Security Dashboard widget - Top users with risk incidents

The Top users with risk incidents widget comprises of Users with risk incidents and Top risky users widgets. The Users with risk incidents widget displays the total number of users in the organization with a risk incident (high, medium, low, or no). The Top risky users widget lists the users with the highest risk scores.

Users with risk incidents

The Users with risk incidents dashboard displays the risk incident severity trends and the total number of users who contribute to risk incidents. Click the risk (high risk, medium risk, low risk) to display the number of users with that risk.

Example of users with risk incidents

On the Users with risk incidents dashboard, the graph displays the risk incident category and the users in the organization with risk incidents.

Users with risk incidents
The following data is displayed in the graph:
  • Nine users have risk incidents that are categorized as high, medium, or low risk incidents.
  • For a detailed view of users with risk incidents, see the User List dashboard. On this dashboard, click the user name to view the user summary and more details about risk incidents for that specific user.

Using the Risky users dashboard to view users with risk incidents

To view the User List dashboard, click the graph line for a risk category. This dashboard provides an expanded view of users with high risk, medium risk, or low risk incidents.

Example of the User List dashboard

Risky users

You can use the User List dashboard for the following actions:

  • View the total number of users with high risk incidents, medium risk incidents, and low risk incidents against the total number of users in the organization.
  • View all the user names with risk incidents under each risk category (displayed by default).
  • Use the Search option in the User List to filter users by user name. For this option, the risk that is associated with the searched user is only displayed. The search field supports letters only. You cannot use numbers or special characters in the search field.
  • Use the Filter option to view users with high risk, medium risk, or low risk incidents. You can also specify the minimum and maximum range of risk scores to view users who have risk incidents within that range. Click Apply Filters to save and apply the filter options that you selected. Both the user list data and the chart dashboard are updated based on the filters that you applied.
  • Use Reset Filters to reset filters back to the default view that lists all the user names with risk incidents under each risk category.
  • The following details are displayed for a user based on the filters that you selected:
    User detail Description
    User name A list of the user names who have risk incidents in the selected risk category.
    Note: If a user account is at risk and deleted from MaaS360, the security dashboard only displays the user name in the Risky users list. Because user details are not available in MaaS360, user details such as email address, user source, domain, and user groups values are displayed as a hyphen for these user accounts. When the security dashboard is refreshed, the user accounts that are deleted in MaaS360 are no longer listed in the risky user list.
    Risk score Each user's risk score.
    Number of incidents The total number of risk incidents for a user.
    Number of risky devices The total number of devices that a user is responsible for. A user can have more than one device.

Viewing summary details for users with risk incidents

From the User List dashboard, click a user name to view more details about the risk incidents for that user.

Example of the summary view for risky users

Summary view
This view provides the following details:
Section Description
Risk incidents and user details The section provides a graph and the total number of incidents under each incident severity.

The graph displays historic details of the risk incident occurrence with event occurrence dates including the total number of high risk, medium risk, and low risk incidents. Every time the risk engine runs, the incident occurrence and the timeline is updated. The risk incident also lists the number of high risk, medium risk, and low risk incidents that are present for the user account. The user details list the risk score of the user, user email address, user source, domain, and the user group that the user belongs to.

Risky devices The section lists all the devices for a user that are causing risk incidents and contributing to the user's risk score. This user might have more than one device. All devices with risk incidents for the user account are displayed.

Example of a list of risky devices for a user

Risky devices

Summary view of risky devices for a user

The following details are displayed for a user's risky device:
Detail Description
Device name The name of the user device with a risk incident. A device can have more than one risk incident. Click on the device name to view the device's summary page.
Risk contribution The calculated sum of risk scores that the device is responsible for. All risk incidents for that device contribute to the calculated total risk score.
Managed status The status of the device (enrolled or not enrolled) in the organization.
Incidents The total number of risk incidents for the device. All incidents that occur on the device contribute to the risk score.

Click on the incident to view details about the cause of the incident, severity, when the incident was first detected, and the incident status (open or resolved). If more risk incidents are detected, <count> more including the link is displayed. The count displays the remaining number of risk incidents. Click more to display all risk incidents on the device including incident details.

Filter by Incidents are filtered based on rules. When you apply a filter, only incidents on the device for the risk rules that you selected in the filter option are displayed.
Bell icon risk A notification is sent to a user that their device is identified as risky and provides reasons why the device is risky. This option is available only if the device-managed status is enrolled or activated.
Example of sending a notification about a risky device to a user
Send notification
More

A detailed view of all incidents that is displayed for a user device. You can also view the total number of risk incidents that are associated with a user device.

Example of a detailed view of incidents for a user device
Detailed view of a risk incident

Top risky users

The Top risky users chart lists the users with the highest risk scores. The users with the highest risk scores are ranked first, and then ranked in decreasing order. The Security Dashboard lists the top five risky users. Click View more to display the Risky users dashboard. From this dashboard, administrators can view all the risky users who are ranked in decreasing order based on their risk score.

The report statistics list the risk scores and the corresponding incidents that contribute to the risk score. Administrators can also view the number of risk incidents that are listed for each risk category type.

Example of statistics for the top risky users

Top risky users