A goal of Citrix is to deliver new features and product updates to Citrix Analytics customers when they are available. New releases provide more value, so there’s no reason to delay updates.
To you, the customer, this process is transparent. Initial updates are applied to Citrix internal sites only, and are then applied to customer environments gradually. Delivering updates incrementally in waves helps to ensure product quality and to maximize the availability.
February 20, 2020
Citrix Analytics for Security offering
Citrix Analytics for Security is now available for individual subscription. You can subscribe to Citrix Analytics for Security and get insights that are specific to this offering. For more information, see Get started.
Risk Categories dashboard
Citrix Analytics introduces categorization of risk indicators based on risks that have a similar impact on the organization’s security aspect. This dashboard provides a comprehensive view of the risk exposures and critical risks that require immediate attention. For default risk indicators, Analytics automatically assigns a risk category based on the risk exposure. For custom risk indicators, you must select an appropriate risk category based on the risk exposure.
Analytics supports the following risk categories:
- Data exfiltration
- Insider threats
- Compromised users
- Compromised endpoints
For more information, see Risk Categories.
Risk Category column on the Custom Indicators page
The Risk Category column is introduced on the Custom Risk Indicator page. Based on type of risk exposure, you can select a risk category for your custom risk indicator. Previously created custom risk indicators are displayed on the Risk Categories dashboard if you modify them by selecting a risk category.
For more information, see Custom risk indicators.
Change in risk indicator names
The following risk indicator names have been changed:
|Data Source||Old Name||New Name|
|Citrix Virtual Apps and Desktops||Unusual application usage (Virtual)||Unusual time of application access (Virtual)|
|Citrix Virtual Apps and Desktops||Unusual application usage (SaaS)||Unusual time of application access (SaaS)|
|Citrix Content Collaboration||Excessive logon failures||Excessive authentication failures|
|Citrix Content Collaboration||Unusual logon access||First time access from new location|
|Citrix Access Control||Unusual download volume||Excessive data download|
|Citrix Gateway||Logon failures||Excessive authentication failures|
|Citrix Gateway||Authorization failures||Excessive authorization failures|
|Citrix Gateway||Unusual logon access||First time access from new location|
For more information, see Risk indicators.
For some users, Citrix Analytics is unable to receive any data from Virtual Apps and Desktops even though the data source is successfully onboarded and StoreFront is enabled. [CAS-24134]
Citrix Analytics is unable to receive download events from Citrix Content Collaboration. Therefore, the following risk indicators are not triggered:
Anonymous sensitive download
Excessive access to sensitive files
Excessive file downloads
For newly onboarded users, manual and policy-based actions applied on Citrix Gateway risk indicators do not take any effect. [CAS-29029]
Some users are unable to view the site cards on the Data Sources page. This issue is resolved by repopulating the cache. [CAS-28781]
January 09, 2020
Continuous risk assessment
Some challenges Citrix Workspace users face are that, remote access exposes sensitive data to security risks through cyber-criminal activities like data exfiltration, theft, vandalism, and service disruptions. Employees within organizations are also likely to contribute to this damage.
Some ways of addressing these risks are to implement multi-factor authentication, enforce short sign-in timeouts, and so on. Although these risk assessment methods ensure a higher level of security, they do not provide complete security after the initial validation.
To enhance the security aspect and to ensure a better user experience, Citrix Analytics introduces the solution of continuous risk assessment. This solution helps you to continuously monitor user profiles and take various actions when risky events are detected.
For more, information, see Continuous risk assessment.
Citrix Analytics helps you to manage policy configurations more efficiently. You can protect user accounts from malicious attacks with the help of the following capabilities:
Default policies: Citrix Analytics supports the following default policies:
- Successful credential exploit
- Potential data exfiltration
- Unusual access from a suspicious IP
- Unusual app access from an unusual location
- Low risk user - first time access from new IP
- First time access from device
You can modify the default policies based on your requirements.
