User Risk Exchange Workflow

User Risk Exchange Workflow

User Risk Exchange is designed to ingest one or multiple plugged-in vendors’ user or device risk scores and create a single view of individual contributors to the companies overall risk score and trend. Its rules-based engine matches single or multiple vendor scores or a derived weighted score to trigger notifications and drive highly focused orchestrated actions to reduce the risk from individual users or devices.

Click play to learn how to set up User Risk Exchange to drive a zero trust enforcement inside Netskope.


User Risk Exchange Global Settings

Only write access users can change Risk Exchange Global Settings. Go to Settings > User Risk Exchange. There are four tabs: General, Logs Cleanup, Plugin Weights, and Flap Suppression.

On the General tab, you can enable generating alerts that are shared with the Ticket Orchestrator module. You can also specify how long to keep the score history. The default is 30 days. Select the maintenance window time interval, and during this time, interval Risk Exchange actions (which are configured to be performed in the maintenance window) will be performed.


On the Logs Cleanup tab, you can specify how often to delete logs.


On the Plugin Weights tab, aggregate scores are calculated based on the weights assigned to each plugin configuration and their respective contributions. You can set the ranges for scores as per requirement and preview results. User Scores are generated based on the specified ranges.


On the Flap Suppression tab, set the Flap Suppression time to prevent actions being triggered multiple times on the same user in a short duration time until the score does not change.


On the Records Cleanup tab, set the option to enable/disable data purging, and then set a time duration for which the records remain inactive. After that, the duration records will be deleted from Cloud Exchange as specified.

Share this Doc

User Risk Exchange Workflow

Or copy link

In this topic ...