Provide feedback for User Risk indicators 编辑

Risk indicators are designed to detect and report potentially suspicious or anomalous user activity, while automatically increasing the user’s risk score. In practice, although some occurrences of a risk indicator correspond to a legitimate underlying security threat, others turn out to be benign.

The indicator feedback feature allows you to explicitly flag risk indicator occurrences:

  • As helpful when you believe there is true underlying user risk

  • As not helpful if you have determined that there is no security threat. In this case, the indicator occurrence is hidden from the user timeline by default, and the user’s risk score is automatically adjusted to exclude this indicator occurrence in subsequent calculations.

In addition, your collective feedback is used to drive future improvements in the risk indicator algorithms.

Provide feedback

A feedback banner (with a thumbs-up and down icon) is displayed for each default risk indicator entry in the user timeline.

  • Thumbs-up icon - Indicator is helpful and has correctly identified risky activity. You can click the thumbs up icon and provide additional comments on how the indicator is helpful and its benefit.

    You can save your feedback and mark the indicator as helpful. You can also edit your comment by clicking Edit Feedback. The feedback banner provides the timeline of the last submitted feedback.

    Edit feedback

    When a risk indicator is marked helpful, this feedback is displayed in the corresponding user timeline entry, and reported to Citrix Analytics. The user risk score is not impacted.

    Marked feedback

  • Thumbs-down icon - Indicator is not helpful or incorrectly triggered. You can mark the indicator as not helpful and categorize it as Noisy, False positive, or Inconclusive. This occurrence of the risk indicator will be excluded from all subsequent updates to the user’s risk score. You can also provide additional comments, if necessary.

    • Noisy – Triggered indicator is suspicious or is an anomaly, but not risky.

    • False positive – Triggered indicator is not risky, because of incorrect event data or logic.

    • Inconclusive – Can’t determine if the events are risky and needs investigation.

      Note

      It takes up to 15 minutes time to recalibrate the risk score.

      Feedback marked not needed

You can view the following results if an indicator is marked as not helpful:

  • That particular indicator is hidden from timeline.

  • The Risk score is recalibrated as a result of excluding this indicator occurrence from the risk score calculation in subsequent updates.

  • Any additional information given as textual feedback is persisted for later reference.

View filters

Indicators that are marked as not helpful are hidden by default.

Indicators hidden

To view the hidden indicators, click Filter. In the Filter Events window that appears, turn on the Show risk indicators marked as not helpful.

Show hidden indicators

You can search the indicators based on categories. For example, to view the location-based hidden risk indicators, select the category and click Apply Filters. You can view all the location-based indicators that are not helpful with the feedback details.

Apply filters

As an administrator, you can also perform the following actions as needed:

  • Change the feedback

  • Review previous feedback and the associated metadata

  • Review the feedback provided by other administrator and the associated metadata

    Note

    • You can provide the feedback per user level not tenant level. The feedback for one risk indicator doesn’t apply to all instances of that particular risk indicator.

    • The feedback for one user doesn’t apply to other users.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:94 次

字数:5591

最后编辑:6 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文