Multiple conditions: A policy can contain up to four conditions. The conditions can be set with combinations of risk scores and risk indicators, or both.
Deprecation of Risk score change condition: Citrix Analytics no longer supports the Risk score change policy-based condition.
Default and custom risk indicators: The conditions menu on the Create Policy page is now segregated based on default and custom risk indicators. When creating a policy, you can switch between the default and custom risk indicators tabs, and set the risk indicator conditions.
Request user response: Citrix Analytics introduces the Request user response action. Using this action, you can send an email notification to the user regarding the risky activity detected. Once the user responds about the activity, you can determine the next course of action to be taken on their account. You can also set the user response time. If no response is received, Citrix Analytics considers No response as the status.
Apply disruptive actions: You can notify the users when a disruptive action such as Log off user or Lock user, is applied. A notification is sent to the user with details of the activity and the action applied. This action temporarily disrupts services to the user’s account to prevent further misuse. To continue accessing the account, the user must contact the administrator for assistance.
Enforcement and monitor modes: You can set enforcement or monitor modes to your policies.
For more information on policy enhancements, see Policies and actions.
Lock user and Unlock user actions
Citrix Analytics introduces the following Gateway actions:
- Lock user
- Unlock user
You can apply these actions either manually or when you configure policies.
For more information, see What are actions.
Deprecation of multiple policy-based actions
When you configure policies, you cannot apply multiple actions anymore. Citrix Analytics now supports only one action for each policy.
For more information, see Policies and actions.
Access summary dashboard
Citrix Analytics introduces the Access Summary panel on the Users dashboard. It summarizes the total number of attempts that users have made to access the resources within an organization.
For more information, see Access summary.
Policies and actions dashboard
Citrix Analytics introduces the Policies and Actions panel on the Users dashboard. It displays the top five policies and actions applied on user profiles. You can sort data based on the top policies and the top actions for a selected time period.
For more information, see Policies and actions.
Self-service search for policies
Use the self-service search to view the user events that met your defined policies. You can also view the actions that Analytics has applied for these anomalous events. Use the facets and the search box to search for the required events.
To view the events, in the search box, select Policies from the list, select the time period, and then click Search.
For more information, see Self-service search for Policies.
- Delegated read-only administrators encounter an error while accessing the User Access and App Access dashboards. [CAS-16297]
December 12, 2019
Splunk version support
Citrix Analytics supports the following versions of Splunk:
- Splunk 8.0 64-bit
- Splunk 7.3 64-bit
To get maximum security benefits of Splunk integration, upgrade to the latest version of the Splunk add-on app from the Download page.
For more information on supported Splunk versions, see Supported versions.
December 04, 2019
Custom risk indicator for Citrix Gateway
Using custom risk indicators, you can now define the conditions and the frequency for triggering risk indicators for Citrix Gateway events. When a user event meets the conditions, Analytics triggers the risk indicators. For more information on how to create custom risk indicator, see Custom risk indicators.
November 22, 2019
First time access from new device – Citrix Virtual Apps and Desktops risk indicator
Citrix Analytics detects access threats based on access from a new device and triggers the corresponding risk indicator.
The First time access from new device risk indicator is triggered when a user signs in from a device after 90 days. This event is triggered because Citrix Receiver has no sign-in records from this new or unfamiliar device for the last 90 days. For more information, see Citrix Virtual Apps and Desktops risk indicators.
Deprecated risk indicator - Access from new device
Citrix Analytics no longer triggers the Access from new device risk indicator. However, on the user dashboard, user timeline, and the policy dashboard, you can view historic data related to this risk indicator.
For previously created policies based on Access from new device, you must either modify the policy or create a policy with the new risk indicator First time access from new device.
For more information, see First time access from new device risk indicator.
First time access from new IP - Citrix Gateway risk indicator
Citrix Analytics detects access threats based on access from a new IP address and triggers the corresponding risk indicator.
