that impact the user risk score.
6
Expand/Collapse all: Click on to expand or collapse the alerts generated per activity on the time line.
7
Refresh: Click on icon to refresh the time line view.
8
Alerts time line: Displays a time line of all of the user's recent alerts and related policy rules, sorted by day. Click to expand or collapse the alert listing, to display more or less number of alerts for a specific day on the time line.

Alert details: Click on any of the displayed alerts on the time line to view the details of the selected alert. For example:

1
Severity: Indicates the impact of the user actions.
2
Endpoint details: Displays the endpoint details such as: the agent version installed, policy version, IP address etc.
3
Matched rule: Displays the matched rule.
4
Forensics: Displays the event logs.
5
Clicking icon gives following options:

If you select the Copy Alert ID option, it copies the alert ID to clipboard.

if you select the Print as PDF option, it exports the complete alert details to a PDF.