User Threat Quotient (UTQ) report provides actionable security intelligence to an administrator, by helping them to get quick visibility of risky users who are posing security threats on organization’s network.
Cyberoam calculates UTQ score of each user based on their Web behaviour. Only Allowed (but potentially risky) and Denied Web traffic is considered in UTQ calculation. UTQ helps administrator to
- Spot risky users at a glance.
- Find out malicious insiders.
- Avoid chances of human oversight in correlating data from various logs and reports.
- Take appropriate actions like fine-tuning security policies, security awareness training etc.
- Relative Threat Score – Maximum threat posed by the user (in number), relative to the web behaviour of all other users for the selected date or date range.
- Relative Risk Ranking – Rank of the user (in number), in terms of posing security risk on the organization’s network, relative to the web behaviour of all other users for the selected date or date range.
- - UTQ Risk Meter, which displays threat score for the selected user, relative to the threat scores of all other users for the selected date or date range.
UTQ can be viewed for:
- Last 14 Days
- Last 7 Days
- Last 1 Day
By default, UTQ displays up to 100 risky users for the last 7 days along with their Relative Threat score and Relative Risk Ranking.
This article explains how to check UTQ score for a particular user.
UTQ for a day is calculated at the end of the day at 12AM. Meaning, to view UTQ report for the current day, you need to wait till the day is over.
You must be logged on to the Web Admin Console On-appliance Cyberoam i-View as an administrator with Read-Write permission for the relevant feature(s).
Login to the On-appliance Cyberoam i-View and navigate to On-appliance Cyberoam i-View > Dashboard > UTQ.
The bubble graph area is divided into three sections where;
- Top 10% are marked as High Risk Users
- Next 40% are marked as Medium Risk Users
- Last 50% are marked as Low Risk Users
Note that when the number of users for the selected period is less than 20, all the users are displayed as Blue bubbles and the sections mentioned above is not displayed.
- User: Username of the user as defined in Cyberoam. If the User is not defined, then it will display ‘N/A’ which means the traffic is generated by an undefined user.
- Relative Threat Score: Threat posed by the user (in number), relative to the web behaviour of all the other users, for the selected period.
To view the following reports for a particular user, navigate to Dashboards > Main Dashboard > User Threat Quotient (UTQ) > User. In this example, we are viewing the UTQ reports for the user with the maximum threat score - richa.soni.
- Top Risky Web Categories
- Top Risky Web Domains
- Top Risky Denied Web Categories
- Top Risky Denied Web Domains
You can further view reports for the selected user and a risky web category/domain or a denied web category / domain, by accessing the relevant widgets from the screen shown above.
Document Version: 1.1 – 22 January, 2015
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.