Session influenced user risk

This detection is recorded when a user's session risk level changes to High.

Detection risk level: Medium

If the user's active session exhibits patterns that match session hijacking, token theft, or token replay, ITP elevates the session risk to High. As a result, ITP elevates the entity (user) risk to Medium. To learn more about session protection and available configuration options, see Session protection.

Policy configuration

Detection: Session influenced User Risk
Take this action: Run a Workflow to notify an admin

Remediation strategy

Investigate the session that's flagged as high risk for any malicious activity. You can view the session activity in the System Log using the externalSessionId that's populated in the relevant user.risk.detect event.

Feedback