How to filter high-risk events

Learn how to filter records to discover and investigate high-risk events

Safetica NXT audits outgoing data transfers from endpoints on which it is installed and provides details about them to the admin. Since users may perform hundreds of such operations every day, Safetica NXT automatically determines their risk level based on how likely they are to cause a data loss.

 

There are 3 ways to filter high-risk events and see files that need your attention with the highest priority:

1.  In Data security > Overview, click the high risk events link in the upper banner .

High-risk filtering2

 

2.  Click the Risk level filter icon   in the Event overview table and select High.

 

3.  To see high-risk events for a specific user, click the red number in the Events per user table.

events per user

High-risk events are always filtered in all the three main elements of the page – the Event overview table, the Events per user table, and the Events in time chart.

How to remove filters

You can see what filters are applied under the upper banner. To remove individual filters, click in the respective tag . To remove all filters, click the Clear all button on the right .

Best practice: Select high and medium-risk events in the Risk level filter and only disable it when you want to check the activities of specific users.

How to change time range

If you can’t see any results after filtering, try broadening the time range in the upper right corner of the screen. You can also pinpoint a more specific time by clicking and dragging your mouse in the Events in time chart.

timepicker in chart

Want to learn more? Read next:

How to use custom filters

How to filter aggregated events

How to export event records

How to export records of aggregated events