Privileged Risky Activity detection

This topic describes Privileged Risky Activity detection.

Overview

Privileged Risky Activity detection enables you to detect suspicious commands in your environment during live and recorded sessions. Privileged Detection comes with a set of default Privileged Risky Activity rules that are based on analysis performed by CyberArk Labs, and represents best practices.

In Privileged Risky Activity rules, you assign risk levels, which enable you to immediately identify and respond to the most critical threats to the organization.

Based on these rules, user activity is analyzed and events are created enabling you to get more details about suspicious command activity.

When a Privileged Risky Activity event is detected, you can configure ISI to automatically remediate the event based on the type of remediation selected in the Privileged Risky Activity rule: No action, Suspend, or Terminate.

For more information, see View and analyze Privileged Risky Activity events.

We encourage you to add Privileged Risky Activity rules or edit the default rules to best match your specific needs and policy. For more information about how to view the rules and change a rule's properties, see Manage Privileged Risky Activity rules.