The user intel page contains data on how your user base interacts with your web app and what risks they are posing. There are two different containers on this page; authentication and profiles. In this guide, we will cover what the different widgets on this page represent.

In the upper right hand corner, there is a dropdown that allows you to define the search time period. The options range anywhere from the last day up to the last three months. The default filter is set to the last day. This time filter is a global filter for this page and will get the results for the time period selected on both the authentication and profiles containers. If you would like to define a unique time filter for the authentication and profiles section, that is possible in the upper right hand corner of the respective container. Please note that this filter selection will override what is selected for the global filter.

The widgets also have a CSV download button. This will export the data shown based on the current selected time filter.

If you would like more information regarding the data reported in an individual widget, clicking on the 'see details' link will bring you to a page filtered off the time filter used on the user intel page.

The authentication container holds widgets reporting different statistics regarding authentication attempts, successes, and failures.

Login Attempts
Displays data regarding total, successful, and failed authentication attempts. Total, successful, and failed authentication attempts are color-coded in the graph. If you would only like to see total and successful in the graph, clicking on 'failed' will remove the failed line of the graph. This can be done for the other values as desired. Regardless of the time filter used, the average number displayed in the bottom right corner of the widget will be the average attempts for a day during the given time period.

Successful Logins
Provides an hourly breakdown of successful logins.

Failed Logins
Provides an hourly breakdown of failed logins.

Top Countries with Failed Logins
Provides statistics on which countries are failing authentication the most.

Failed Logins Locations
A geographical representation of the countries that have failed authentication.

Successful Logins with IP Risk
Provides visibility into what types of risk the IP addresses used for successful authentication are presenting. Clicking on an individual risk category, such as bot status for example, will link you to a page filtered to show the usernames of the profiles that authenticated successfully from an IP address that is known to present a bot risk.

Bots vs Humans
Detailed breakdown into the different entities that attempt authentication with your web app. The diagram shows the differences between successful and failed authentication attempts along with if the attempts were performed by humans or bots. If a bot detection occurs, the spider graph will display which bot detection type occurred.

The profiles container includes data related to users that have successfully authenticated with your web application. Please keep in mind that this is only for successful authentications.

How many profiles logged in to your web app.

New profiles created. This means that the profile did not exist in Cymatic, and therefor was created automatically.

IP Risk
The number of user profiles that accessed your web app from an IP address that presents a risk.

Possible Geo Risk
The amount of user profiles that have logged in from a geographical location that is new or not previously known to Cymatic.

Different Device
The number of user profiles that logged in from a new device that Cymatic has not previously seen before.

Shared Accounts
This widget contains data on the accounts that potentially are sharing credentials. In order for the profile to be included in this widget, the login must be performed from an unknown device and from a different geographical location.

Multiple Accounts
This detection occurs when a single device is used to successfully log in to your web app with multiple accounts.

Weak Passwords
If the password strength for a successful authentication is medium or lower, it will be represented in this widget.

Both Credentials Breached
Profiles that have logged in with both the username and password known to be compromised on the dark web.

Breached Usernames
Profiles that have logged in and the username is known to be compromised on the dark web.

Breached Passwords
Profiles that have logged in and the password is known to be compromised on the dark web.
Was this article helpful?
Thank you!