Detailed view of threat actors
Monitored User view for threat actors only provides the top-level details. More details, such as a list of threat activities and their success state and the progression of the risk posed by the activities, are available in the detailed view.
Here are some of the threat actor details seen in the detailed view.
Threat actor state
| Most of the details seen here are the ones seen in the Monitored Users view—AppSentinels-Recommended state for monitoring the user, the current monitoring state of the user, Risk-level of the user, and the number of threat attempts. |
|
Threat source
| The details of the source of a threat actor include the geolocation, the time and date when the first and last activity was seen, and the IP address or user ID. |
|
Threat activities
| In the Activity Information area, a summary of the threat activities is listed by API action, Attack techniques used and their success state, and the Top 10 APIs targeted and their success rate. A detailed list of the activities, along with the severity, impact, tactic, category, and technique, can be seen in the Activity Table. |
|
Attack Tactics and risk progression
| In the Tactics & Risk Progression area, a visual representation of the progression of the attacks can be seen. |
|
