User risk summary (data theft risk indicators)
This report shows which users generated the most incidents across all active Data Theft Risk Indicator policies, including suspicious user activity, indicators of compromise, and employee discontent.
- Suspicious user activity policies include Data Sent During Unusual Hours, Deep Web URLs, and Email to Competitors, among others.
- Indicators of compromise policies include Suspected Malware Communication, Suspected Malicious Dissemination, and Password Files, among others.
- Employee discontent policies include Disgruntled Employee and CV and Resume in English, among others.
For details about the policies used to populate the report, see Data Loss Prevention policies.
Users who violate these policies could pose a security risk to the organization.
This report contains the user’s full name, login name, department, manager, title, and business unit, if available.
It also shows incident counts by severity. To view the report:
- Go to the page.
- Expand the Risk Assessment folder (if needed), then select User Risk Summary (Data Theft Risk Indicators).
- Click Run to generate the report.