Top At-Risk Users / Risk Events

Top At-Risk Users / Risk Events widgets help you identify the most at-risk internal users from different dimensions and the risk events that are triggered most frequently.

Top 5 Users Distributing Malicious Files/URLs Widget

This widget shows the top 5 internal users that distributed the most phishing emails, malicious files, ransomware, and malicious URLs over the selected time period. With this widget, you can easily identify the users that pose serious threats to your company, whether they are compromised users or malicious insiders. Cloud App Security collects statistics for this widget from all protected service types, including Office 365 services, Box, Dropbox, Google Drive, Gmail, and Salesforce.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Top 5 Spammers Widget

This widget shows the top 5 internal users that sent the most spam email messages over the selected time period. With this widget, you can easily identify the users that cause the most disruption to the normal traffic of your company, whether they are compromised users or malicious insiders. Cloud App Security collects statistics for this widget from all protected email service types, including Exchange Online and Gmail.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Top 5 Malicious Email Recipients Widget

This widget shows the top 5 internal users that received the most phishing emails, malicious files, ransomware, and malicious URLs over the selected time period. These users are most targeted by serious attacks and may require your immediate attention. Cloud App Security collects statistics for this widget from all protected email service types, including Exchange Online and Gmail.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Top 5 Spam Recipients Widget

This widget shows the top 5 internal users that received the most spam email messages over the selected time period. This widget allows you to easily identify the users most targeted by spams. Cloud App Security collects statistics for this widget from all protected email service types, including Exchange Online and Gmail.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Top 5 Users with High Risk Events Widget

This widget shows the internal Office 365 users that trigger the most high risk events. By obtaining and aggregating high risk event data from Trend Micro Vision One and Microsoft Identity Protection, Cloud App Security allows you to identify the most at-risk internal Office 365 users in your organization based on more in-depth and comprehensive risk information.

Note:

This widget is available only after you have provisioned one or more Office 365 services for your organization.

For Cloud App Security to obtain data from Trend Micro Vision One, make sure you have turned the data upload permission for the data source Email Sensor, Azure AD, or Office 365 on Trend Micro Vision One. Data contributed by Trend Micro Vision One is available only when you select the default organization.

For Cloud App Security to obtain data from Microsoft Identity Protection, make sure you first provision an account for Microsoft Identity Protection.

Use the drop-down menu to select the time period to view.

Hover over the number of events to view the event details, including the name and triggered times of each event.

Click Go to Operations Dashboard to view more risk information about the users in your organization.

The Operations Dashboard in Trend Micro Vision One aggregates data from wider sources and dimensions to provide you in-depth and comprehensive risk insights.

Top 5 High Risk Events Widget

This widget shows the high risk events that are triggered most frequently by internal Office 365 users. By obtaining and aggregating high risk event data from Trend Micro Vision One and Microsoft Identity Protection, Cloud App Security allows you to identify the risk events that pose the biggest dangers to your organization based on more in-depth and comprehensive risk information.

Note:

This widget is available only after you have provisioned one or more Office 365 services for your organization.

For Cloud App Security to obtain data from Trend Micro Vision One, make sure you have turned the data upload permission for the data source Email Sensor, Azure AD, or Office 365 on Trend Micro Vision One. Data contributed by Trend Micro Vision One is available only when you select the default organization.

For Cloud App Security to obtain data from Microsoft Identity Protection, make sure you first provision an account for Microsoft Identity Protection.

Select a risk category from the Risk Category drop-down menu to view the top users that trigger the high risk events in this category.

For details about the risk categories, see At-Risk User Trends.

Use the drop-down menu to select the time period to view.

Click Go to Operations Dashboard to view more risk information about the users in your organization.

The Operations Dashboard in Trend Micro Vision One aggregates data from wider sources and dimensions to provide you in-depth and comprehensive risk insights.