Suspicious Users
Overview
Suspicious Users highlights accounts that may require review based on authentication or activity signals.
What this feature does
It helps administrators focus on accounts with unusual patterns such as failed logins, new country access, unusual timing, or sensitive actions.
Why it is useful
- It helps prioritize investigations by user.
- It provides a bridge between authentication data and activity data.
- It supports proactive security monitoring.
Who should read this?
RISE Admin, Security Officer, System Owner.
Where to find it
Rise Audit Pro → Security Dashboard.
How to use it
- Open Security Dashboard.
- Review the Suspicious Users section.
- Open the user’s Auth Log and Activity Log events.
- Check whether the behavior is expected.
- Document and take action if needed.
Example workflow
A user appears as suspicious after logging in from a new country and changing several invoices. The security officer reviews the account and confirms whether the activity was authorized.
Screenshot
Screenshot required
Capture from: Rise Audit Pro → Security Dashboard → Suspicious Users
Capture from: Rise Audit Pro → Security Dashboard → Suspicious Users
Common mistakes
- Assuming suspicious always means malicious.
- Ignoring suspicious users because they are trusted staff.
- Not reviewing the underlying events behind the label.
Related articles
- User Risk Scores
- How to Investigate a High-Risk User
- Investigating Suspicious Login Activity
