Skip to main content
Version: 25.08

Risks Overview

The Risks Overview page provides a central location to manage data classification rules, known as datasets and policies, as well as review the events triggered by the policies and the associated data flows.

This page displays all customer-defined datasets on the left and the observed data movement that matches defined policies in the center. The right side of the page displays record counts, the locations involved in the dataflows, and the names of users who played a role in the matching events.

The initial view displays all the policies that have an assigned dataset. Each policy is accompanied by a bubble on the left, showing the number of events that matched the policy. The color of the bubble represents the policy's severity level. On the right, you can view the policy's configured settings, which include whether it is set to block, warn, or monitor, the incident configuration (always create incidents, let Linea AI decide, or no incident), and whether screenshot recording is enabled.

The data is presented based on the default period set for this page, which is the Last 7 days. You can click on a specific dataset to view the policy matches related to that dataset.

Datasets are organized by their sensitivity level and policies by their severity level as they were configured. Events that matched a dataset but did not match a policy are shown as "Unmatched" with a grey bubble showing the number of such events.

Cyberhaven offers a 90-day data access window by default with the option to obtain a license for an extended data access window.

Locations

The Locations panel on the top right side of the page shows all the sources and destinations involved in dataflows that matched at least one dataset. You can click on a location to review all the events involving that location.

Click on the kebab menu next to a location to add it to a dataset, policy, or list.

Users

The Users panel at the bottom right side of the page shows all the users involved in dataflows that matched at least one dataset. You can click on a user to review all the events involving this user.

Click on the kebab menu next to a user to add them to a list.

Filters

From the Overview page, clicking on a dataset, policy, location, or username will apply a filter to display flows matching the selection. You can apply any number of filters to show only the desired matching flows.

Any applied filters will be shown near the top left of the console. To remove a filter, click the X to the right of each filter, or click Clear All to remove all applied filters.

Events

The Events tab on the Risks Overview page provides a table with detailed information about each event. The table includes a high-level view of the risk, dataset, policy that the user action triggered, users whose actions triggered the policy, content, and timestamp.

When you expand an event, you can view the sequence of actions that triggered the policy.

The value in the Content column shows the number of content attributes that match the dataset. You can click on the value to see the content attributes.

Export

You can export the events displayed in the Events tab to a .csv file. The file is truncated at 20K rows, and the additional events are not exported.

Read more about the limitation: Limit the number of exported events

To view fewer events on the Events tab, apply the Locations or Users filters, or reduce the date range using the date picker.