The First time access from new IP risk indicator is triggered when a user signs in from an IP address after 90 days. This event is triggered because Citrix Receiver has no sign-in records from this new or unfamiliar IP address for the last 90 days.
For more information, see Citrix Gateway risk indicators.
Logon from suspicious IP - Citrix Gateway risk indicator
Citrix Analytics detects user access threats based on the suspicious IP sign-in activity and triggers the Logon from suspicious IP risk indicator.
This risk indicator is triggered when a user attempts to access the network from a suspicious IP address. Analytics considers an IP address as suspicious based on any of the following conditions:
Is listed on the external IP threat intelligence feed
Has multiple user sign-in records from an unusual location
Has excessive failed sign-in attempts that might indicate a brute-force attack
For more information, see Citrix Gateway risk indicators.
Self-service search for Citrix Gateway events
Use the self-service search feature to get insight into user events received from the Citrix Gateway data source. Citrix Analytics receives events such as authentication stage, authorization type, VPN session code, VPN session state for Citrix Gateway users. Use the facets and the search box to search for the required events and explore the underlying data.
To view the events, in the search box, select Gateway from the list, select the time period, and then click Search.
For more information, see Self-service search for Gateway.
Self-service search for Citrix Secure Browser events
Use the self-service search feature to get insight into the browsing events received from the Citrix Secure Browser service. Citrix Analytics receives events such as session connect, session launch, published applications, deleted applications for each user connection. Use the search box to search for the required events and explore the underlying data.
To view the events, in the search box, select Secure Browser from the list, select the time period, and then click Search.
For more information, see Self-service search for Secure Browser.
Remove from watch list action
You can remove a user from the watchlist either by applying the manual method or by applying a policy-based method. For more information, see Watchlist.
Improved onboarding messages when configuring a StoreFront deployment
Citrix Analytics now provides the following messages to help you configure your StoreFront deployments:
After downloading the configuration file, you can see a message indicating the date and time of the download and the user name. When you refresh this page, the Download file button changes to Download file again.
If your StoreFront configuration is incomplete, you see a warning message instructing you to follow configuration steps and connect your StoreFront deployment with Analytics.
For more information on how to configure your StoreFront deployment, see Onboard your Virtual Apps and Desktops Sites using StoreFront.
- The self-service search for authentication fails to display the events. [CAS-24959]
November 08, 2019
For Citrix Content Collaboration risk indicators, users are unable to apply actions on the risk timeline. [CAS-24844]
Versions prior to 1911 of Citrix Workspace App for Chrome fail to send event details to Citrix Analytics. [CAS-24938]
October 21, 2019
Modified name for analytics agent
The agent name is specifically mentioned as Analytics policy agent on the user interfaces to indicate its role. When onboarding the on-premises Citrix Virtual Apps and Desktops data sources, Citrix Analytics clearly notifies that a policy agent is required only to configure policies and actions for your Site. This agent has no role in transmitting data from the data source. For more information, see Citrix Virtual Apps and Desktops data source.
Support for the time dimension for custom report
You can now group the events based on time by selecting the Time dimension for the x-axis. The report displays the total events received based on the time intervals for the selected period. For more information on how to create reports, see Custom reports.
Audit logs enhancements
The user experience of the Audit Log page is enhanced.
You can view the date and time details when the Audit Log page was last updated and refresh the page to view the latest audit logs.
You have an option to clear all the filters that were applied on the audit logs.
For more information on the audit data, see Audit logs.
Citrix Analytics is unable to generate the Anonymous IP address risk indicator even though Microsoft Graph Security is successfully onboarded. [CAS-21329]
Versions prior to 1910 of Citrix Workspace App for HTML5 fail to send event details to Citrix Analytics. [CAS-24938]
September 23, 2019
- On the data sources site cards, the Latest event field displays incorrect date and time information. [CAS-24087]
August 30, 2019
Change in default time period across dashboards
The default time period on the following dashboards is changed from Last 1 Hour to Last 1 Month:
Now the dashboards display the events for the last one month by default. You get a more engaging experience while using these dashboards. For example, when you open the App Access dashboard, the dashboard displays the app access events for the last one month by default.
