Citrix share link risk indicators
Citrix share link risk indicators are activities that look suspicious or can pose a security threat to your organization.
Citrix share link risk indicators span across the Citrix Content Collaboration data source used in your deployment. The indicators are based on share link behavior and are triggered where the share link’s behavior deviates from the normal.
For more information, see Share Links dashboard.
Anonymous sensitive download
Citrix Analytics detects access threats based on anonymous sensitive downloads for a share link, and triggers the corresponding risk indicator.
This risk indicator is triggered when an anonymous user downloads from a share link, sensitive files identified by a Data Loss Prevention (DLP) solution, and did not require the recipient to log on. By identifying share links with sensitive file downloads, based on previous behavior, you can monitor the share link for potential attacks.
When is the anonymous sensitive download risk indicator triggered?
You are notified when an anonymous user has downloaded a file deemed sensitive by a DLP solution, during a given time period. Also, the file does not require the recipient to log on. When Content Collaboration detects this behavior, Citrix Analytics receives the events and the Anonymous sensitive download risk indicator is added to the share link’s risk timeline.
How to analyze the anonymous sensitive download risk indicator?
Consider an anonymous user downloaded from a share link, a sensitive file identified by DLP and did not require any recipient logon. The Anonymous sensitive download risk indicator is triggered because the share link exceeds a threshold. The threshold is calculated based on the fact that the sensitive file is accessible by any recipient without a logon. From the share link’s timeline, you can select the reported Anonymous sensitive download risk indicator. The reason for the event and details such as download time, file name, and file size are displayed.
For more information about share link risk timeline, see Share Link risk timeline.
To view the Anonymous sensitive download risk indicator, navigate to Security > Share Links, and select the share link URL.
- In the WHAT HAPPENED section, you can view a summary of the Anonymous sensitive download risk indicator and the time the event occurred.
The EVENT DETAILS section, the events are displayed in tabular format. The table provides the following key information:
- Time. Time when the sensitive file was downloaded.
- File name. The name and extension of the downloaded file.
- File size. The size of the file downloaded.
What actions you can apply to the share link
You can perform the following action to the share link:
- Expire share link. When a share link triggers the Anonymous sensitive download risk indicator, Citrix Analytics enables you to expire share link.
To learn more about actions and how to configure them manually, see Policies and Actions.
To apply the actions to the share link manually, navigate to the share link profile. On the Actions menu, select Expire share link.