The top_10_risky_users API endpoint returns the top 10 riskiest
users.
cURL command
curl -k -H
'Content-Type:application/json' -H 'Accept:application/json' -H 'SEC:SEC_TOKEN'
https://QR_IP_ADDRESS/console/plugins/UBA_APP_ID/app_proxy/api/top_10_risky_users
Sample return
Note: The following sample only shows an example return of one user.
{"users":[{"alert":"Test","aliases":["john.doe"],"city":null,"color_severity":4,"country":null,"custom_group":null,"dept":null,"display_name":"john.doe","email":null,"full_name":null,"id":4,"id1":"john.doe","id2":null,"id3":null,"id4":null,"in_custom_grp_peer_group_watchlist":false,"in_dept_peer_group_watchlist":false,"in_job_title_peer_group_watchlist":false,"in_ml_abridged_watch_list":true,"in_ml_watch_list":true,"in_peer_group_watchlist":false,"investigation_expires":1626364130,"investigation_started":1626277730,"investigation_user":"admin","job_title":null,"last_offense_time":1626278817,"latest_risk":80.0,"linked_import_ids":null,"manager":null,"member_of":null,"ml_id":"john.doe","ml_watched":false,"prolonged_risk":22555.0,"risk":1659.96,"risk_1":1674.72,"risk_2":1663.95,"risk_3":1667.6,"risk_poll_count":242,"risk_scale_max":1.0,"source":"ariel","state":null,"trending":-1,"trusted_user":false,"updated_this_run":0,"user_id":4,"username":"john.doe","watched":1,"watchlist_memberships":[{"addition_date":1626267571,"from_ref_set":false,"from_regex":true,"name":"Watch
ML Users with
data","ref_set":null,"regex":"ibm_sense","regex_field":"username","risk_scale":1.0,"source":"automatic","watchlist_id":2}],"watson_search_date":0,"watson_search_id":null}