To access the risk events dashboard, go to Dashboard > Risk.

Click the chart to view drill-down information.

A screen capture of the Risk Events chart. On the left-hand side are the Filters and Date Range sections. The monitored risk data table is directly below the Risk Events chart.

The drill-down table shows more detailed information about each high risk event, including:

  • IP address
  • Target application
  • IP reputation.

Only events that have triggered a specific risk model, such as geovelocity anomaly, or have an aggregated risk score of HIGH are shown. The aggregated risk score is determined by the selected risk policies in the Policy Name list.

Scroll to the right to see additional columns. For use of the filtered search bar, see Filtered searching.

For a description of the table columns, see Monitored risk data.

Click a column header to sort the results by that value. Results are sorted by the Time column by default, with the most recent entries listed first.


  • To filter risk policies to be included in the map, use the Policy Name list.

    You can select multiple policies.

  • To limit the results to a specific risk level, use the Risk Level list.
  • To limit the results to a specific risk model, use the High Risk Model list.
  • To filter operating systems to be included in the chart, use the OS list.
  • To limit the results to a specific country, use the Country list.
  • You can use the slider to show data from the current day, previous week, previous month, or previous six months.

    A screen capture of the slider. The slider is a dark blue oval that you can move side to side and select 1D for current day, 1W for previous week, 1M for previous month, or 6M for previous six months.

    To show data from a custom time period, use the Date Range filter.