Weekly email notification
Citrix Analytics sends weekly email notifications summarizing the security risk exposures in your organization’s IT infrastructure. The weekly notification keeps you aware and informed about the risky events and their occurrences in the previous week. You can find out if any events require your attention or actions without signing in to Citrix Analytics. This information keeps you informed about what is happening in your IT security domain.
Enable email notifications
- If you are a Citrix Cloud administrator with full or custom access permission, the email notifications are disabled by default in your Citrix Cloud account. To receive email notifications from any Citrix Cloud services such as Citrix Analytics, enable the notification option in your Citrix Cloud. For more information, see Receive emailed notifications. Notification preferences are not available for administrators who are added through Active Directory/Azure AD Groups.
- By default, the email notifications are sent to the Citrix Security Administrators - default list. You can change this by configuring custom distribution list recipients for weekly alerts. For more information, see Admin email settings.
When do you get an email from Citrix Analytics?
Every Tuesday, an email notification is sent to you from Citrix Cloud firstname.lastname@example.org.
The email notification provides the following information:
- Summary of the total number of events processed, risk indicators detected, and the actions applied
- Summary of the total number of active data sources and the data export consumption status
- Top three risk indicators
- Top three actions taken on the risk indicators
- Total number of active users and total number of risky users
- Any events or actions that require your attention
The weekly email provides a summary of the total number of events processed, risk indicators detected, and the actions applied.
The weekly email also provides insights on the data sources that have been turned on along with the data export consumption status.
Click Manage your data sources on the email to view the Data Sources page in Citrix Analytics. You can onboard the data source and turn on data processing to enable Citrix Analytics to allow the processing of data. For more information on enabling analytics, see Enable Analytics on data sources.
Click Manage or troubleshoot SIEM export to view the Data Exports page in Citrix Analytics to troubleshoot your environment and manage your data export settings.
The weekly email provides insights into the total number of users and users who have acted in a risky manner.
Number of High risk users – Identified in red. They represent an immediate threat to the organization.
Number of Medium risk – Identified in orange. They have multiple serious violations on their account for the selected week and they must be monitored closely.
Number of Low risk users – Identified in yellow. They have a few serious violations on their account, but potentially they are not considered a threat.
For more information, see risky users.
Click Learn more about your users to view the Risky Users page in Citrix Analytics. You can get deeper insights into the active users and the risk categorization.
Top Risk Indicators
The weekly email provides insights on the top three risk indicators and the number of occurrences for the selected week. Depending on the number of occurrences, both the default and custom risk indicators for the selected week are displayed.
For more information, see risk indicators.
Click Learn more about your risk indicators on the email to view the Risk Indicator Overview page in Citrix Analytics.
The weekly email provides insights on the top three actions taken in response to the suspicious and anomalous threats that occurred in the last week. Depending on the number of occurrences, both Global actions and Citrix Gateway actions for the selected week are displayed.
For more information on actions, and configuring an action, see policies and actions.
Click Learn more about your actions on the email to view the Top Actions page in Citrix Analytics.
What action do you need to take after receiving the email?
Weekly emails enable you to find out if any events or actions require your attention.
If there are no risk indicators detected for the week, you get the following message which prompts you to create more custom risk indicators.
You can log in to Citrix Analytics to create more custom risk indicators.
If none of the data sources are turned on in Security Analytics you get the following message which prompts you to turn on data processing for the data sources.
If none of Policies are in monitor mode, you get the following message which prompts you to move the policies to enforcement mode.
If there is no policy set up for any of the top 3 risk indicators for the week, you get the following message which prompts you to create a policy.
If you have not enabled Data Exports for your Citrix Analytics tenant, the following recommendations point you to more details about our Data Exports options which allow you to export your Citrix data to a SIEM environment.
If the data export consumption status is inactive, you get the following message which prompts you to activate your service.
The data transmission is enabled only when the data processing is turned on at least for one data source. If the data processing is turned off for all the data sources, you get the following warning message to enable your data source.