Skip to main content

User Details Page

The Active Directory User Details page provides information about the user including threats generated by the user, user activity, and group membership for the user.

page

The top of the page displays a user profile card which may contain the following information about the user:

  • Name
  • DN
  • NT Name (SAM Account Name)
  • Email
  • Object GUID
  • Object Type
  • Domain
  • Tags, with an option to add additional tags

The page has the following tabs:

  • Threats Tab
  • Activity Summary Tab
  • Group Membership Tab

Threats Tab

The Threats tab for a user displays the threats for the user by timeframe.

Active Directory User Threats tab

A key for threat types is displayed below the chart.

Activity Summary Tab

The Activity Summary tab displays charts for a user's activity over different time periods.

activitysummary

The Activity Overview (Past 12 Months) shows a color-coded heat map of user activity. Other metrics include, Average Activity by Day, and Events by Type.

The Activity by Host, Activity by Client, and Activity Details tables are displayed below the charts.

Activity by Host Table

The Activity by Host table displays the user's activity by host.

activitybyhost

  • Server – Server where the activity occurred
  • First Access – First date and time that the server was accessed
  • Last Access – Last date and time that the server was accessed
  • Number of Events – Total number of activity events on the server

Use the Search icon to search for data contained in any column. Click the Export CSV button to export the current rows displayed on the page into a CSV file.

Activity by Client Table

The Activity by Client table displays the user's activity by host.

activitybyclient

  • Client IP – IP address for the client
  • Client Name– Client where the activity occurred
  • First Access – First date and time that the client was accessed
  • Last Access – Last date and time that the client was accessed
  • Number of Events – Total number of activity events on the client

Use the Search icon to search for data contained in any column. Click the Export CSV button to export the current rows displayed on the page into a CSV file.

Group Membership Tab

The Group Membership tab displays groups in which the user is a member.

groupmembership

Group Membership Indirect Member of Page

The Group Membership tab displays the groups the user is a member of. It has the following sub-tabs:

  • Direct Member Of – Lists groups the user is a direct member of
  • Indirect Member Of – Lists groups the user is a member of via membership in a nested group

Each table has the following columns:

  • Name – The name of the group. Click the link to view group details. See the Group Details Page topic for additional information.
  • Domain – Name of the domain. This may be either the domain DNS name or domain controller hostname.
  • Tags – The tag present on the perpetrator, file, or host associated with the event