# User Trust Level Alert Detects the riskiest users in your organization, based on their [User Trust Level](/user-trust-level.md), that should be prioritized for investigation. User Trust Levels evaluate the likelihood that a given account's actions pose a risk to a system or organization, by combining multiple data points - such as account metadata, behavioral patterns, device usage, location, and historical activity - to assign a user's Trust Level. The Trust Level allows you to quickly and easily identify these concerning accounts so that you can investigate with urgency and remediate the situation as quickly as possible, reducing the attack timeframe or possibly preventing an attacker from successfully compromising a targeted account. **Recommended Actions** Prioritize the investigation of the user(s) and their associated risky events to confirm that the account is not compromised. If the user is compromised, consider killing all sessions, resetting the user's password and factors, and/or adding the user to a quarantine group with limited access in your identity provider. **Default Detection Settings** Include Questionable Trust Level users: false **Compatibility** All providers --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.oort.io/understanding-check-failures/oort-insights/identity-threat-detection-insights/user-trust-level-alert.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.