Dashboard View of User Risks and Threats

Understand how to find and interpret information on user risks and threats that is available in the Dashboard.

The Dashboard provides quick access to summaries of risks and threats. From the Dashboard summary information you can click through to the full details from the log data:

• Suspicious activity threats

• User behavior anomalies

• Activity from suspicious IP addresses

Suspicious activity threats. Oracle CASB Cloud Service identifies activity patterns that appear to be suspicious and marks them as Threats in the Health Summary card. Click the number in the card to view the details for these threats in Risk Events. By default the Risk Events page shows events for all application instances. You can filter the list to show events for any one or more application instances that you select. See Viewing Suspicious Activity Threats.

You can also view a single type of risk event for a single application instance by drilling down from the Applications page. See Risks Specific to Each Application: The Applications Page.

User behavior anomalies. Oracle CASB Cloud Service assigns a risk score to the user based on significant deviations from the user's typical activities. These are shown in the User risk levels card. Click anywhere in the chart to view details for each user's risk score. See Finding Users at Risk.

Activity from suspicious IP addresses. Oracle CASB Cloud Service also identifies suspicious IP addresses using third-party IP reputation and network information feeds, as well as your own IP whitelist and blacklist data. These appear as red pins in the Access Map. If a red pin shares a geographical region with other pins (red or green), the map shows a red radial icon. Click a pin and then click the event link in the related pop-up to view suspicious IP address details. See Monitoring Suspicious IP Addresses.