What is risk level in Safetica NXT?

In Safetica NXT, each event is assigned one of four risk levels (high-risk, medium-risk, low-risk, or info) based on various factors that determine how likely it is to cause a data leak. For example, sending data via instant messaging might be a low-risk event, while uploading data from a network drive to webmail should be considered a high-risk operation.

Safetica NXT only records outgoing events, i.e. transfers where data leaves the secure perimeter of a user's endpoint.


To see which detection rules were triggered and what other reasons are there to classify an event as high, medium, or low-risk, hover the mouse on the risk level of that event.

How to recognize risky events?

Individual risk levels are indicated by colors - from grey for Info events to red for High-risk events.

High-risk events are also highlighted by a red exclamation mark in the Events per user table.

Want to learn more? Read next:

How to filter high-risk events

How to create a new detection rule

Safetica NXT Data security - Detection rules

Safetica NXT Data security - Overview