Citrix user risk indicators 编辑
User risk indicators are user activities that look suspicious or can pose a security threat to your organization. These risk indicators span across all Citrix products used in your deployment. The risk indicators are triggered when the user’s behavior deviates from the normal. Each risk indicator can have one or more risk factors associated with it. These risk factors help you to determine the type of anomalies in the user events. The risk indicators and their associated risk factors determine the risk score of a user.
The following are the risk factors associated with the risk indicators:
Device-based risk indicators: Triggers when a user signs in from a device that is considered unusual based on the user’s device history.
Location-based risk indicators: Triggers when a user signs in from an IP address associated with a location that is considered unusual based on the user’s location history.
IP-based risk indicators: Triggers when a user attempts to access resources from an IP address that has been identified as suspicious, regardless of whether the IP address is unusual for the user.
Logon-failure-based risk indicators: Triggers when a user has a pattern of excessive or unusual logon failures.
Data-based risk indicators: Triggers when a user tries to exfiltrate data out of a Workspace session. The user behaviors under observation include copy or paste events, download patterns, and so on.
File-based risk indicators: Triggers when a user’s behavior regarding file access on Content Collaboration is considered unusual based on their historical access pattern. The user behaviors under observation include download patterns, access to sensitive content, activities indicative of ransomware, and so on.
Custom risk indicators: Triggers when a pre-configured condition or a user-defined condition is met. For more information, see the following articles:
Other risk indicators- The risk indicators that do not belong to any one of the predefined risk factors such as Device-based, Location-based, and Logon failure-based.
The risk indicators are also grouped into risk categories based on the risk that are of similar nature. For more information, see Risk Categories.
The following table shows the correlation between the risk indicators, risk factors, and the risk categories.
Products | User Risk Indicator | Risk Factor | Risk Category |
---|---|---|---|
Citrix Content Collaboration | Excessive access to sensitive files | File-based risk indicators | Data exfiltration |
Excessive file sharing | Other risk indicators | Data exfiltration | |
Excessive file or folder deletion | File-based risk indicators | Insider threats | |
Excessive file uploads | Other risk indicators | Insider threats | |
Excessive file downloads | File-based risk indicators | Data exfiltration | |
Impossible travel | Location-based risk indicators | Compromised users | |
Malware files detected | File-based risk indicators | Insider threats | |
Ransomware activity suspected | File-based risk indicators | Compromised users | |
Suspicious logon | Device-based risk indicators, IP-based risk indicators, Location-based risk indicators, and Other risk indicators | Compromised users | |
Unusual authentication failures | Logon-failure-based risk indicators | Compromised users | |
Citrix Endpoint Management | Device with blacklisted apps detected | Other risk indicators | Compromised endpoints |
Jailbroken or rooted device detected | Other risk indicators | Compromised endpoints | |
Unmanaged device detected | Other risk indicators | Compromised endpoints | |
Citrix Gateway | End point analysis (EPA) scan failure | Other risk indicators | Compromised users |
Excessive authentication failures | Logon-failure-based risk indicators | Compromised users | |
Impossible travel | Location-based risk indicators | Compromised users | |
Logon from suspicious IP | IP-based risk indicators | Compromised users | |
Suspicious logon | Device-based risk indicators, IP-based risk indicators, Location-based risk indicators, and Other risk indicators | Compromised users | |
Unusual authentication failure | Logon-failure-based risk indicators | Compromised users | |
Citrix Secure Private Access | Attempt to access blacklisted URL | Other risk indicators | Insider threats |
Excessive data download | Other risk indicators | Insider threats | |
Risky website access | Other risk indicators | Insider threats | |
Unusual upload volume | Other risk indicators | Insider threats | |
Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) and on-premises Citrix Virtual Apps and Desktops) | Impossible travel | Location-based risk indicators | Compromised users |
Potential data exfiltration | Data-based risk indicators | Data exfiltration | |
Suspicious Logon | Device-based risk indicators, IP-based risk indicators, Location-based risk indicators, and Other risk indicators | Compromised users |
You can manually mark risk indicators as helpful or not helpful. For more information, see Provide feedback for User Risk indicators.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论