Monitor High Risk Users
This exploration is useful if you want to monitor the activities of a specific group of users, for example users who have given notice and will be leaving your company.
What you need to set this up:
-
Group created with list of high risk users
-
Create a group using the username, endpoint or other fieds. Groups can me uploaded from .CSV file or created using a condition. For this example, let's name the group high-risk-users.
-
Open a New Exploration. From the Proofpoint Information and Cloud Security Platform, select the Analytics app.
-
From the left side-menu, select Activity > Explorations. Click New Exploration button.
-
Alternatively, you can just click the New Exploration button at the top of the My Dashboard view.
Your new exploration opens and you see the source node with the default region, time and source. (You can modify these defaults.)
-
-
Add the next filter node. Click + and from the Filter by list, select User > Groups, The list of available group names displays. Select admin and click Done.
-
In the Exploration view, filter by User > Groups and select user group the group high-risk-users you created.
-
You can review the exploration and see the search results in the table. By clicking Edit Columns, you can select the columns you want to display in the Exploration.
-
Name the exploration and click Save New.
