Save your time and investigate issues with the help of Insights.
❗Insights are currently available only in cloud-hosted Safetica. It is not yet available in Safetica hosted on-premises.
In this article, you will learn:
- What are insights
- Investigate an issue
- Share an insight
- Close an insight
- Filter and sort insights
- FAQ
Introduction: What are insights
Insights are smart, actionable tasks triggered by issues detected by Safetica that admins should give their attention to. Their key value is to save admins' time. That's why Insights are:-
- Centralized and prioritized from security perspective (centralized in the Insights section, prioritized by Severity).
- Aggregated - Safetica consolidates operations for the same user, operation, policy, and destination type into a single insight until the insight is closed.
- Insight workflow - after the admin finishes investigating an issue, they can close the related insight. Any recurring behavior will trigger a new insight.
✍️You can learn more about Insights in general here.
Investigate an issue
Option 1: Using Related records
Use the Related records button 
(or the quick action in the insight detail) to see exactly what happened.
How it works:
- A new tab with all the associated records will open. You can check all their details, such as the risk, the matched data classification, the classification detail, etc.
- The insight is continuously updated with Related records and Last activity time (shows when the insight was last detected in the environment) until it is closed.
- After closure, any new related issues will trigger a new insight.
Example: In the video, user Eva Baily tried to visit the website www.illegal.com 4 times which violated the a policy. You can see the times of individual attempts, with the last attempt made on 6th November at 12:38:56, and that the Recommended basic security policy blocked all of them.
Option 2: Using AI summary
Click the Summarize button 
to generate an AI-driven overview of what happened using Safetica's Contextual Defense engine. The AI summary contains all interesting info about issues from across the Safetica console.
Benefits:
- See what happened, when, which user, destination type, and policy were involved, all matched data classifications, etc. - all described in natural language.
- Quickly grasp large-scale operations without going through individual records.
Share the AI summary:
- Use the Copy to clipboard button to share the summary with colleagues. You can then just paste the copied summary where needed.
Example: Eva Baily violated a data policy because she sent files via instant messaging.
In the video, you can see how the AI summary of the insight is generated, what information it contains, and how you can share it with other admins.
Share an insight
To share a specific insight with another Safetica admin for further investigation:
- Click the insight to open its detail.
- Click the ID to copy its link into the clipboard.
- Share the link with another Safetica admin (they must have access to Safetica console).
- When the admin opens the link, they will see the specific insight.
Close an insight
After you finish investigating the issue, close the insight.
You can close:
- A specific insight from the:
- List of insights - just click the Close button and select a reason.
- Insight detail - click the insight, select a reason for closing, add a description in your own words, and click Close insight.
- List of insights - just click the Close button and select a reason.
- Multiple insights at once - select the insights using checkboxes, click the Close button above the table, and select a reason.
You can choose from the following reasons when closing the insight:
-
- Action taken: Corrective actions were taken (e.g., user was warned or compliance measures were put in place).
- Personal use: The files or activity were personal and not business-related.
- Approved activity: The activity was reviewed and approved for business or operational purposes.
- False positive: The activity was incorrectly flagged as an insight, but it is not a security concern.
- Other: The insight detail will open and you will have to enter a description of the issue resolution.
Important notes:
- Closed insights disappear from the insight list (cancel the Status filter to see all insights including closed ones)
- All admins (with access to the specific user) can then see who closed the insight, when, and why (the description they wrote).
- Insights related to Privileged access cannot be closed while Privileged access is granted to the user. To close such an insight, revoke the Privileged access first - just go to the Quick actions in the insight detail and click Revoke privileged access to given user.
✍️When you close an insight, but the issue is repeated, a new insight will appear and consolidate future related operations.
❗For now, you can't reopen or edit a closed insight.
Filter and sort insights
You can filter insights by:
-
Reason: The reason that caused an operation to appear in Insights (i.e., the type of the insight). For example, if you want to see only blocked applications, you can filter them here.
- Status: You can filter out either new or closed insights. By default, only new insights are displayed.
- Severity: You can filter insights by severity.
Sorting only works for Severity, Status, and Last activity.
FAQ
Q: Can I exclude specific users from Insights?Read next
Insights: Intelligent management of threats, incidents, and events
Insight detail: A bridge between the insight and other parts of Safetica console