Product Documentation

Risk indicators

Risk indicators are user activities that look suspicious or can pose a security threat to your organization. Risk indicators span across all Citrix products used in your deployment. The indicators are based on user behavior and are triggered where the user’s behavior deviates from the normal. Risk indicators help in determining the user’s risk score.

Risk indicators can be of the following categories:

  • Access based. These risk indicators are triggered when the user accesses the network or a specific resource, that is unauthorized or if they are unable to.

  • Data based. These risk indicators are triggered when a user has downloaded or uploaded an unusually large volume of data. This data upload or download activity could be to an internal or external destination over a specific time period.

  • Application based. These risk indicators are triggered when the user has attempted to access an unauthorized application over a specific time period.

The following table lists various Risk Indicators that provided by various Citrix products:

Citrix Products Risk Indicators
Citrix Content Collaboration Excessive access to sensitive files
  Excessive file sharing
  Excessive file or folder deletion
  Excessive file downloads
  Ransomware activity suspected
  Unusual logon access
Citrix Gateway End point analysis (EPA) scan failure
  Logon failures
  Authorization failures
  Unusual logon access
Citrix Endpoint Management Unmanaged device detected
  Jailbroken or rooted device detected
  Device with blacklisted apps detected
Citrix Virtual Apps and Desktops/ Citrix Workspace Access from device with unsupported OS
  Access from new device
  Unusual application usage
  Potential data exfiltration
Citrix Access Control Unusual upload volume
  Unusual download volume
  Risky website access
  Attempt to access blacklisted URL

Risk indicators

In this article