Risk indicator feedback

Using the risk indicator feedback feature on Citrix Analytics, you can provide feedback regarding a risk indicator. Your feedback helps to confirm if the security incident reported is accurate or not.

Citrix Analytics evaluates your feedback to reduce the number of false positives in detecting a risk indicator. The increase in the accuracy of the risk indicators subsequently lowers the user’s risk score.

False positive

A false positive is an effect that indicates a lapse in detecting anomalous behavior for a user’s risk profile.

Consider the user Georgina Kalou, who logs on from her usual work location. A few hours later, she travels elsewhere for work. Georgina is now logged on to her laptop using a different network. Citrix Analytics flags Georgina as a risky user even if she hasn’t displayed any malicious intent. As a result, the unusual logon access risk indicator is triggered on her risk timeline.

Using the risk indicator feedback feature, you can report this incident as a false positive and also submit your feedback.

How to report a false positive?

  1. From the user’s risk timeline, choose the risk indicator that you want to report as a false positive.

    Note

    Currently, you can report false positives only for the Unusual logon access risk indicator triggered by the Citrix Content Collaboration data source.

  2. On the right pane, in the WHAT HAPPENED section, click Report false positive.

    User security alerts

  3. In the Help us optimize anomalous behavior detection window, provide your feedback. Click Submit. Details such as, the name of the reporter and the date when the report was submitted are displayed in the WHAT HAPPENED section.

    User security alerts

  4. Repeat steps 2–3 if you want to edit the feedback that you have previously submitted.

    User security alerts

Risk indicator feedback