Views:

View information about the Activity and behaviors risk factor, which highlights irregularities in user and device behavior that could indicate an ongoing under attack.

Operations Dashboard assesses user accounts and devices for any unusual activity that may indicate a potential threat. If an assessment highlights events with a High or Medium risk level, the account or device and risk type information displays in the Activity and Behaviors table. The Activity and Behaviors risk factor contributes to the Exposure Index.
When viewing risk events, click the number in the case column to view current cases involving the specified risk event. Click the options icon (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) to open a new case for the risk event or add the case to an existing risk event.
The following table describes the risk indicators associated with the Activity and behaviors risk factor.
Indicator
Description
Data Sources
Target
User activity
Abnormal user behavior patterns or preferences
  • Microsoft Entra ID
  • Endpoint Sensor
  • Trend Micro Apex One as a Service
  • Okta
  • Active Directory (on-premises)
  • User
Device activity
Abnormal device behavior patterns or preferences
Important
Important
For customers that have updated to the Foundation Services release, device activity data is only displayed for devices within the asset visibility scope of the current user.
  • Endpoint Sensor
  • Trend Micro Apex One as a Service
  • Active Directory (on-premises)
  • Web Sensor
  • Trend Cloud One - Endpoint & Workload Security
  • Device
Network activity
Anomalous or malicious network activity
  • Trend Micro Web Security
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • Office 365
  • Trend Cloud One - Endpoint & Workload Security
  • Splunk - Network Firewall / Web Gateway Logs
  • User
  • Device