For Content Collaboration risk indicators, the Disable user policy-based action cannot be applied successfully. [CAS-17304]
Citrix Analytics cannot process events from Citrix Gateway 13.0. This issue occurs because Citrix Gateway 13.0 fails to provide user names in the logon events sent to Citrix Analytics. [CAS-21339]
August 20, 2019
Self-service search enhancements
The user experience of the self-service page is enhanced. You can now seamlessly switch back and forth between the user risk timeline and the self-service search page.
You can now sort your events by time. By default, the latest events appear first in the event table. Click the sort icon on the TIME column to sort the events based on either latest time or earliest time.
For more information on how to use self-service search, see Self-service search.
Custom report enhancements
New dimensions are added for the Access Control, Content Collaboration, and Virtual Apps and Desktops data sources. You can choose these dimensions to create reports. The following dimensions are added for the data sources:
Access Control: User Agent, User Name
Content Collaboration: User Email, User Name, Created by, Account Id, OAuth Client Id, Event Id, Folder Id, Folder Name, Resource Id, Form Id, Client Ip
Virtual Apps and Desktops: User Name, IP Address, Device Id, Jail Broken, Session Launch Type, Session Server Name, Session User Name, Download File Name, Download File Path, Printing Printer Name, Printing Job Details File Name, SaaS App Launch URL, Clipboard Operation, Clipboard Details Result
The custom report user interface is enhanced with support for pagination and a Clear All option for the filters.
For more information on how to create a custom report using these dimensions, see Custom reports.
Risk Indicators dashboard
The Risk Indicators dashboard is introduced on the Users page. It summarizes the top five default and custom risk indicators for a user. A See More link redirects you to the Risk Indicator Overview page. This page provides detailed information about the risk indicators generated for a selected time period.
For more information, see Users dashboard.
Risky Users dashboard enhancements
Citrix Analytics introduces the Risk Indicators and Risk Indicators Change tabs on the Risky Users dashboard. You can view the top five risky users based on these tabs. The dashboard also introduces the Risk Indicators column. It shows the number of risk indicators for a user.
The Risky Users page introduces the Occurrences and Occurrences Change columns. These columns summarize the total occurrences and the change in occurrences of the custom and the default risk indicators.
For more information, see Users dashboard.
Share link risk indicator - Excessive downloads
Citrix Analytics detects access threats based on excessive downloads on a share link and triggers the Excessive downloads risk indicator. By identifying share links with excessive downloads, based on previous behavior, you can monitor the share link for potential attacks. This risk indicator helps you identify an excessive file download activity.
For more information, see Excessive downloads.
Self-service search for the Authentication data
Use self-service search to get insights into the authentication events. Citrix Analytics receives the authentication events such as user login, user logoff, and client update from the Identity and Access Management service of Citrix Cloud. The search provides a detailed report on the authentication events, helps you to identify any authentication issues, and troubleshoot them. You can also define a search query to retrieve events that match your defined criteria.
To view the events, select Authentication from the list, select the time period, and then click Search.
For more information, see Self-service search for Authentication.
July 11, 2019
Custom risk indicators
The default risk indicators that Citrix Analytics generates are based on machine learning algorithms. Citrix Analytics now allows you to create custom risk indicators. Based on user events, you can define the conditions and create custom risk indicators.
When the defined conditions are met, Citrix Analytics generates the custom risk indicators similar to default risk indicators, and displays them on the user’s risk timeline. Custom risk indicators are denoted with a label on the user’s risk timeline.
For more information, see Custom risk indicators.
