How Risky Applications and Alerts Contribute to the User Risk Score
Alongside the User Risk Score graphic for each risky user, Risky Applications and Alerts columns show the risky applications that the user accessed and the alerts that were triggered in response.
-
In the Risky Applications column, the percentage of each risky application's contribution to the user risk score is displayed. Note that the length of the line under the risky application also represents the application's contribution percentage.
-
In the Alerts column, the number of alert instances triggered by the specific alert rule appears next to the "bell" icon.
By default, only the top three highest-rated applications and alerts are displayed in the collapsed view. In expanded view (by clicking the
icon), all applications and their alerts are listed. Alerts are color-coded to indicate severity with text describing the severity level (Critical (dark red), High (red), Medium (orange), Low (gray)). 
As shown in the above example:
-
Microsoft Management Console contributes 30% to the user score. There are 29 (2 high, 8 medium, and 19 low) instances of alerts associated with this application for the current period (until the current day).
-
SQL Server Management Studio contributes 22% to the user score. There are 13 (all medium) instances of alerts associated with this application for the current period (until the current day).
-
Windows Explorer contributes 20% to the user score. There are 8 (4 high and 4 medium) instances of alerts associated with this application for the current period (until the current day).
-
You can further investigate the risky applications and the alerts that were triggered against them, in the Web Management Console. Clicking a risky application opens the Alerts page of the Web Management Console in a new browser tab, filtered by user and application. Clicking an alert opens the Alerts page of the Web Management Console in a new browser tab, filtered by user, application, and alert. For details, see Monitoring Alerts.