User activity monitoring

Using the User activity monitoring tab, administrators can customize the IOBs (modify the IoB predefined severity and exclude or include certain users and groups).

User activity monitoring tab

This view displays the following columns:

IOB No: Every IoB has a unique identification number icon is to show the modified IoB. This icon indicates the modified IoB.
Rule name: Associated rule that is matched when a specific user activity is observed.
Status: Indicates whether the IoB is enabled or disabled.
Severity: Informative, Low, Medium, High, Critical, Dynamic.
Category: Indicates the nature of the security threat.
Channel: Indicates whether the activity happened on web, any system modifications etc.
Description: Specifies the suspicious behavior or user activity.
User exceptions: Indicate the user or groups that are exempted from monitoring for the specific behavior.

Filtering capability allows for filtering based on a specific column in the User activity monitoring tab. On mouse over the column this icon is displayed. Click the icon to filter on the selected column.