cancel
Showing results for 
Search instead for 
Did you mean: 

Ability to sort issues by number, not just severity

Ability to sort issues by number, not just severity

0 Votes

Currently Egnyte Protect will only sort issues by date and severity.  We need the ability to sort by the number of issues found.  For example, although Protect might think that someone downloading 30 files is "unusual activity", we would rarely consider this a problem. 

We need the ability to easily sort or filter by the number of files users have downloaded or deleted and set reporting thresholds.  As it stands now Protect treats all unusual activity the same no matter if the user downloaded or deleted 50 files or 50,000.

2 Comments

Currently Unusual Access issues are scored from severity 7 to 9, based on the amount of sensitive information downloaded in the anomalous access. It is true that if the access does not involve information classified as sensitive, that a 50 file vs 50,000 file download would both be scored as a 7 severity. We will look to incorporate the count of files into the severity score in order to address this.

Note that you can control the threshold for detecting an Unusual Access issue via the settings for the rule at Settings > Analysis Rules > Unusual Access. This threshold specifies how far from the usual download volume a user has to stray before declaring an anomaly.

Status changed to: Considering