Examine the data

CyberArk Identity User Behavior Analytics uses machine learning to detect potentially anomalous user activities and generate alerts. You can use that information to examine the events and identify potential access risks, then drill into the specific events.

The CyberArk Identity User Behavior Analytics Portal has two primary interfaces, Insights and Explorer. The Insights view shows dashboards. When you drill into a data set from a dashboard, that information opens in the Explorer view.

The typical workflow is:

  1. Analyze the Insights dashboards.
  2. Drill into a point of interest, for example the High Risk Events in the Risks dashboard. and shows the query string used to generate the data.

    This action takes you to the Explorer view.

  3. Analyze the data and examine the query string that generated the data.
  4. Click a specific data point of interest and Apply to reset the corresponding charts.

    Alternatively, you can manually update the query string and click Apply.

  5. Investigate an anomaly, for example a high risk event.