A goal of Citrix is to deliver new features and product updates to Citrix Analytics customers when they are available. New releases provide more value, so there’s no reason to delay updates.
To you, the customer, this process is transparent. Initial updates are applied to Citrix internal sites only, and are then applied to customer environments gradually. Delivering updates incrementally in waves helps to ensure product quality and to maximize availability.
February 19, 2019
Citrix Analytics integrates with Splunk to enhance your security incident monitoring and troubleshooting experiences. This integration augments your existing data sources with the intelligence of Citrix Analytics’ risk analysis capabilities such as risk indicators, risk scores, and user profiles. Citrix Analytics exports risk analysis information to a channel. Splunk pulls the same from this channel.
Splunk integration involves configuration on Citrix Analytics, installation of the Citrix Analytics Add-on for Splunk app, and configuration of the app. Ensure to turn on data processing for at least one data source. It helps Citrix Analytics to begin the Splunk integration process.
For more information, see Splunk integration.
Dynamic session recording
Citrix Analytics introduces the ability to trigger session recording dynamically on the users’ current Virtual Apps and Desktops sessions. It helps to capture evidences required for risk analysis and take appropriate incident response actions such as disconnect sessions and block user.
For more information, see Rules and actions.
Share Links dashboard and risk indicator
Citrix Analytics introduces the risk visibility to Share Links based on data collected from Citrix Content Collaboration. It helps you to understand the risk exposure of share links through the risk indicators that the share links trigger.
For more information, see Share Links dashboard.
Currently, the Anonymous sensitive share download risk indicator is triggered for a share link. When Content Collaboration detects this risky behavior, Citrix Analytics receives the events. You are notified in the Alerts panel and the Anonymous Sensitive Download risk indicator is added to the share link’s risk timeline.
Microsoft Active Directory integration
You can now integrate Microsoft Active Directory with Citrix Analytics. This integration enhances the context of risky users with additional information such as job title, organization, office location, email, and contact details. You can get a better visibility of a user on the user profile page in Citrix Analytics.
For more information, see Integrate Analytics with Microsoft Active Directory.
January 04, 2019
Addition of SOURCE column for existing risk indicators
The SOURCE column has been introduced in the EVENT DETAILS section for following risk indicators:
Excessive file uploads
Excessive file downloads
Excessive file sharing
Excessive file or folder deletion
For more information, see Citrix Content Collaboration risk indicators.
Advanced user profile
The User Info view on the user profile has been enhanced. The Trend View link has been introduced at the top right corner of the Application, Devices, and Data Usage sections. The Map View link has been introduced at the top right corner of the Locations section. These links provide a graphic representation about the user’s historical behavior during a specific time period. You can navigate to User Info from the user’s risk timeline or from the Data Sources page.
Note: Currently, the Authentication and Domains data is not available on the User Info profile.
For more information, see Users dashboard.
Microsoft Security Graph risk indicators
The onboarded Microsoft Security Graph can receive risk indicator details from one of the following security providers, and forwards it to Citrix Analytics:
Azure AD Identity Protection
Windows Defender Advanced Threat Protection
For more information, see Microsoft Security Graph risk indicators.
Ways to enter the self-service search page
You can now access the self-service search page using the following options:
Top bar: Click Search on the top bar to directly access the search page.
Risk timeline on user profile page: Click Event Search to access the search page and view the events corresponding to a specific user’s risk indicator and the data source. For more information, see About self-service search.
Self-service search for Content Collaboration
Use self-service search to get insight into the events associated with the Content Collaboration data source. To view the events, select Content Collaboration from the list, select the time period, and then click Search. For more information, see Self-service search for Content Collaboration.
Self-service search for Virtual Apps and Desktops
Use self-service search to get insight into the events associated with the Virtual Apps and Desktops data source. To view the events, select Apps and Desktops from the list, select the time period, and then click Search. For more information, see Self-service search for Virtual Apps and Desktops.
Export self-service search events to CSV file
You can now export the self-service search events to a CSV file and download the file for future use. For more information, see Self-service search.
Improved onboarding for Virtual Apps and Desktops
The onboarding process for Virtual Apps and Desktop data source is now improved to provide a better user experience. The site cards and the on boarding steps have been modified. For more information, see Citrix Virtual Apps and Desktops data source.
November 29, 2018
Microsoft Security Graph data source
Microsoft Security Graph is an external data source that aggregates data from multiple security providers. It also provides access to the user inventory data.
Citrix Analytics currently supports the Azure AD identity protection and Windows Defender ATP security providers associated with this data source.
To onboard this data source, you must obtain permissions from the Microsoft identity platform. For more information, see Microsoft Security Graph.
View event details and discovered users on the site cards for data sources
The site cards for the data sources now display event details and the number of users. For example, you can view the event details and the users for Access Control on the site card. For more information, see Enable Analytics on data sources.
November 16, 2018
Self-service search for access data
You can use self-service search to get insight into the access details for the users in your enterprise. Citrix Analytics collects the users’ access details from the Citrix Access Control service. Use the facets and the search query to narrow down your search results.
To use the self-service search page, from the Security tab, click Event Search .
For more information, see Self-service search for Access.
Risk indicator feedback
Using the risk indicator feedback feature on Citrix Analytics, you can provide feedback regarding a risk indicator. Your feedback helps to confirm if the security incident reported is accurate or not.
Currently, this feature is supported on the Unusual logon access risk indicator triggered by the Content Collaboration data source. If this risk indicator triggered is incorrect, you can report it as a false positive and provide feedback. You can also edit a feedback that you have previously submitted. Citrix Analytics captures your feedback and validates the predicted information to optimize anomalous behavior detection.
For more information, see Risk indicator feedback.
You cannot edit and save a rule if you are accessing Citrix Analytics using Internet Explorer 11.0.
If you are accessing Citrix Analytics using Internet Explorer version 11.0, the Citrix Cloud navigation bar fails to load and restricts you from accessing the hamburger menu.
October 10, 2018
Architecture and platform enhancements
Multiple architectural and platform improvements were done in this release to enhance performance, scale, monitoring, supportability, security, and user experience.
August 23, 2018
New product names
The Citrix products supported by Citrix Analytics are now renamed as part of the Citrix unified product portfolio.
You might notice new names in our products and product documentation. This is a result of the expansion of the Citrix portfolio and cloud strategy. For more details about the Citrix unified portfolio, see Citrix product guide. Implementing this transition in our products and their documentation is an ongoing process.
In-product content and documentation might still contain former names. For example, you might see instances of earlier names in console text, messages, directory/file names, screenshots, and diagrams.
It is possible that some items (such as commands) might continue to retain their former names to prevent breaking existing customer scripts.
Related product documentation and other resources (such as videos and blog posts) that are linked from this product’s documentation might still contain former names.