What’s new

A goal of Citrix is to deliver new features and product updates to Citrix Analytics customers when they are available. New releases provide more value, so there’s no reason to delay updates.

To you, the customer, this process is transparent. Initial updates are applied to Citrix internal sites only, and are then applied to customer environments gradually. Delivering updates incrementally in waves helps to ensure product quality and to maximize availability.

May 09, 2019

New features

Creating custom reports

You can now create custom reports based on your operational requirements. Citrix Analytics provides a list of dimensions and metrics according to the selected data source. Choose the required parameters and the visualization types such as bar chart, event chart, line chart, or table to create your reports. Creating reports help you to organize and analyze your data graphically.

To create a custom report, from the Security tab, click Reports > Create Report. To view your previously created reports, from the Security tab, click Reports. For more information, see Create and view custom reports.

Privileged user monitoring

Citrix Analytics enables you to closely monitor the behavior anomalies of privileged users in an organization. As privileged users are highly vulnerable to security threats, it becomes challenging to distinguish their daily activities from the malicious ones. Hence, the malicious activities of privileged users remain undetected for a long time. This feature enables you to proactively monitor such activities and take appropriate actions on the appropriate user accounts. Privileged users are represented with an icon on the Users dashboard.

Citrix Analytics supports monitoring for the following types of privileged users:

  • Admins - Users who are assigned Admin privileges by the respective Citrix service. Currently, Citrix Analytics supports privileged user monitoring for users with Admin privileges in the Content Collaboration service.

  • Executives - On Citrix Analytics, you can mark an AD group as an Executives group. Marking an AD group as an Executive group makes all the users in the group as privileged users. If there is no need to further support the behavior anomalies of users in an AD group, you can remove the group as an Executive group.

For more information, see Privileged users.

Weekly email summary

Citrix Analytics sends a weekly email to the administrators summarizing the security risk exposures in their organization’s IT environment. The email notification is sent every Tuesday to the administrators and it highlights the security events that have occurred in the previous week. This email ensures that the administrators are informed about the security risk exposures without signing in to Citrix Analytics. For more information, see Weekly email summary.

April 26, 2019

New features

Delegated administrators

Citrix Analytics now supports delegated administrator roles. This functionality enables you to invite other administrators to your Citrix Cloud account to manage Citrix Analytics for your organization. If you are a Citrix Analytics administrator with full access permission, you can add other administrators to your Citrix Cloud account. These additional administrators are called delegated administrators. You can currently assign read-only access to the delegated administrators. For more information, see Delegated administrators.

February 19, 2019

New features

Splunk integration

Citrix Analytics integrates with Splunk to enhance your security incident monitoring and troubleshooting experiences. This integration augments your existing data sources with the intelligence of Citrix Analytics’ risk analysis capabilities such as risk indicators, risk scores, and user profiles. Citrix Analytics exports risk analysis information to a channel. Splunk pulls the same from this channel.

Splunk integration involves configuration on Citrix Analytics, installation of the Citrix Analytics Add-on for Splunk app, and configuration of the app. Ensure to turn on data processing for at least one data source. It helps Citrix Analytics to begin the Splunk integration process.

For more information, see Splunk integration.

Splunk configuration

Dynamic session recording

Citrix Analytics introduces the ability to trigger session recording dynamically on the users’ current Virtual Apps and Desktops sessions. It helps to capture evidences required for risk analysis and take appropriate incident response actions such as disconnect sessions and block user.

For more information, see Policies and actions.

Citrix Analytics introduces the risk visibility to Share Links based on data collected from Citrix Content Collaboration. It helps you to understand the risk exposure of share links through the risk indicators that the share links trigger.

For more information, see Share Links dashboard.

Share Links dashboard

Currently, the Anonymous sensitive share download risk indicator is triggered for a share link. When Content Collaboration detects this risky behavior, Citrix Analytics receives the events. You are notified in the Alerts panel and the Anonymous Sensitive Download risk indicator is added to the share link’s risk timeline.

For more information, see Share Link risk timeline and Citrix Share Link risk indicators.

Risk timeline

Microsoft Active Directory integration

You can now integrate Microsoft Active Directory with Citrix Analytics. This integration enhances the context of risky users with additional information such as job title, organization, office location, email, and contact details. You can get a better visibility of a user on the user profile page in Citrix Analytics.

For more information, see Integrate Analytics with Microsoft Active Directory.

Active directory user

January 04, 2019

New features

Addition of SOURCE column for existing risk indicators

The SOURCE column has been introduced in the EVENT DETAILS section for following risk indicators:

  • Excessive file uploads

  • Excessive file downloads

  • Excessive file sharing

  • Excessive file or folder deletion

For more information, see Citrix Content Collaboration risk indicators.

