Product Documentation

Risk indicator feedback

Using the risk indicator feedback feature on Citrix Analytics, you can provide feedback regarding a risk indicator. Your feedback helps to confirm if the security incident reported is accurate or not.

False positive

A false positive is an effect that indicates a lapse in detecting anomalous behavior for a user’s risk profile.

Consider the user Georgina Kalou, who logs on from her usual work location. A few hours later, she travels elsewhere for work. Georgina is now logged on to her laptop using a different network. Citrix Analytics flags Georgina as a risky user even if she hasn’t displayed any malicious intent. As a result, the unusual logon access risk indicator is triggered on her risk timeline.

Using the risk indicator feedback feature, you can report this incident as a false positive and also submit your feedback.

How to report a false positive?

  1. From the user’s risk timeline, choose the risk indicator that you want to report as a false positive.

    Note: Currently, you can report false positives only for the Unusual logon access risk indicator that the Citrix Content Collaboration data source triggers.

  2. On the right pane, in the WHAT HAPPENED section, click Report false positive.

    User security alerts

  3. In the Help us optimize anomalous behavior detection window, provide your feedback. Click Submit. Details such as, the name of the reporter and the date when the report was submitted are displayed in the WHAT HAPPENED section.

    User security alerts

  4. Repeat steps 2–3 if you want to edit the feedback that you have previously submitted.

    User security alerts

Risk indicator feedback

In this article