Skip to content

Identity Risk Posture🔗

The Identity Risk Posture Overview provides an overview of your current identity posture, including your current Risk Posture Score and rating, as well as the number of identities, groups, devices, and applications (service principals) Secureworks is monitoring. In addition, you can view the top risky users, top findings, and credential compromise metrics

Identity Risk Posture Dashboard

Identity Risk Posture Score & Rating🔗

The Identity Risk Posture Score and rating uses a weighted average (critical and high risk items are weighted higher) based on the number of open findings and the risk level of those findings identified within your environment. The score is updated daily and will move up or down based on whether findings are remediated, dismissed, or new ones are discovered. In addition, you can see how the score changed from the previous day by using the percent change and arrow.

Risk Ratings:

  • 75 - 100 = Critical
  • 50 - 74 = High
  • 25 - 49 = Medium
  • 0 - 24 = Low

Identity Risk Posture Score and Rating

Tip

Select the Identity Risk Posture Score to open the Identity Risk Posture Score page.

Your Environment Counts🔗

Next to the Identity Risk Score and rating, find counts of identities, groups, devices, and applications (service principals) Secureworks is monitoring from your Entra ID environment. Select one of these counts to navigate to the associated section of My Environment.

Identity Risk Posture Counts

Top Risky Users Widget🔗

The Top Risky Users widget displays a list of users that have been involved in alerts within the last seven days. For each user, a count of alerts for each severity is included.

Note

The counts include both open and closed alerts.

Take the following actions from this widget:

  • Select the user name or icon to navigate to the Identity Details for that user.
  • Select the alerts row for a user to navigate to the Insights tab of the related Identity Details.

Top Risky Users Widget

Top Findings Widget🔗

The Top Findings widget displays an aggregated view of the top findings based on risk level. Take the following actions from this widget:

  • Select More from a recommendation to expand the row and view the full recommendation. Select Less to collapse the row again.
  • Select View Related Findings to navigate to the Identity Findings page filtered by the check that identified the issue.

Top Findings Widget

Credential Compromise Widget🔗

The Credential Compromise widget displays the count of open credential compromise findings by risk level as well as metrics related to leaked credentials found for the domains configured within your environment. Where applicable, it also shows the trend of this activity over the previous 30 days.

Note

The stats outlined below include ALL known active credential leaks. This could include data for users that are no longer with the organization or old leaked data matching the selected domains. We only generate findings for what we consider Active Breaches including where there is active matching identity, and as such, the stats may differ from what you see within the findings view.

  • Findings — The number of Open credential compromise findings with the counts by risk level
  • Sources — The number of active unique leak sources where data for your domains has been observed
  • Plaintext Passwords — The number of active leaks where plaintext passwords were identified in the leak data
  • Hashed Passwords — The number of active leaks where hashed passwords were found in the leak data
  • Emails — The number of active unique email accounts that have been observed in the leak data
  • Unique Passwords — The number of active unique passwords that have been observed in the leak data
  • Admin Emails — The number of active accounts identified as an admin that have been observed in the leak data

Select a metric to view matching breach data on the Credential Compromise page.

Select Breach-Related Findings to navigate to the Identity Findings page filtered by credential compromise findings.

Credential Compromise Widget

Identity Risk Posture Score Page🔗

The Identity Risk Posture Score page enables you to view how your Posture Score is changing over time. To access the page, select the Identity Risk Posture Score from the overview page. By default, it shows how the score has trended over the previous 14 days. Adjust the time range by using the date picker at the top of the page to choose a quick link period or to set a custom range.

Tip

There are no limits on the time range, so you can view the score for as long as there is data.

Identity Risk Posture Score Page

Take the following actions to explore the data:

  • Select a plot within the graph to view a list of findings that were created, re-opened, dismissed, or resolved on the selected date.
  • Select a finding from the table to open the finding details panel.

Note

Findings that continue to persist after they are initially opened will have their last_seen time updated. As a result, it is expected that you might not see a lot of days with new findings.

Export Identity Risk Posture Score Graph🔗

To export the Identity Risk Posture Score line graph as a .PNG file, select the vertical ellipsis menu and select Download as PNG.

Download IDR Risk Score Graph as PNG