Overview
The File risk indicator activity graph on the Exfiltration dashboard shows all of the file events that occurred across your organization broken down by risk indicators.
For more information about dashboards, see:
File risk indicator activity
To view file risk indicator activity:
- Sign in to the Incydr console.
- Select Dashboards > Exfiltration.
- Scroll down to File risk indicator activity.
The list of file risk indicators shown is dynamic. Only risk indicators with untrusted file activity are shown.
| Item | Description | |
|---|---|---|
| a | Selected time frame | Shows the time frame in which the file activity occurred. Change the time frame in the upper-right corner of the page. |
| b | Filter |
Click to filter the graph and events in the table by: |
| c | Selected file risk indicator | |
| d | File risk indicators | Select a file risk indicator to see its graph. |
| e | Events |
Displays the count of total file events for a file risk indicator and a visual representation of the number of file events. File events include when files are:
*Requires Incydr to have access to monitor your cloud storage environment and email services.
The default sort order is from the highest number of events to the lowest. |
| f | Size | Displays the total file size of file events for a file risk indicator. |
| g | Activity preview | Shows a visual representation of file activity for the selected time frame. |
| - |
Investigate in Forensic Search (not pictured) |
Click to view the events in Forensic Search. |
| h | View details |
Click to view the details of file events for a file risk indicator. |
Filter
| Item | Description | |
|---|---|---|
| a | Event severity | Select one or more file severities to view in the graph. No risk indicated events are file events that have a risk score of zero. For more details about calculating risk severity, see Risk settings reference. |
| b | Risk indicator |
Click to select one or more risk indicators to view in the graph. For more details about what risk indicators are and how they're applied, see Risk settings reference |
| c | Apply | Click Apply to filter the information in the graph by your criteria or click Cancel. |
View details
| Item | Description | |
|---|---|---|
| a | Risk indicator |
Shows the selected risk indicator. For more details about what risk indicators are and how they're applied, see Risk settings reference. |
| b | Untrusted events | Shows the number of events that are NOT trusted in your environment. Trust is evaluated based on your trust settings. You can view all events, trusted or not, in Forensic Search. |
| c | Investigate in Forensic Search |
Click to view all of the untrusted events in Forensic Search. |
| d | View details |
Click to view more details about the events. |
| e | Number of events by severity | Shows the number of file events by the selected severities. For more information about how severity is determined, see Risk settings reference. |
| f | Top users by events |
Shows the users with the most file activity for the selected risk indicators and filters. |
| g | Watchlist | Shows what watchlists, if any, the user is on. For more information about watchlists, see Watchlists reference. |
| h | File events with associated severity | Shows the number of file events and the total file size for the selected file severities. |
Comments
Please sign in to leave a comment.