Users Data
The following data is available for users to help you analyze users and their risk profile.
For more information about users and how to access the Users page, see Users.
User information is consolidated from different sources and creates a single, unified identity for a user.
Accessing User View Data
-
You can access the user data from the Data Security Workbench application. (Data Security Workbench > Users).
-
Select the user you want to open the panel with more details.
-
Click View User to see the User Data.
User View
The User View provides user data, and alert and resource information.
Summary
This tab provides an overview of the user.
-
Summary: General user data, the channels where the user has been seen, alerts generated and system remediations. You can access the user's Timeline from here.
-
Groups: Names, type and source for groups the user is a member of.
-
Risk Assessment: Overall, attacked, privileged and vulnerable risk. This information is based on Proofpoint NPRE calculations.
For information about Crowdstrike user risk score and risk factors/insights, see CrowdStrike User Risk Context.
-
Risk Profile: Source for the risk assessment.
Alerts
This tab provides information about the alerts generated by the user. You can select the time period you want to see - from last 1 hour to up to last 30 days.
-
Alerts By Day
-
Top Alert Categories
-
Alert by Location
-
Rules Triggered by Action & Source
-
3rd Party Apps Activity
-
Top Indicators
-
Alerts Triggered List
Resources
This tab provides information about the sources of the data. You can select the time period you want to see - from last 1 hour to up to last 30 days.
-
Recent Cloud File Activities
-
Most File Exfiltrations by Destination
-
Most File Activities
-
Top Indicators
Details
This tab provides additional directory and risk scores information.
-
User
-
Groups
-
Directory
-
Intelligence
-
Record