You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/team-and-resources/users/risk-score.mdx
+10-11Lines changed: 10 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -61,17 +61,16 @@ While the Okta integration is turned on, Cloudflare One will send any user risk
61
61
## Predefined risk behaviors
62
62
63
63
By default, all predefined behaviors are disabled. When a behavior is enabled, Cloudflare One will continuously evaluate all users within the organization for the behavior. You can [change the risk level](#change-risk-behavior-risk-levels) for predefined behaviors if the default assignment does not suit your environment.
| Impossible travel |[A configured Access application](/cloudflare-one/access-controls/applications/http-apps/)| User has a successful login from two different locations that they could not have traveled between in that period of time. Matches will appear in your [Access authentication logs](/cloudflare-one/insights/logs/dashboard-logs/access-authentication-logs/). |
68
-
| High number of DLP policies triggered |[A configured DLP profile](/cloudflare-one/data-loss-prevention/dlp-profiles/)| User has created a high number of DLP policy matches within a narrow frame of time. Matches will appear in your [Gateway activity logs](/cloudflare-one/insights/logs/dashboard-logs/gateway-logs/). |
69
-
| SentinelOne threat detected on machine |[SentinelOne service provider integration](/cloudflare-one/integrations/service-providers/sentinelone/)| SentinelOne returns one or more configured [device posture attributes](/cloudflare-one/integrations/service-providers/sentinelone/#device-posture-attributes) for a user. |
70
-
| CrowdStrike Low ZTA security score|[CrowdStrike integration](/cloudflare-one/integrations/service-providers/crowdstrike/)| A user's device reports a score between 0-50 for any CrowdStrike Zero Trust Assessment attribute (OS Score, Overall Score, or Sensor Config score). Refer to [CrowdStrike device posture attributes](/cloudflare-one/integrations/service-providers/crowdstrike/#device-posture-attributes) for more information.|
71
-
| CrowdStrike Medium ZTA security score|[CrowdStrike integration](/cloudflare-one/integrations/service-providers/crowdstrike/)| A user's device reports a score between 50-79 for any CrowdStrike Zero Trust Assessment attribute (OS Score, Overall Score, or Sensor Config score). Refer to [CrowdStrike device posture attributes](/cloudflare-one/integrations/service-providers/crowdstrike/#device-posture-attributes) for more information. |
72
-
| Interaction with malicious file |[Gateway AV scanning](/cloudflare-one/traffic-policies/http-policies/antivirus-scanning/) or [File sandboxing](/cloudflare-one/traffic-policies/http-policies/file-sandboxing/)| User uploads or downloads a file flagged as malicious by Gateway's AV scanner or file sandboxing. Risk is elevated even if the file is blocked. |
73
-
| Suspicious Security Domain Visited |[Gateway DNS policies](/cloudflare-one/traffic-policies/dns-policies/)| User visits a domain categorized as a security risk or security threat. Refer to [domain categories](/cloudflare-one/traffic-policies/domain-categories/) for the full list. Risk is elevated even if the traffic is blocked. |
74
-
| High Risk Domain Visited |[Gateway DNS policies](/cloudflare-one/traffic-policies/dns-policies/)| User visits a domain categorized as questionable content, violence, or CIPA. Refer to [domain categories](/cloudflare-one/traffic-policies/domain-categories/) for the full list. Risk is elevated even if the traffic is blocked. |
| Impossible travel |[A configured Access application](/cloudflare-one/access-controls/applications/http-apps/)| User has a successful login from two different locations that they could not have traveled between in that period of time. Matches will appear in your [Access authentication logs](/cloudflare-one/insights/logs/dashboard-logs/access-authentication-logs/). | Evaluated at each authentication and session-refresh event. |
67
+
| High number of DLP policies triggered |[A configured DLP profile](/cloudflare-one/data-loss-prevention/dlp-profiles/)| User has created a high number of DLP policy matches within a narrow frame of time. Matches will appear in your [Gateway activity logs](/cloudflare-one/insights/logs/dashboard-logs/gateway-logs/). | Evaluated per-request in milliseconds. |
68
+
| SentinelOne threat detected on machine |[SentinelOne service provider integration](/cloudflare-one/integrations/service-providers/sentinelone/)| SentinelOne returns one or more configured [device posture attributes](/cloudflare-one/integrations/service-providers/sentinelone/#device-posture-attributes) for a user. | Ingested via service-to-service API. Frequency is administrator-configurable during device posture setup to align with SentinelOne's API rate limits. |
69
+
| CrowdStrike Low ZTA security score|[CrowdStrike integration](/cloudflare-one/integrations/service-providers/crowdstrike/)| A user's device reports a score between 0-50 for any CrowdStrike Zero Trust Assessment attribute (OS Score, Overall Score, or Sensor Config score). Refer to [CrowdStrike device posture attributes](/cloudflare-one/integrations/service-providers/crowdstrike/#device-posture-attributes) for more information.| Ingested via service-to-service API. Frequency is administrator-configurable during device posture setup to align with CrowdStrike's API rate limits. |
70
+
| CrowdStrike Medium ZTA security score|[CrowdStrike integration](/cloudflare-one/integrations/service-providers/crowdstrike/)| A user's device reports a score between 50-79 for any CrowdStrike Zero Trust Assessment attribute (OS Score, Overall Score, or Sensor Config score). Refer to [CrowdStrike device posture attributes](/cloudflare-one/integrations/service-providers/crowdstrike/#device-posture-attributes) for more information. | Ingested via service-to-service API. Frequency is administrator-configurable during device posture setup to align with CrowdStrike's API rate limits. |
71
+
| Interaction with Malicious File |[Gateway AV scanning](/cloudflare-one/traffic-policies/http-policies/antivirus-scanning/) or [File sandboxing](/cloudflare-one/traffic-policies/http-policies/file-sandboxing/)| User uploads or downloads a file flagged as malicious by Gateway's AV scanner or file sandboxing. Risk is elevated even if the file is blocked. | Evaluated per-request in milliseconds. |
72
+
| Suspicious Security Domain Visited |[Gateway DNS policies](/cloudflare-one/traffic-policies/dns-policies/)| User visits a domain categorized as a security risk or security threat. Refer to [domain categories](/cloudflare-one/traffic-policies/domain-categories/) for the full list. Risk is elevated even if the traffic is blocked. | Evaluated per-request in milliseconds. |
73
+
| High Risk Domain Visited |[Gateway DNS policies](/cloudflare-one/traffic-policies/dns-policies/)| User visits a domain categorized as questionable content, violence, or CIPA. Refer to [domain categories](/cloudflare-one/traffic-policies/domain-categories/) for the full list. Risk is elevated even if the traffic is blocked. | Evaluated per-request in milliseconds. |
75
74
## Manage risk behaviors
76
75
77
76
To toggle risk behaviors, go to **Risk score** > **Risk behaviors**.
0 commit comments