Top At-Risk Users / Risk Events

Top At-Risk Users / Risk Events widgets help you identify the most at-risk internal users from different dimensions and the risk events that are triggered most frequently.

Top 5 Users Distributing Malicious Files/URLs Widget

This widget shows the top 5 internal users that distributed the most phishing emails, malicious files, ransomware, and malicious URLs over the selected time period. With this widget, you can easily identify the users that pose serious threats to your company, whether they are compromised users or malicious insiders. Cloud App Security collects statistics for this widget from all protected service types, including Office 365 services, Box, Dropbox, Google Drive, Gmail, and Salesforce.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Top 5 Spammers Widget

This widget shows the top 5 internal users that sent the most spam email messages over the selected time period. With this widget, you can easily identify the users that cause the most disruption to the normal traffic of your company, whether they are compromised users or malicious insiders. Cloud App Security collects statistics for this widget from all protected email service types, including Exchange Online and Gmail.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Top 5 Malicious Email Recipients Widget

This widget shows the top 5 internal users that received the most phishing emails, malicious files, ransomware, and malicious URLs over the selected time period. These users are most targeted by serious attacks and may require your immediate attention. Cloud App Security collects statistics for this widget from all protected email service types, including Exchange Online and Gmail.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Top 5 Spam Recipients Widget

This widget shows the top 5 internal users that received the most spam email messages over the selected time period. This widget allows you to easily identify the users most targeted by spams. Cloud App Security collects statistics for this widget from all protected email service types, including Exchange Online and Gmail.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Top 5 Users with High Risk Events Widget

This widget shows the internal Office 365 users that trigger the most high risk events. By obtaining and aggregating high risk event data from Trend Vision One and Microsoft Identity Protection, Cloud App Security allows you to identify the most at-risk internal Office 365 users in your organization based on a wide range of risk information.

Note:

  • This widget is available only after you have provisioned one or more Office 365 services for your organization.

  • For Cloud App Security to obtain data from the sources, make sure you have performed the following:

    • To obtain data from Trend Vision One, grant the data upload permission for the data source Email Sensor, Azure AD, or Office 365 on Trend Vision One.

      Data contributed by Trend Vision One is available only when you select the default organization.

    • To obtain data from Microsoft Identity Protection, provision an account for Microsoft Identity Protection.

  • Select the data sources at the top of the Internal User Risk Analytics widgets to view the corresponding results.

Use the drop-down menu to select the time period to view.

Hover over the number of events to view the event details, including the name and triggered times of each event.

Select a conditional access action to apply to a user.
Note:

Conditional access actions control users' access to resources. For more information, see Configuring Conditional Access Policies for Risky Users.

Click Go to Operations Dashboard to view more risk information about the users in your organization.

The Operations Dashboard in Trend Vision One aggregates data from wider sources and dimensions to provide you in-depth and comprehensive risk insights.

Top 5 High Risk Events Widget

This widget shows the high risk events that are triggered most frequently by internal Office 365 users. By obtaining and aggregating high risk event data from Trend Vision One and Microsoft Identity Protection, Cloud App Security allows you to identify the risk events that pose the biggest dangers to your organization based on a wide range of risk information.

Note:

  • This widget is available only after you have provisioned one or more Office 365 services for your organization.

  • For Cloud App Security to obtain data from the sources, make sure you have performed the following:

    • To obtain data from Trend Vision One, grant the data upload permission for the data source Email Sensor, Azure AD, or Office 365 on Trend Vision One.

      Data contributed by Trend Vision One is available only when you select the default organization.

    • To obtain data from Microsoft Identity Protection, provision an account for Microsoft Identity Protection.

  • Select the data sources at the top of the Internal User Risk Analytics widgets to view the corresponding results.

Select a risk category from the Risk Category drop-down menu to view the top users that trigger the high risk events in this category.

For details about the risk categories, see At-Risk User Trends.

Use the drop-down menu to select the time period to view.

Click Go to Operations Dashboard to view more risk information about the users in your organization.

The Operations Dashboard in Trend Vision One aggregates data from wider sources and dimensions to provide you in-depth and comprehensive risk insights.