🆕Behavior analysis

Behavior analysis helps you understand user activities and identify security risks across your organization. Protect your data and optimize productivity by identifying business, non-business, and suspicious activities.

In this article, you will find:

• Introduction
• Behavior analysis permissions
• Behavior analysis section
  
  • What are behavior categories
  • How to set up working hours
  • What is active time
  • What is MD
• How to investigate individual user behavior
• FAQ

 

 

---

Introduction

Behavior analysis helps you understand user activities across your company. It helps you identify potential security threats, audit productivity, and detect risky behaviors. Whether you're concerned about user activities on job portals, illegal websites, or unauthorized application usage, behavior analysis gives you the insights you need.

In Behavior analysis, you can:

• Audit user activities.
• Audit overall productivity trends across your company.
• Categorize user activities as Business, Non-business, or Suspicious.
• Get an overview of social media use or job portal visits.
• Identify users who engage in suspicious activities.
• Track non-business related activities during work hours.
• Create layouts and reports with user behavior patterns.

 

 

---

Behavior analysis permissions

To access the Behavior section, you must have the Behavior permission.

Don't have access to the Behavior section?

• Ask an admin with the Settings and configuration permission to grant the Behavior permission to you.
• They can do this in Settings > Accounts and permissions > General permissions >

 

 

 

---

Behavior analysis section

In the Behavior analysis section, you can:

1. See a visual breakdown of user productivity trends: User activities are categorized into four behavior categories (learn more here), and you can see their distribution in an interactive chart. Click a segment of the chart to filter the table by that behavior category. For example, clicking Suspicious will display all users with Suspicious activity greater than 0%.

2.  User activity table: See details about the activity of each user. 

3.   Layouts: Behavior analysis includes predefined layouts for common scenarios:

• Behavior analysis AI tools usage: Audit usage of AI applications and services.
• Behavior analysis job search: Identify users potentially looking for new employment.
• Behavior analysis overview: Behavior of all users in the company in the last 7 days.
• Behavior analysis suspicious activity: Focus on potentially risky activities.

4.  Filters: You can filter the table by behavior categories (you can select one or multiple behavior categories) and set up working hours. You can also filter specific users, teams, or devices, and the date range.

5.  Export the Behavior analysis table:

• Apply desired filters: Filter the specific users, date range, behavior categories, or working hours to display the exact data you need.
• Export the table: Click the Export button above the Behavior analysis table to download a .xlsx file.

6.  Add or remove columns. You can also sort and rearrange columns.

 

What are behavior categories

Safetica automatically divides app and website categories into four different behavior categories:

• Business: Work-related activities, applications, and website visits.
• Non-business: Personal or leisure activities.
• Suspicious: Activities that may pose security risks or policy violations.
• Uncategorized: Activities that are not assigned to any app or website category (and therefore, not to any behavior category).

Currently, it is predefined what app and website categories belong to what behavior categories. In the future, admins will be able to customize which app/website categories belong to which behavior categories 

 

How to set up working hours

You can filter activities that happened during work hours. In the Working hours filter:

• Select your company's work days.
• Define the start and end times of your work days.

What is active time

Safetica only counts time when users are actively using an app or website:

• User is clicking, typing, or moving the mouse in the active window.
• Apps and websites open in the background don't count.

The counting of active time stops after 5 minutes of inactivity in the app or on the website. This is a default value that can be changed in Safetica Maintenance Console in Maintenance > Endpoint settings > Other settings by defining the Interval for the user's inactivity determination. 

 

What is MD

MD is a time unit that means man-day. One man-day is equivalent to 8 hours 

 

 

 

---

How to investigate individual user behavior

You can investigate activities of a specific user from their details either in the Behavior analysis section or User section:

1. Click a specific user to view their details.
2. Choose from:
• Show more: Displays the user in the Behavior analysis section. The values are shown for the last 30 days.
• All activity: See all the user's app usage or web visits in the last 30 days in the App usage or Website visits sections.
• Suspicious activity: Investigate only the suspicious apps or websites the user used in the last 30 days in the App usage or Website visits sections.

 

 

 

---

FAQ

Q: The Behavior analysis section shows that I do not have access to it. What should I do?

A: Request the Behavior permission from an admin who has the Settings and configuration permission.

 

Q: Can I change which activities belong to individual behavior categories? Can I change which activities are categorized as Business, Non-business, or Suspicious?

A: Not yet. Behavior categories are currently predefined by Safetica, but customization options will become available soon.

 

Q: How do I categorize "Uncategorized" activities?

A: To reduce uncategorized activities, categorize as many applications and websites as possible. Based on app/web categories, they are automatically assigned to the appropriate behavior category. Learn more about categorizing apps and websites here.