Which users are accessing high-risk cloud apps most frequently?

Investigate Cloud App Use | TRITON RiskVision | 01-June-2016

Use the dashboard charts on the Reporting > Cloud Apps page to get a quick overview of the users accessing high-risk cloud apps most often.

By default, the Top Users of High Risk Cloud Apps chart shows the users who have accessed high-risk cloud apps most frequently, based on number of visits to the apps. Users may be identified by IP address or, if RiskVision is receiving X-Authenticated-User headers, user name.

Use the toggle buttons to the right of the chart to change from bar to pie chart view.

Hover the mouse over any bar or pie slice in the chart to see the number of high risk cloud apps that the user visited.

New cloud app incidents are shown in the Transaction Viewer in real time, and aggregated to update the chart every 6 hours.

Use the Transaction Viewer to find out more about activity from a specific user.

More information about users of high risk cloud apps with the Top Users of High Risk Cloud Apps presentation report. To generate the report:

Navigate to the Reporting > Executive Reports tab.

Enter a descriptive Report title and select the Time period to include in the report.

Select the Custom report radio button, then select Top Users of High Risk Cloud Apps.

Indicate how many records to include via the Top N number field (10, by default), then select a Report format.

To see information about cloud app transactions that did not have associated malware or data loss incidents, clear the check box next to Hide suppressed incidents.

Click Run Report Now.

When the report has generated, click the link below the Run Report Now button to review the report.

The report includes 2 sections:

A summary report that lists the users who connected to the most cloud apps, with the number of monitored apps accessed at each risk level (high, medium, low).

A report listing each user who accessed one or more high-risk cloud apps, with the name of the app or apps that each used.