View information about the Account Compromise risk factor, which highlights user accounts that display unusual activity, have been detected on the dark web, or have been targeted by malicious email campaigns.
Operations Dashboard assesses user accounts for any activity that might indicate potential account compromise.
If an assessment of an account highlights events with a High or Medium risk level,
the account and risk type information displays in the Account Compromise Indicators table. The Account Compromise risk factor contributes to the Exposure Index.
 |
NoteFor customers that have updated to the Foundation Services release, information on the Account Compromise risk factor is only available for users with the Accounts asset visibility scope.
|
The following table outlines the widgets available in the Account Compromise section.
|
Widget
|
Description
|
|
Account Compromise Indicators
|
Events on user accounts that display unusual activity, have been detected on the dark
web,
or that have been targeted by malicious email campaigns, and might be compromised
and
require immediate attention.
|
When viewing risk events, click the number in the case column to view current cases
involving the specified risk event. Click the options icon (
) to open a new case for the risk event or add the case to an existing risk event.
) to open a new case for the risk event or add the case to an existing risk event.The following table describes the risk indicators associated with the Account
Compromise risk factor.
|
Indicator
|
Description
|
Data Sources
|
Target
|
|
Compromised account
|
At-risk user accounts that exhibited anomalous activities or
were specifically targeted by malicious email campaigns during the evaluation period
|
|
|
 |
ImportantAccount Compromise events related to Active Directory (on-premises) are only detected
if the Active Directory Connector is installed on the domain controller.
|