Investigate user assets associated with your incidents.
Drilldown on a user in the User Risk View or the User View. On this view you can investigate user type assets by reducing the number of steps it takes to collect data to research a user. Cortex XSIAM uses Identity Analytics to aggregate information on a user and displays insights about the user.
Notice
If the Identity Threat module is enabled you can open the User Risk View. This view displays insights and profiling information to help you investigate alerts and incidents. Viewing anomalies in the context of baseline behavior facilitates risk assessment and shortens the time you require for making verdicts.
If the Identity Threat module is not enabled you can open the User View. This view displays an overview of the user and information about the user's score and activity.
On the User Risk View, you can take the following actions.
Assess the user's behavior and score.
Review the user's working hours and past alerts.
Analyze the user's behavior over time and compare to their peers with the same asset role.
Star the user to be included in the watchlist.
Open the User Risk View or the User View.
Identify a user and select Open User Risk View or Open User Card.
Tip
You can also see a list of all users under
→ .Select the timeframe to view the user's details.
Investigate the user.