Advanced user profile

The User Info view on the user profile has been enhanced. The Trend View link has been introduced at the top right corner of the Application, Devices, and Data Usage sections. The Map View link has been introduced at the top right corner of the Locations section. These links provide a graphic representation about the user’s historical behavior during a specific time period. You can navigate to User Info from the user’s risk timeline or from the Data Sources page.


The Authentication and Domains data are currently not available on the User Info profile.

For more information, see Users dashboard.

Advanced user profile

Microsoft Graph Security risk indicators

The onboarded Microsoft Graph Security can receive risk indicator details from one of the following security providers, and forwards it to Citrix Analytics:

  • Azure AD Identity Protection

  • Windows Defender Advanced Threat Protection

For more information, see Microsoft Graph Security risk indicators.

Ways to enter the self-service search page

You can now access the self-service search page using the following options:

  • Top bar: Click Search on the top bar to directly access the search page.

    localized image

  • Risk timeline on user profile page: Click Event Search to access the search page and view the events corresponding to a specific user’s risk indicator and the data source. For more information, see About self-service search.

    localized image

Self-service search for Content Collaboration

Use self-service search to get insight into the events associated with the Content Collaboration data source. To view the events, select Content Collaboration from the list, select the time period, and then click Search. For more information, see Self-service search for Content Collaboration.

Localized image

Self-service search for Virtual Apps and Desktops

Use self-service search to get insight into the events associated with the Virtual Apps and Desktops data source. To view the events, select Apps and Desktops from the list, select the time period, and then click Search. For more information, see Self-service search for Virtual Apps and Desktops.

Localized image

Export self-service search events to CSV file

You can now export the self-service search events to a CSV file and download the file for future use. For more information, see Self-service search.

Improved onboarding for Virtual Apps and Desktops

The onboarding process for Virtual Apps and Desktop data source is now improved to provide a better user experience. The site cards and the on boarding steps have been modified. For more information, see Citrix Virtual Apps and Desktops data source.

November 29, 2018

New features

Microsoft Security Graph data source

Microsoft Graph Security is an external data source that aggregates data from multiple security providers. It also provides access to the user inventory data.

Citrix Analytics currently supports the Azure AD identity protection and Windows Defender ATP security providers associated with this data source.

To onboard this data source, you must obtain permissions from the Microsoft identity platform. For more information, see Microsoft Graph Security.

MSG Onboarding

View event details and discovered users on the site cards for data sources

The site cards for the data sources now display event details and the number of users. For example, you can view the event details and the users for Access Control on the site card. For more information, see Enable Analytics on data sources.

localized image

November 16, 2018

New features

Self-service search for access data

You can use self-service search to get insight into the access details for the users in your enterprise. Citrix Analytics collects the users’ access details from the Citrix Access Control service. Use the facets and the search query to narrow down your search results.

To use the self-service search page, from the Security tab, click Event Search .

For more information, see Self-service search for Access.

localized image

Risk indicator feedback

Using the risk indicator feedback feature on Citrix Analytics, you can provide feedback regarding a risk indicator. Your feedback helps to confirm if the security incident reported is accurate or not.

Currently, this feature is supported on the Unusual logon access risk indicator triggered by the Content Collaboration data source. If this risk indicator triggered is incorrect, you can report it as a false positive and provide feedback. You can also edit a feedback that you have previously submitted. Citrix Analytics captures your feedback and validates the predicted information to optimize anomalous behavior detection.

For more information, see Risk indicator feedback.

localized image

Fixed issues

  • You cannot edit and save a policy if you are accessing Citrix Analytics using Internet Explorer 11.0.

  • If you are accessing Citrix Analytics using Internet Explorer version 11.0, the Citrix Cloud navigation bar fails to load and restricts you from accessing the hamburger menu.

October 10, 2018

Architecture and platform enhancements

Multiple architectural and platform improvements were done in this release to enhance performance, scale, monitoring, supportability, security, and user experience.

August 23, 2018

New product names

The Citrix products supported by Citrix Analytics are now renamed as part of the Citrix unified product portfolio.

You might notice new names in our products and product documentation. This is a result of the expansion of the Citrix portfolio and cloud strategy. For more details about the Citrix unified portfolio, see Citrix product guide. Implementing this transition in our products and their documentation is an ongoing process.

  • In-product content and documentation might still contain former names. For example, you might see instances of earlier names in console text, messages, directory/file names, screenshots, and diagrams.

  • It is possible that some items (such as commands) might continue to retain their former names to prevent breaking existing customer scripts.

  • Related product documentation and other resources (such as videos and blog posts) that are linked from this product’s documentation might still contain former names.