Users

The Activity > Cloud Users table in the Analytics app displays detailed information about all users within your organization.

The Users Analytics table displays the following information for each user:

Full Name: The full name of the user
User Name: The user’s email address
Alerts: The number of high risk alerts in the selected time range and the total number of alerts associated with the user. Alerts and their severity are user-defined in the Policy section. See Define a CASB Rule.
Files: The number of files with data violations (DLP matches) and the total number of files associated with the user
3rd Party Apps: The number of third-party applications associated with the user

Viewing User Information

You can view additional information about each user by expanding the table entry.

The expanded area displays the following elements:

Details: Displays basic information about the user
Recent Activity: Lists details of recent events relating to the user (for example, Download file, Add folder)

Hover over Recent Activity descriptions to view tooltips containing additional information relating to the event (for example, file names and DLP matches).
Recent Alerts: Lists details of recent alerts associated with the user

Viewing User Dashboards

You can view additional information about each user by opening the user dashboard.

On the right side of the user’s table entry, click .

The user dashboard opens in a new tab.

The user dashboard displays the following information:
- User Details: Basic information about the user, including name, email addresses, groups, number of active cloud services, and user ID
- Recent Alerts: The location, alert time, and alert name of recent alerts associated with the user
- At a Glance: A table of information relating to the user’s active cloud services
- Alerts of High Importance Violations: The severity, alert time, and alert name of all critical and high level alerts associated with the user, and a diagram showing the categories of these alerts
- Files with Data Violations: Files owned by the user containing data violations (DLP matches). Includes Detector name and number of files with DLP matches. Click the Detector name to view the list of file names with matches. Includes a chart with data violations divided according to file sharing level.
- 3rd Party Apps: Lists third-party applications with a critical severity level that are associated with the user. Click the application to view its scope categories.
Tips:
- Hover over text and graphics to view tooltips with additional information.
- Follow links to view Analytics tables filtered according to dashboard content.
To view recent events associated with the current user, scroll down in the dashboard.

A table presents events associated with the user.

By default, all events are listed; you can filter events by activity type.

The following activity types are available:
- All: All events associated with the user
- Login & Account: Events whose associated resource is related to login and accounts (for example, passwords, personal information)
- Data: Events whose associated resource is related to data (for example, logs, report)
- Privileged: Events whose associated resource is related to privileges (for example, role, settings, users)
- Other: Events whose associated resource does not fall into any of the other quick filter categories
1. To filter by activity type, in the toolbar, click the desired channel.
  
  Only incidents of the selected activity type are displayed.
2. To view the filtered events in the Activity Forensics table, click see all <nnn> Events at the bottom of the table. The filtered events open in the Activity Forensics table.
To move between the main Users Analytics table and user dashboards, use the tabs at the top of the table.
To close a user dashboard: Hover over the tab and click X.