Users
The users dashboard displays an overview of the users currently tracked in the network.
To manually add a new user to be tracked by Threat Defender, click the Add button above the overview panels (see User Settings).
Click Create Report if you wish to create a downloadable PDF report on the users database. The report contains the entire users table.
The overview panels show the total number of users by category:
Current - the total number of users currently stored in the database of Threat Defender.
Created - the number of users created in the past day.
Updated - the number of users updated in the past day.
Seen - the number of users seen by Threat Defender in the past day.
The table displays an overview of the available user information. The icon in last column allows you to directly access the reporting section under Analytics for the respective user. You can also view the user details, edit the user settings or delete the user.
User Details
To see further details about a user, click in the overview table or double-click its row. The details page displays the available information on the user in several tabs.
The buttons at the top of the page allow you to edit or delete the user. Click Create Full Report or Create Summary Report if you wish to create a downloadable PDF report on the user. The full report contains all information displayed in the details page, including the charts. The summary report contains only the data tables.
User
The User tab displays all information collected about the users when Threat Defender last saw them, i.e. when they were last connected to the network:
Field |
Description |
---|---|
Name |
The displayed name of the user. |
Username |
The internal login name of the user. |
Domain |
The domain assigned to the user. |
Last Login At |
The date when the user last logged in to the network. |
Last Login From |
The IP address used when the user last logged in to the network. |
Last Logout At |
The date when the user last logged out of the network. |
Last Logout From |
The IP address used when the user last logged out of the network. |
Seen At |
The date when the user last connected to the network. |
Created At |
The date when the user was created in Threat Defender. |
Updated At |
The date when the user was last updated in Threat Defender. |
Assets
The Assets tab shows the assets associated with the user.
To manage multiple assets at once, mark their checkboxes in the first table column. You can then perform the following List Actions:
Operations: Add tags to the selected assets or remove tags from them. You can also merge several assets into one Primary Asset.
Reset Last Seen: Delete the metadata currently stored in the Last Seen section of the selected assets.
The Static Assets table displays the assets that were manually assigned to this user:
The icons in last table column allow you to view, edit or delete the respective asset. You can also access the reporting sections for its outbound () and inbound () traffic under Analytics by clicking the respective icon.
The Auto connected assets via last seen table displays the assets automatically allocated to this user.
Field |
Description |
---|---|
Last Seen |
The date and time when Threat Defender last saw the asset. |
Name |
The name of the asset. |
The icon in the last table column allows you to delete the asset.
IP Addresses
The IP Addresses tab displays the IP addresses automatically allocated to this user at login.
Field |
Description |
---|---|
Last Seen |
The date and time when Threat Defender last saw the IP address. |
IP Address |
The assigned IP address. |
The icon in the last table column allows you to delete the IP address.
Incidents
The Incidents tab displays an extract from the threat intelligence incident log that contains the incidents involving the user:
Field |
Description |
---|---|
Created At |
The date and time the incident was created in Threat Defender. |
Severity |
The severity logged for the incident. |
Action |
The rule action logged for the incident. Actions are |
Type |
The type of the reported incident; |
Indicator |
The detected threat intelligence indicator. |
Classification |
The applications and/or protocols involved in the event. |
Assets |
The source and destination assets involved in the incident. |
IP Addresses |
The source and destination IP addresses involved in the incident. |
Ports |
The source and destination ports involved in the incident. |
Countries |
The source and destination countries of the flow involved in the incident. If a private IP range is used, the country is displayed as |
Click in the last table column to go to the respective entry in the Incident Logs under Threats > Incident Logs.
Events
The Events tab displays log events involving the user:
Field |
Description |
---|---|
Created At |
The date and time the event was created in Threat Defender. |
State |
The state of the logged event, i.e. whether it was successful or failed. |
Tag |
The tag assigns the event to a certain log. |
Action |
The action logged for the user. |
Message |
A message describing the event. |
Username |
The login name of the user involved in the event. |
User IP Address |
The IP address of the user involved in the event. |
If you click in the last table column or double-click a log entry, you will be taken directly to the respective page in the Audit Logs.
Analytics
The Analytics tab shows charts that visualize the traffic information available for the user. They are grouped in tabs by reporting period (last day, last week, last month).
User Settings
When you manually add a new user to be tracked or edit an existing one, the settings screen is displayed with the following options:
Field |
Description |
---|---|
Associated Asset |
If applicable, the assets associated to this user are displayed with their names and a link to their details pages. |
Name |
Enter the name to be displayed for the user. |
Username |
Enter the login name of the user. |
Domain |
Optional: Assign a domain to the user. |
Note |
Optional: Add a short description of the user. |
The buttons at the bottom of the screen allow you to store your changes (SAVE) or to discard them (CANCEL).