Privileged status on risk timeline
The user risk timeline displays the following events whenever there is a change in Admin or Executive privilege status of a user:
Added to Executive group
Removed from Executive group
Privilege elevated to Admin
Admin privilege removed
When a risk indicator is triggered for a user, you can co-relate it with the specified privilege status change event. If necessary, you can apply appropriate actions on the user profile.
For more information, see User risk timeline.
Expire share link action
Citrix Analytics enables you to apply actions on share link risk indicators. Currently, the supported action is Expire share link.
For more information, see Citrix share link risk indicators.
Self-service search enhancements
Support for wild card character * in search query: Use the asterisk (*) character in your search query to match any character zero or more times. For example, the search query User-Name = “John*” displays events for the all usernames that begin with John.
Added the Clear All option for facets: Click Clear All to remove all the selected facets at a time.
View hidden column data in the event list: After removing a column from the event table, you can view the corresponding data in the user event list. Expand the event row for a user and view the data.
For more information, see Self-service search.
Data error status on the site cards
The Site cards display the No data received label in red when Citrix Analytics does not receive events for the last one hour from the data source. It also displays the number of events received and is linked to the corresponding self-service search page. This feature helps you view the corresponding events on the self-service search page and check for any data transmission issues.
Currently, self-service search is available only for the Access, Content Collaboration, and Virtual Apps and Desktop data sources.
For more information, see Enable Analytics on Citrix data sources.
- For the Access Control data source, the number of events on the site card does not match the self-service search results. [CAS-18286]
June 19, 2019
The Audit Log page displays the data transmission on or off status every time the Active Directory data source is discovered. [CAS-17575]
The time period menu on the Users dashboard does not load accurately. It displays a timeout error message. [CAS-19467]
Users get an error message on Citrix Analytics while connecting to a tenant from Splunk. Occasionally, onboarding of new data sources fails. [CAS-19429]
June 17, 2019
If your organization uses on-premises StoreFront, you can now configure StoreFront to connect to Citrix Analytics. Configuration is performed using a configuration file imported from Citrix Analytics. After the configuration is successful, Citrix Workspace app sends user events to Citrix Analytics for generating actionable insights into user behaviors. The insights help you to detect any anomalous user behaviors and proactively handle security threats in your organization. For more information, see Onboard Virtual Apps and Desktops Sites using StoreFront.
May 30, 2019
Excessive logon failures
Citrix Analytics detects access threats based on excessive logon activity and triggers the Excessive logon failures risk indicator. This risk indicator is triggered when a user experiences multiple failed logon attempts to access Content Collaboration. By identifying users with excessive logon failures, based on previous behavior, administrators can monitor the user’s account for brute force attacks.
For more information, see Excessive logon failures.
For some user events transmitted by Citrix Workspace apps, the data source is incorrectly identified as Endpoint Management instead of Citrix Virtual Apps and Desktops.
The Users dashboard takes a long time to load for the Last 1 Month time period. This issue occurs when the number of users are high. In some instances, you might even encounter 601 errors.
Citrix Content Collaboration is not discovered as a data source although some users subscribe to the service on Citrix Cloud.
May 09, 2019
Creating custom reports
You can now create custom reports based on your operational requirements. Citrix Analytics provides a list of dimensions and metrics according to the selected data source. Choose the required parameters and the visualization types such as bar chart, event chart, line chart, or table to create your reports. Creating reports help you to organize and analyze your data graphically.
To create a custom report, from the Security tab, click Reports > Create Report. To view your previously created reports, from the Security tab, click Reports. For more information, see Custom reports.
Privileged user monitoring
Citrix Analytics enables you to closely monitor the behavior anomalies of privileged users in an organization. As privileged users are highly vulnerable to security threats, it becomes challenging to distinguish their daily activities from the malicious ones. Hence, the malicious activities of privileged users remain undetected for a long time. This feature enables you to proactively monitor such activities and take appropriate actions on the appropriate user accounts. Privileged users are represented with an icon on the Users dashboard.
