Unusual Access issues (BETA)
The new Unusual Access analysis rule detects patterns of download activity that may indicate malicious usage by your users - such as theft of data by an employee before they leave your company. The rule is powered by a machine learning model that is continually trained on each user’s historical activity.
The model takes into consideration periodic variations in usage for each individual user, e.g. the fact that someone is usually most active on Wednesdays or the burst of activity at the end of each quarter from the finance team. A download count on any given day that exceeds the model’s predicted range of activity for the user for that day will flag an issue.
The amount by which a user must exceed their predicted activity before an issue is flagged can be controlled by a Detection Threshold setting for the rule. The approximate number of issues you should expect to see generated in a month is shown for each threshold setting, which will help you choose a threshold that works for you.
The Unusual Access rule is currently in beta. We look forward to hearing your feedback about it.
New user onboarding
New users will now see onboarding tips when they first open the Issues and Sensitive Content views. This will allow people you invite into the system to quickly familiarize themselves with the key aspects of the product.
Issues that have been ignored can now be reopened. A Reopen button appears in the detail view for each ignored issue.
OR/AND option for custom classification policies
The custom policy now offers an additional option to combine your selected patterns and keywords. In addition to matching files that contain any of your selected criteria, you may alternatively choose your policy to only match files that contain all your selected criteria. This allows you to find files that contain specific combinations of patterns and keywords. For example, you can create a custom policy now to find files that contain personally identifiable information about a specific list of individuals.