Guides

Account Intelligence Details

The Account Intelligence page displays connection and session information for each account in the workspace for the 30 days prior to the most recent event in Coordinated Universal Time (UTC) . Accounts with activity going back as far as 180 days are available.

Account Info

Account Info includes:

  • The account ID and email, if available. You can click either to copy.
  • The First Seen and Last Seen event timestamp (your browser's timezone).
  • Any signals associated with the account within the last 30 days. A warning is displayed if a signal is logged more than 1,000 times.
  • If the account is part of a list, the list is displayed. If the account is on multiple lists, the lists are sorted by most recent.

Recent Activity

Recent Activity includes successes and failures for any event to date, as well as Anomalous Events (indicates an Anomaly Score ≥ 75, signaling highly unusual activity relative to the account’s history).

Click Show in Explorer to view events for this account for the 30 days prior to the most recent event. The Filter fields are populated with details from the account activity.

Location History

This displays a map of the locations from which the account was used in the 30 days prior to the most recent event.

Circadian Rhythm

Circadian rhythm shows the hourly activity of the account averaged over 30 days prior to the most recent event.

  • Bar length correlates with the number of events related to this account.
  • Typical Activity (grey bars) is relative to other accounts in the workspace. For example, this account is active between 1:00 and 2:00, with the greatest activity between 7:00 and 10:00. Other accounts in this workspace are also typically active at these times.
  • Outlier Activity (red bars) indicates unusual account activity relative to other accounts in this workspace. For example, this account has activity from 22:00 to 24:00. Other accounts in this workspace are typically not active at that time. Darker shades of red indicate more unusual activity compared to other accounts in the workspace.
  • A warning is displayed if the account has no activity for particular hours - and that is the Outlier Activity relative to other accounts in the workspace.

Connections

If other accounts are connected to this account over the last 30 days, they are listed as First, Second, or Third-level connections. You can sort by each connection type or click in the list to open an Account Details page for a connected account. A warning is displayed if the account has more than three levels of connections, which may indicate suspicious activity.

SignalPrint

SignalPrint displays the connections and print data for this account in the last 30 days. Click the arrow to open the SignalPrint graph focused on this account.

Workflow Evaluations

If an account was evaluated as part of a workflow, the rule is listed with evaluation details. Click Explorer for more information.

Updated 19 days ago