Trends dashboard reference

Updated

Overview

The Trends dashboard shows how risky activity in your organization changes over time. You can use these trends to see which risk reduction efforts are working, and which areas may benefit from additional focus on controls, training, and engagement.

For the legacy insider risk trends dashboard, see View Insider Risk Trends for your organization (legacy).

Considerations

  • To use this functionality, Incydr users must be assigned specific roles. For more information, see Permissions for Incydr.
  • Add trusted activity and data connections to focus your investigations on higher-risk file activity. Adding trust settings allows Incydr to show only untrusted file events on security event dashboards, user profiles, and alerts, reducing your total file event volume. All file activity is still visible in Forensic Search.

The Trends dashboard

To access the dashboard:

  1. Sign in to the Incydr console.
  2. Select Dashboards > Trends.
    Trends-Dashboard-2025-02-12-export.png
Item Description
a Date range Click to view trend data grouped by week, month, or quarter.
b Filter Choose to limit dashboard data to specific departments or watchlists.
c Export Click the export icon Export-icon-source.png to save an image of the entire dashboard or an individual section. Hover over an area, then click to export the highlighted area.
d Destination indicators

The table displays the destinations of exfiltration activity and the percentage change in activity from the previous period.

  • Destinations with the highest number of events appear first.
  • Select a destination to view trends from the previous year in the graph on the right.
  • Hover over any data point in the graph for more details.
e Source indicators

The table displays the sources of exfiltration activity and the percentage change in activity from the previous period.

  • Sources with the highest number of events appear first.
  • Select a source to view trends from the previous year in the graph on the right.
  • Hover over any data point in the graph for more details.
f File indicators

The table categorizes the types of exfiltrated files and displays the percentage change in activity from the previous period.

  • File types with the highest number of events appear first.
  • Select a file type to view trends from the previous year in the graph on the right.
  • Hover over any data point in the graph for more details.
g

User indicators

The table shows the user watchlist and behavioral risk indicators linked to exfiltration activity. It also shows the percentage change in activity from the previous period.

  • Items with the highest number of events appear first.
  • Select a user behavior to view trends from the previous year in the graph on the right.
  • Hover over any data point in the graph for more details.
h Preventative controls Shows the number of times the Block browser uploads preventative control was applied to user activity. It also shows the percentage change in activity from the previous period.

Differences in file event counts
File events may appear in Forensic Search before they appear in dashboards, alerts, watchlists, the All Users list, and User Profiles. As a result, you may see that the file event counts in Forensic Search differ from the event counts elsewhere. For more details, see Expected time ranges for events to appear.

Related topics

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.