In Safetica NXT, each event is assigned one of four risk levels (high-risk, medium-risk, low-risk, or info) based on various factors that determine how likely it is to cause a data leak. For example, sending data via instant messaging might be a low-risk event, while uploading data from a network drive to webmail should be considered a high-risk operation.
Safetica NXT only records outgoing events, i.e. transfers where data leaves the secure perimeter of a user's endpoint.
To see which detection rules were triggered and what other reasons are there to classify an event as high, medium, or low-risk, hover the mouse on the risk level of that event.
How to recognize risky events?
Individual risk levels are indicated by colors - from grey for Info events to red for High-risk events.
High-risk events are also highlighted by a red exclamation mark in the Events per user table.