User Trust Level Alert

Detects the riskiest users in your organization, based on their User Trust Level, that should be prioritized for investigation. User Trust Levels evaluate the likelihood that a given account's actions pose a risk to a system or organization, by combining multiple data points - such as account metadata, behavioral patterns, device usage, location, and historical activity - to assign a user's Trust Level.

The Trust Level allows you to quickly and easily identify these concerning accounts so that you can investigate with urgency and remediate the situation as quickly as possible, reducing the attack timeframe or possibly preventing an attacker from successfully compromising a targeted account.

Recommended Actions

Prioritize the investigation of the user(s) and their associated risky events to confirm that the account is not compromised. If the user is compromised, consider killing all sessions, resetting the user's password and factors, and/or adding the user to a quarantine group with limited access in your identity provider.

Default Detection Settings

Include Questionable Trust Level users: false

Compatibility

All providers