Citrix Analytics supports monitoring for the following types of privileged users:
Admins - Users who are assigned Admin privileges by the respective Citrix service. Currently, Citrix Analytics supports privileged user monitoring for users with Admin privileges in the Content Collaboration service.
Executives - On Citrix Analytics, you can mark an AD group as an Executives group. Marking an AD group as an Executive group makes all the users in the group as privileged users. If there is no need to further support the behavior anomalies of users in an AD group, you can remove the group as an Executive group.
For more information, see Privileged users.
Weekly email summary
Citrix Analytics sends a weekly email to the administrators summarizing the security risk exposures in their organization’s IT environment. The email notification is sent every Tuesday to the administrators and it highlights the security events that have occurred in the previous week. This email ensures that the administrators are informed about the security risk exposures without signing in to Citrix Analytics. For more information, see Weekly email summary.
April 26, 2019
Citrix Analytics now supports delegated administrator roles. This functionality enables you to invite other administrators to your Citrix Cloud account to manage Citrix Analytics for your organization. If you are a Citrix Analytics administrator with full access permission, you can add other administrators to your Citrix Cloud account. These additional administrators are called delegated administrators. You can currently assign read-only access to the delegated administrators. For more information, see Delegated administrators.
Few risk indicators for the data sources that use data streaming do not generate alerts. You do not get any alert notifications and policy-based actions are not applied automatically if any one of the following risk indicators is triggered:
Citrix Endpoint Management risk indicators - Unmanaged device, Jailbroken or rooted device, and Device with blacklisted apps.
Citrix Virtual Apps and Desktops risk indicator - Access from device with unsupported operating system (OS).
Citrix Content Collaboration risk indicator - Excessive access to sensitive files.
February 19, 2019
Citrix Analytics integrates with Splunk to enhance your security incident monitoring and troubleshooting experiences. This integration augments your existing data sources with the intelligence of Citrix Analytics’ risk analysis capabilities such as risk indicators, risk scores, and user profiles. Citrix Analytics exports risk analysis information to a channel. Splunk pulls the same from this channel.
Splunk integration involves configuration on Citrix Analytics, installation of the Citrix Analytics Add-on for Splunk app, and configuration of the app. Ensure to turn on data processing for at least one data source. It helps Citrix Analytics to begin the Splunk integration process.
For more information, see Splunk integration.
Dynamic session recording
Citrix Analytics introduces the ability to trigger session recording dynamically on the users’ current Virtual Apps and Desktops sessions. It helps to capture evidences required for risk analysis and take appropriate incident response actions such as disconnect sessions and block user.
For more information, see Policies and actions.
Share Links dashboard and risk indicator
Citrix Analytics introduces the risk visibility to Share Links based on data collected from Citrix Content Collaboration. It helps you to understand the risk exposure of share links through the risk indicators that the share links trigger.
For more information, see Share Links dashboard.
Currently, the Anonymous sensitive share download risk indicator is triggered for a share link. When Content Collaboration detects this risky behavior, Citrix Analytics receives the events. You are notified in the Alerts panel and the Anonymous Sensitive Download risk indicator is added to the share link’s risk timeline.
Microsoft Active Directory integration
You can now integrate Microsoft Active Directory with Citrix Analytics. This integration enhances the context of risky users with additional information such as job title, organization, office location, email, and contact details. You can get a better visibility of a user on the user profile page in Citrix Analytics.
For more information, see Integrate Analytics with Microsoft Active Directory.
January 04, 2019
Addition of SOURCE column for existing risk indicators
The SOURCE column has been introduced in the EVENT DETAILS section for following risk indicators:
Excessive file uploads
Excessive file downloads
Excessive file sharing
Excessive file or folder deletion
For more information, see Citrix Content Collaboration risk indicators.
