Anomalous Activities
The following charts display anomalous activities.
|
Chart |
What it shows |
|---|---|
|
Anomalous Activities |
A map view with geographic pointers indicating where anomalous activity has likely occurred, showing login or cloud activities by the same user across multiple geolocations. This type of anomaly is called a geoanomaly. If geoanomalies have been detected, the map shows one or more geographic pointers identifying where the activity in question took place. This view is typically used to identify account hijacking or compromised account credential scenarios. |
|
Anomalous Downloads |
The number of downloads that exceed the expected download activity for your enterprise, by file size. |
|
Anomalous Authentication |
The number of times an anomalous pattern is found in a user's network events, including logins, failed or brute-force login attempts, and logouts. |
|
Anomalous Content Delete |
The number of content delete activities for anomalous content. |
|
Anomalous Downloads by Count |
The number of downloads that exceed expected download activity for your enterprise. This information is typically used to identify data exfiltration attempts by a bad inside actor. This is done by profiling normal user activity and triggering an anomalous activity when unusual download activity takes place for that account. |