The Protect dashboard provides a visual representation of real-time data.
To access the Protect dashboard, in the PingOne console, go to .
Risk totals chart
The Protect dashboard shows the Risk totals chart, which summarizes all risk events analyzed in the selected time period. You can use the slider under the Risk summary chart to show data from the current day, past week, past month, or past six months. The columns in the chart rescale to show information over the selected time period. You can hover over a column to show the specific period it represents.
The columns in the chart rescale to show information over the selected time period. Each column is broken down into five sub-columns, defined at the top of the chart from left to right:
- The number of analyzed events
- The number of medium risk events
- The number of high risk events
- The number of high risk users
- The number of high risk IP addresses
In addition to the Risk totals chart, the Protect dashboard consists of the following graphs, each of which can be expanded for greater detail:
Monitored risk data
The expanded graphs include tables of the following monitored data.
| Field | Format | Sample Values | Description |
|---|---|---|---|
|
Time |
YYYY-MM-DD HH:MM:SS |
2020-12-20 14:01:36 |
Time of the event. The time is local time of the administrator. |
|
User |
Text |
User identification in the system |
User ID. The value depends on the administrator's selection, such as UUID, email, and user name. |
|
Risk Level |
Text |
Low, Medium, High |
Calculated risk level for this transaction |
|
IP |
Dotted decimal IP address |
185.104.184.99 |
The accessing device's IP address |
|
Country |
Text |
United States |
The country with which the accessing device’s IP is associated |
|
Target Application |
Text |
|
The application to which the user is trying to authenticate. How the application identifies itself. |
|
User Agent |
Text |
|
Accessing device's user agent. How the user agent identifies itself. |
|
OS |
Operating system text string |
|
The accessing device's OS. How the OS identifies itself. |
|
Browser |
Text |
|
The accessing device's browser. How the browser identifies itself. |
|
IP Reputation |
Text |
Low, Medium, High |
The risk score of the IP address of the user's accessing device |
|
Geovelocity |
Text |
True, False |
True when the travel time between a user’s current location and their previous location is not possible in the time frame that has elapsed since the previous risk evaluation |
|
Anonymous Network |
Text |
True, False |
Analyzes the IP address of the user's accessing device. Set to True for attempts that originate from an anonymous network, such as:
|
|
User Risk Behavior |
Text |
Low, Medium, High |
Severity measure of the likelihood of the authentication event to be anomalous compared to normal organization behavior |
|
User Risk Behavior Reason |
Text |
|
The reason why User Risk Behavior was identified as anomalous |
|
User Velocity by IP |
Text |
Low, Medium, High |
Severity measure of the number of users originating from the same IP address compared to that user's normal behavior Note:
If there are not enough past transactions to determine normal behavior for that user, the environment's default behavior is used instead. |
|
IP Velocity by User |
Text |
Low, Medium, High |
Severity measure of the number of different IP addresses that a user is using compared to that user's normal behavior Note:
If there are not enough past transactions to determine normal behavior for that user, the environment's default behavior is used instead. |
|
User Based Risk Behavior |
Text |
Low, Medium, High |
Severity measure of the likelihood of the authentication event to be anomalous compared to normal behavior of the user. If the severity is Medium or High, you can click the User Risk Behavior field to show the risk details. See Risk Details. |
|
User Based Risk Behavior Reason |
Text |
|
The reason why User Based Risk Behavior was identified as anomalous |
|
Risk Policy |
Text |
My Org Policy |
The policy-set associated with this risk evaluation |
|
Resource ID |
UUID |
ef9d7227-8115-4692-b7f5-c38e238d264f |
The Resource ID represents the risk evaluation ID as returned in the API response. On the Reporting tab, you can filter reports by Resource ID. |
Only users with the dir:read:user permission can view the drill down
table and user data.
Risk details
In the monitored risk data tables, if the User Based Risk Behavior score is Medium or High, click the score to show the Risk Details window.
The Risk Details window compares values of the anomalous transaction to typical user behavior.
| Column | Description |
|---|---|
|
Attribute |
The category of the anomalous transaction |
|
Normal |
Typical values of the transaction category, according to normal user behavior |
|
Anomaly |
The anomalous value in the transaction |
|
Score |
The risk level of the anomaly |
Filtered searching
The filtered search bar appears above each table of risk data.
- Click Filters to toggle the list of filter options.
- Use the check boxes to select filters.
- If you enter free text without choosing at least one filter, the search displays all table rows containing the entered text.
- Wild card searches using an asterisk (*) are not supported.
- A space is a significant character in a search string. For example, Chrome<space>Mobile works. Chrome<space><space>Mobile does not work.
- Use of quotation marks is not supported.
- The left-hand search filters operate first. Subsequent use of the filtered search
bar produces a subset of the prior left-hand filter.
For example, in the Country list, select India. The table shows results for India only.
In the filtered search bar, select OS and enter Android 10. The table is reduced to show only users from India signing on from an Android 10 device.
For more information on the left-hand filters, see Protect dashboard filters.