1. Using Oracle CASB Cloud Service
  2. Monitoring Cloud Applications
  3. Analyzing User Activity Risks and Trends
  4. Risk Summaries: The Dashboard Summary Tab

Risk Summaries: The Dashboard Summary Tab

Understand how to view summary information on risks in the Dashboard.

What to Look at First

After your first login to a new account, each time you log in to Oracle CASB Cloud Service, the landing page shows the Summary tab in the Dashboard.

Unless there are particular issues that you want to concentrate on, you can view the Health Summary card to see if there are any current risks. If any of the following items has a value higher than zero, you can click the number to immediately view details of the risk in the Monitor:

  • Non compliant security controls. One or more of your registered cloud services has security configuration settings that don't match your preferences.

  • Policy alerts. An action was taken in one or more of your registered cloud services that doesn't comply with rules that you or another administrator defined in Oracle CASB Cloud Service.

  • Threats. Oracle CASB Cloud Service identified potentially suspicious actions in one or more of your registered cloud services. The Oracle CASB Cloud Service threat engine tracks user behavior and flags both anomalies and behaviors that appear to exceed a normal threshold.

Cards in the Summary Tab

  • Health Summary: A rollup of all risks for all monitored services. Click any number to view the details for the risk type.

  • Access map: Locations of normal and suspicious IP addresses that have accessed the monitored services.

  • IP addresses analyzed. A count of normal and suspicious IP addresses. IP addresses that are flagged as suspicious have been identified either by a Oracle CASB Cloud Service administrator or a third-party IP reputation feed.

  • User risk levels: Shows users with risky behavioral profiles. A high risk score indicates a user account that might be subject to misuse (account sharing, account compromise, or another issue).

  • Users with the most failed login attempts: Shows the top 5 users with failed logins. An exceptional number suggests a brute force attack. Click the report icon to drill down to a report of all failed logins.

  • Users with the highest login activity: Shows trends related to user logins. Click the report icon to drill down to a report of all login activity.

  • Client type and activity: The clients (including web services) and devices that are accessing your applications.