Weekly email notification
Citrix Analytics sends weekly email notification summarizing the security risk exposures in your organization’s IT infrastructure. The weekly notification keeps you aware and informed about the risky events and its occurrences in the previous week. You can find out if any events require your attention or actions without signing in to Citrix Analytics. This information keeps you informed about what is happening in your IT security domain.
Enable email notifications
-
If you are a Citrix Cloud administrator with full access permissions, by default, the email notifications are disabled for your Citrix Cloud account. To receive email notifications from Citrix Analytics, enable it on your Citrix Cloud account. For more information, see Receive emailed notifications.
-
If you are a Citrix Cloud administrator with custom access permissions (Security Full Admin, Security Read Only Admin, Security and Performance Read Only) to manage Security Analytics, the email notifications are always enabled for your Citrix Cloud account. There is no option to disable or enable the email notifications.
When do you get an email from Citrix Analytics?
Every Tuesday, an email notification is sent to you from Citrix Cloud donotreplynotifications@citrix.com.
The email notification provides the following information:
- Summary of the total number of events processed, risk indicators detected, and the actions applied
- Top three risk indicators
- Top three actions taken on the risk indicators
- Total number of discovered users, number of risky users and non risky users
- Number of data sources turned on
- Any events or actions that require your attention
Account Summary
The weekly email provides a summary of the total number of events processed, risk indicators detected, and the actions applied.
Discovered Users information
The weekly email provides insights on the number of discovered users and users who have acted in a risky manner.
-
Number of High risk users – Identified in red. They represent an immediate threat to the organization.
-
Number of Medium risk – Identified in orange. They have multiple serious violations on their account for the selected week and they must be monitored closely.
-
Number of Low risk users – Identified in yellow. They have a few serious violations on their account, but potentially they are not a considered a threat.
-
Total number of non risky users - Identified in grey. They do not have any active violations detected on their account are not considered a threat.
For more information, see risky users.
Click Learn more about your users to view to the Risky Users page in Citrix Analytics. You can get deeper insights on the discovered users and the risk categorization.
Top Risk Indicators
The weekly email provides insights on the top three risk indicators and the number of occurrences for the selected week. Depending on the number of occurrences, both the default and custom risk indicators for the selected week are displayed.
For more information, see risk indicators.
Click Learn more about your risk indicators on the email to view the Risk Indicator Overview page in Citrix Analytics.
Top Actions
The weekly email provides insights on the top three actions taken in response to the suspicious and anomalous threats that occurred in the last week. Depending on the number of occurrences, both Global actions and Citrix Gateway actions for the selected week are displayed.
For more information on actions, and configuring an action, see policies and actions.
Click Learn more about your actions on the email to view the Top Actions page in Citrix Analytics.
Data Sources
The weekly email also provides insights on the data sources that have been turned on.
Click Manage your data sources on the email to view the Data Sources page in Citrix Analytics. You can onboard the data source and turn on data processing to enable Citrix Analytics to allow processing of data. For more information on enabling analytics, see Enable Analytics on data sources.
What action you need to take after receiving the email?
Weekly emails enable you to find out if any events or actions require your attention.
-
If there are no risk indicators detected for the week, you get the following message which prompts you to create more custom risk indicators.
You can log on to Citrix Analytics to create more custom risk indicators.
-
If none of the data sources are turned on in Security Analytics you get the following message which prompts you to turn on data processing for the data sources.
-
If none of Policies are in monitor mode, you get the following message which prompts you move the policies to enforcement mode.
-
If there is no policy set up for any of the top 3 risk indicators for the week, you get the following message which prompts you to create a policy.