Overview Dashboard

The Overview Dashboard page is the landing page of the Avanan Portal. It lets you quickly understand your organization's threats and the pending tasks for review and action.

The Overview Dashboard has these:

Note -  By default, the Security Overview page does not show security events and analytics for Microsoft quarantined emails. To view the security events and analytics for Microsoft quarantined emails, toggle the Include Microsoft Quarantine button to On from the top-right corner of the page.

Security Widgets

Phishing

Security-Overview-Phishing-widget-1

The Phishing widget shows the total number of phishing events detected in the selected time frame, including pending events.

To view the number of suspected phishing events, spam events, and events specific to a SaaS application, click the icon-drop-down icon.

Security-Overview-Phishing-widget-1

To view specific events, click the indicators within the widget, and the system shows the filtered events on the Events page.

Business Email Compromise (BEC)

Security-Overview-BEC-widget-1

The Business Email Compromise (BEC) widget shows the number of compromised users and risky partners detected in the selected time frame.

To view the number of suspected anomaly events and lower risk partners, click the icon-drop-down icon.

Security-Overview-BEC-widget-2

To view specific events, click the indicators within the widget, and the system shows the filtered events on the Events page.

Compromised Users

The Compromised Users are the users detected as compromised with high probability. It shows the number of Anomaly events with Critical severity.

For Microsoft SaaS applications, these tags appear at the top of the widget based on the configured anomaly detection workflow:

  • No prevention - Appears if the anomaly detection workflow is configured not to block the user automatically when an account is detected as compromised. 
  • Full prevention - Appears if the anomaly detection workflow is configured to block the user automatically when an account is detected as compromised.

For more information, see Compromised Accounts (Anomaly) Workflows.

Note - In rare cases, this widget might be replaced with the Anomalies widget that shows information about the compromised users.

Malware

Security-Overview-Malware-widget-1

The Malware widget shows the total number of malware events detected in the selected time frame, including pending events.

To view the number of suspected malware events, and events specific to a SaaS application, click the icon-drop-down icon.

Security-Overview-Malware-widget-2

To view specific events, click the indicators within the widget, and the system shows the filtered events on the Events page.

DLP

Security-Overview-DLP-widget-2

The DLP widget shows the total number of DLP events detected in the selected time frame, including pending events.

To view the number of blocked DLP events, leaked DLP events, and events specific to a SaaS application, click the icon-drop-down icon.

Security-Overview-DLP-widget-3

To view specific events, click the indicators within the widget, and the system shows the filtered events on the Events page.

User Interaction

Security-Overview-User-Interaction-widget

The User Interaction widget shows the number of pending restore requests and phishing reports in the selected time frame.

To view the total number of restore requests, phishing reports and their average SLA in the selected time frame, click the icon-drop-down icon.

Security-Overview-User-Interaction-widget-2

To view specific requests, click the indicators within the widget, and the system shows the filtered events on the Restore Requests / Phishing Reports page.

Note - In rare cases, this widget might be replaced with the Shadow IT widget.

Shadow IT

Security-Overview-DLP-widget-1

The Shadow IT widget shows the total number of Shadow IT events detected in the selected time frame, including pending events.

To view the Shadow IT events, click the icon-drop-down icon.

To view specific events, click the indicators within the widget, and the system shows the filtered events on the Events page.

Security Events

Security-Overview-Security-Events

The Security Events widget shows the most recent security events on the Avanan Portal.

To filter events for a specific event type, click the Filter by Type drop-down and select the event type.

Application Protection Health

Onboarded-Applications-widget

The Application Protection Health widget shows all the SaaS applications onboarded with Avanan. To view the list of users protected with the SaaS application, click Active Users.

The indicator at the top of the application's icon shows the health of the application. Hover over the icon to view the issues if any with the application.

Login Events Map

Security-Overview-Login-Events-Map

The Login Events map shows all the successful and failed login events over the last seven days.

To filter events for a specific type, click the Filter by Type drop-down and select the event type.

Note - After activating the SaaS application, Avanan takes up to 36 hours to start showing the login events.