Advanced user profile
The User Info view on the user profile has been enhanced. The Trend View link has been introduced at the top right corner of the Application, Devices, and Data Usage sections. The Map View link has been introduced at the top right corner of the Locations section. These links provide a graphic representation about the user’s historical behavior during a specific time period. You can navigate to User Info from the user’s risk timeline or from the Data Sources page.
The Authentication and Domains data are currently not available on the User Info profile.
For more information, see Users dashboard.
Microsoft Graph Security risk indicators
The onboarded Microsoft Graph Security can receive risk indicator details from one of the following security providers, and forwards it to Citrix Analytics:
Azure AD Identity Protection
Windows Defender Advanced Threat Protection
For more information, see Microsoft Graph Security risk indicators.
Ways to enter the self-service search page
You can now access the self-service search page using the following options:
Top bar: Click Search on the top bar to directly access the search page.
Risk timeline on user profile page: Click Event Search to access the search page and view the events corresponding to a specific user’s risk indicator and the data source. For more information, see Self-service search.
Self-service search for Content Collaboration
Use self-service search to get insight into the events associated with the Content Collaboration data source. To view the events, select Content Collaboration from the list, select the time period, and then click Search. For more information, see Self-service search for Content Collaboration.
Self-service search for Virtual Apps and Desktops
Use self-service search to get insight into the events associated with the Virtual Apps and Desktops data source. To view the events, select Apps and Desktops from the list, select the time period, and then click Search. For more information, see Self-service search for Virtual Apps and Desktops.
Export self-service search events to CSV file
You can now export the self-service search events to a CSV file and download the file for future use. For more information, see Self-service search.
Improved onboarding for Virtual Apps and Desktops
The onboarding process for Virtual Apps and Desktop data source is now improved to provide a better user experience. The site cards and the on boarding steps have been modified. For more information, see Citrix Virtual Apps and Desktops data source.
November 29, 2018
Microsoft Security Graph data source
Microsoft Graph Security is an external data source that aggregates data from multiple security providers. It also provides access to the user inventory data.
Citrix Analytics currently supports the Azure AD identity protection and Windows Defender ATP security providers associated with this data source.
To onboard this data source, you must obtain permissions from the Microsoft identity platform. For more information, see Microsoft Graph Security.
View event details and discovered users on the site cards for data sources
The site cards for the data sources now display event details and the number of users. For example, you can view the event details and the users for Access Control on the site card. For more information, see Enable Analytics on data sources.
November 16, 2018
Self-service search for access data
You can use self-service search to get insight into the access details for the users in your enterprise. Citrix Analytics collects the users’ access details from the Citrix Access Control service. Use the facets and the search query to narrow down your search results.
To use the self-service search page, from the Security tab, click Event Search.
For more information, see Self-service search for Access.
Risk indicator feedback
Using the risk indicator feedback feature on Citrix Analytics, you can provide feedback regarding a risk indicator. Your feedback helps to confirm if the security incident reported is accurate or not.
Currently, this feature is supported on the Unusual logon access risk indicator triggered by the Content Collaboration data source. If this risk indicator triggered is incorrect, you can report it as a false positive and provide feedback. You can also edit feedback that you have previously submitted. Citrix Analytics captures your feedback and validates the predicted information to optimize the anomalous behavior detection.
For more information, see Risk indicator feedback.
- You cannot edit and save a policy if you are accessing Citrix Analytics using Internet Explorer 11.0.
In this article
- February 20, 2020
- January 09, 2020
- December 12, 2019
- December 04, 2019
- November 22, 2019
- November 08, 2019
- October 21, 2019
- September 23, 2019
- August 30, 2019
- August 20, 2019
- July 11, 2019
- June 19, 2019
- June 17, 2019
- May 30, 2019
- May 09, 2019
- April 26, 2019
- February 19, 2019
- January 04, 2019
- November 29, 2018
- November 16, 2018