Users

The users dashboard displays an overview of the users currently tracked in the network.

To manually add a new user to be tracked by Threat Defender, click the ADD button above the overview panels (see User Settings).

Click CREATE REPORT if you wish to create a downloadable PDF report on the users database. The report contains the entire users table.

The overview panels show the total number of users by category:

  • Current - the total number of users currently stored in the database of Threat Defender.
  • Created - the number of users created in the last day.
  • Updated - the number of users updated in the last day.
  • Seen - the number of users seen by Threat Defender in the last day.

The table displays the information available on the network users:

Field Description
Created At The date and time the user was created in Threat Defender.
Seen At The date and time the user was last seen by Threat Defender.
Name The name of the user as it is displayed in the reporting, etc.
Username The internal login name of the user.
Last IP The IP address the user most recently used.

The button in last column allows you to directly access the reporting section under Analytics for the respective user. You can also view the details of the user and edit or delete it.

User Details

To see further details about a user, click in the overview table or double-click its row. The details page displays the available information on the user in several tabs.

The buttons at the top of the page allow you to edit or delete the user. Click CREATE FULL REPORT or CREATE SUMMARY REPORT if you wish to create a downloadable PDF report on the user. The full report contains all information displayed in the details page, including the charts. The summary report contains only the data tables.

User

The User tab displays all information collected about the users when Threat Defender last saw them, i.e. when they were last connected to the network:

Field Description
Name The displayed name of the user.
Username The internal login name of the user.
Domain The domain assigned to the user.
Last Login At The date and time the user last logged in to the network.
Last Login From The IP address used when the user last logged in to the network.
Last Logout At The date and time the user last logged out of the network.
Last Logout From The IP address used when the user last logged out of the network.
Seen At The date and time the user last connected to the network.
Created At The date and time the user was created in Threat Defender.
Updated At The date and time the user was last updated in Threat Defender.

Assets

The Assets tab shows the assets associated with the user.

The Static Assets table displays the assets that were manually assigned to this user. To manage multiple static assets at once, mark their checkboxes in the first table column. You can then perform the following List Actions:

  • Operations: Add tags to the selected assets or remove tags from them. You can also merge several assets into one Primary Asset.
  • Delete: Delete the selected assets from the database.
  • Reset Last Seen: Delete the metadata currently stored in the Last Seen section of the selected assets.

The table shows the following information:

Field Description
Created At The date and time the asset was created in Threat Defender.
Name The name of the asset.
User The user this asset is assigned to.
Gateway The icon in this column indicates whether the asset is a gateway () or not (). For gateways, the IP addresses are not tracked.
Tags The tags assigned to the asset.
MAC Addresses The MAC addresses tracked for the asset.
IP Addresses The IP addresses tracked for the asset.
Last Seen The metadata collected for the asset when Threat Defender last saw it. Click to show additional information and to show less information.

The buttons in last table column allow you to view, edit or delete the respective asset. You can also access the reporting sections for its outbound () and inbound () traffic under Analytics by clicking the respective button.

The Auto connected assets via last seen table displays the assets automatically allocated to this user.

Field Description
Last Seen The date and time when Threat Defender last saw the asset.
Name The name of the asset.

The button in the last table column allows you to delete the asset.

IP Addresses

The IP Addresses tab displays the IP addesses automatically allocated to this user.

Field Description
Last Seen The date and time when Threat Defender last saw the IP address.
IP Address The assigned IP address.

The button in the last table column allows you to delete the IP address.

Incidents

The Incidents tab displays an extract from the threat intelligence incident log that contains the incidents involving the user:

Field Description
Created At The date and time the incident was created in Threat Defender.
Severity The severity logged for the incident.
Action The rule action logged for the incident. Actions are allow, reject and drop.
Rule The name of the policy rule that logged the incident.
Indicator The detected threat intelligence indicator.
Classification The applications and/or protocols involved in the event.
Assets The source and destination assets involved in the incident.
IP Addresses The source and destination IP addresses involved in the incident.
Ports The source and destination ports involved in the incident.
Countries The source and destination countries of the flow involved in the incident. If a private IP range is used, the country is displayed as Unknown or invalid territory.

Click in the last table column to go to the respective incident log entry under Threats > Incident Logs.

Events

The Events tab displays log events involving the user:

Field Description
Created At The date and time the event was created in Threat Defender.
State The state of the logged event, i.e. whether it was successful or failed.
Tag The tag assigns the event to a certain log.
Action The action logged for the user.
Message A message describing the event.
Username The login name of the user involved in the event.
User IP Address The IP address of the user involved in the event.

If you click in the last table column or double-click a log entry, you will be taken directly to the respective page in the audit logs.

Analytics

The Analytics tab shows charts that visualize the traffic information available for the user. They are grouped in tabs by reporting period (last day, last week, last month).

User Settings

When you manually add a new user to be tracked or edit an existing one, the settings screen is displayed with the following options:

Field Description
Name Enter the name to be displayed for the user.
Username Enter the login name of the user.
Domain Optional: Assign a domain to the user.
Note Optional: Add a short description of the user.

The buttons at the bottom of the screen allow you to store your changes (SAVE) or to discard them (CANCEL).

results matching ""

    No results matching ""