Veritas Data Insight User's Guide
- Section I. Introduction
- Section II. Data Insight Workspace
- Navigating the Workspace tab
- Analyzing data using the Workspace views
- Viewing access information for files and folders
- Viewing user activity on files or folders
- About visualizing collaboration on a share
- Viewing access information for users and user groups
- Section III. Data Insight reports
- Using Data Insight reports
- About Data Insight security reports
- Permissions reports
- Permissions Search report
- Creating a Permissions Query Template
- Permissions Query Template actions
- Ownership Reports
- About Data Insight storage reports
- About Data Insight custom reports
- Managing reports
- Viewing reports
- Using Data Insight reports
- Section IV. Remediation
- Configuring remediation workflows
- Managing workflow templates
- Creating a workflow using a template
- Managing workflows
- Using the Self-Service Portal
- About the Self-Service Portal
- Managing data
- About managing data using Enterprise Vault and custom scripts
- About adding tags to files, folders, and shares
- Managing permissions
- Configuring remediation workflows
- Appendix A. Command Line Reference
About the Risk Dossier
The Risk Dossier for a user provides the next level of detail into the user risk score. The Risk Dossier displays visualizations that provide more insight into the factors that contribute to the risk score and explains why a user is considered risky. The Risk Dossier also helps you investigate reasons for a spike in the risk score in the past by answering questions such as:
What is the historical risk landscape for a user?
Why is risk score high for a user on a given date?
What contributes to the risk score?
How can we mitigate the risk?
You can navigate to the user Risk Dossier from any of the following pages in the UI.
On the Users tile of the Data Insight Dashboard, click the graph icon.
Click Users list page, select a user and click , and then click .
> . On theAlternately, on the Users list page, click the graph icon in the Summary panel to maximize the risk dossier view. Close the view to return to the previous page.
Note:
The Risk Dossier view is visible only to the users assigned the Server Administrator role.
The Risk Dossier tab provides the following visualizations for a user's risk score:
The risk history graph shows the risk score of a user for the configured analytics period. The graph gives you an idea of how the risk score for a user is moving. A sudden spike in the risk score may warrant an investigation. You can click on a date on the risk history graph to know the composition of the risk score for the Access, Anomaly, and Alerts factors as of that date.
Cards that display the breakup of a user's risk score on a date selected in the Risk History graph, with details of the individual scores of the different factors that constitute the risk score (Access, Anomaly, and Alerts). The cards also let you compare the risk score factors for a historical date with the factors as of the current date.
Click on any of the three risk score factors, namely Access, Anomaly, and Alerts to get to further details about the nature of the risk score factor contributing to the score on that day.
The user risk factor (Access) displays the potential for damage from a high-risk user. The view provides a bar graph that displays the top accessible and sensitive shares and compares the number of accessible files to total files. The graph also compares the access information from the current date with that on a historical date. Additionally, it provides the count of accessible shares.
To further assess the permissions on a share, click on the share names in the Accessible Shares or the Sensitive Shares graphs to navigate to the permissions view for that user for the share.
The graphs provide the following insight into what is at stake if a user were to become malicious:
The Accessible Shares graph shows the top five shares based on the number of accessible files by the user in a particular share. This graph gives you an idea of the amount of data that a high risk user has access to. You can use the information to protect against any malicious activity that the user may perform. You can also perform a comparative analysis of the number of files accessible to the user during the current date and a historical date on the risk history graph.
The Sensitive Shares graph gives you a comparative analysis of the total sensitive files on the top 5 sensitive shares and the number of sensitive files that the user can access on those shares.
Data Insight takes into account the deviation in the activity pattern (anomaly) observed in the last 15 days for calculating the risk score for a user. The anomaly spectrum displays the deviation (over average of the last 180 days) for each counter that Data Insight monitors - read, write, create, delete, security, and file count.
Click on a day in the
graph and the anomaly spectrum is calculated for the last 15 days from the current day.Click on the Alerts Overview graph displays the frequency of alerts based on severity (low, medium, high) for the last 15 days from the date selected on the Risk History graph.
card to review the alerts raised against the selected user. TheThe list of policies that the user has violated along with the policy configuration details are also displayed below the graph.
You can choose to disable the user risk dossier computation which provides the data for the Risk Dossier graphs. Run the following command on the Management Server to set a global configuration property:
configdb -O -J disable_dossier -j true
The Risk Dossier database is deleted by default after 3 months. The purging period can be changed by running the following command on the Management Server.
configdb - O - J purge_dossier_months - j <number in months>
For example, to set the purging period to 3 months, run the command:
configdb - O - J purge_dossier_months - j 6
Note:
If you configure a higher purge period, you will need to provision more storage on the Management Server for storing the dossier data.