View information about the Account Compromise risk factor, which highlights user accounts that display unusual activity, have been detected on the dark web, or have been targeted by malicious email campaigns.
Operations Dashboard assesses user accounts for any activity
that might indicate potential account compromise. If an assessment of an account highlights
events with a
Highor
Mediumrisk level, the account and risk type information displays in the Account Compromise Indicators table. The Account Compromise risk factor contributes to the Exposure Index.
 |
NoteFor customers that have updated to the Foundation Services release, information on the Account Compromise risk factor is only available for users with the Accounts asset visibility scope.
|
The following table outlines the widgets available in the Account Compromise section.
|
Widget
|
Description
|
|
Account Compromise Indicators
|
Events on user accounts that display unusual activity, have been detected on the dark
web,
or that have been targeted by malicious email campaigns, and might be compromised
and
require immediate attention.
|
The following table describes the risk indicators associated with the Account
Compromise risk factor.
|
Indicator
|
Description
|
Data Sources
|
Target
|
|
Compromised account
|
At-risk user accounts that exhibited anomalous activities or
were specifically targeted by malicious email campaigns during the evaluation period
|
|
|
 |
ImportantAccount Compromise events related to Active Directory (on-premises) are only detected
if the Active Directory Connector is installed on the domain controller.
|