# Risk Summary

Risk Summary provides a consolidated, high-level overview of risky activities and user behaviour of your organisation in a single email, helping you quickly understand your organisation’s overall risk posture. It gives you visibility into what kinds of incidents are happening in your organisation and which users are showing risky behaviour, so your security teams can take necessary actions on time.  

Clicking on an item in the report takes you to the INSIGHT Dashboard for deeper investigation. You need to log in to INSIGHT to access the Dashboard. You can customise the report to suit your requirements by choosing what data to include, how it is displayed, and how frequently it is sent. 

## Configure Risk Summary Report

1. Navigate to ***INSIGHT > Risk Summary***.
2. ​Click **+ New Risk Summary**.<br>

   <figure><img src="/files/hS8VB8JvuQfK1QPGNhjc" alt=""><figcaption></figcaption></figure>
3. ​In **General**:
   1. ​Enter the email subject.
   2. ​In **Email On**, select the date when the first report will be sent.
   3. ​In **Email To**, enter or select the email addresses of users who will receive the report.
   4. ​In **Duration**, choose how often the report is sent:
      * ​**Daily:** The report is sent every day after the selected start date.
      * ​**Weekly:** The report is sent once every week on the same day of the week as the start date.
      * ​**Monthly:** The report is sent once every month on the same day as the start date.<br>

        <figure><img src="/files/AHDlNK2ENsc2uXdyoOlG" alt=""><figcaption></figcaption></figure>
   5. ​Click **Next**.
4. ​In **Select Widget,** select the [widgets](#widgets) to include in your report and click **Next**. These widgets determine what types of risk activities are analysed. <br>

   <figure><img src="/files/gsERZnuLN545a3NHzIOg" alt=""><figcaption></figcaption></figure>
5. In **Filter Options**, apply the following filters to refine the report output and click **Next.**
   1. ​In **File Name**, enter the file name to filter results within the selected widgets. The report will include data only for files that match this name.
   2. ​In **SharePoint File Path**, enter the file or folder path within the SharePoint site to further narrow down the results.
   3. ​In **SharePoint Site URL**, search and select the URL to limit results to activities associated with a specific SharePoint site.
6. In **Select Users**, search and select the users whose risk activities you want to track in the report and click **Next**. Only activities related to selected users will be included.<br>

   <figure><img src="/files/RaNSkioUQWvvypvM8roZ" alt=""><figcaption></figcaption></figure>
7. In **Data Types**, select relevant data types to include in the report and click **Next**.\
   ![](/files/00NfrNiqS6ZmoVglP8DB)
8. In **Customisation**, customise the appearance and content of the report.
   1. In **Banner Image**, upload an image in PNG, JPG, or GIF format, up to 5 MB, to personalise the report.
   2. In the text box, add the content that will appear in the report. This can include an introductory message, risk summaries, additional instructions, notes, and more.&#x20;
   3. Click **Next**.<br>

      <figure><img src="/files/gLDk31nkgOYSrREwotQl" alt=""><figcaption></figcaption></figure>
9. In **Send Test Email**,&#x20;
   1. In **Date Range,** select the time period for which the Risk Summary report data should be generated.
   2. In **Email to**, enter the recipient's email address.
   3. Click **Send Email**.
10. After completing all steps, click **Save**. The report will be generated and sent based on the defined criteria and schedule.

### Widgets

#### **SharePoint External**

1. **External Access:** Shows when and how files stored in SharePoint are being accessed by users outside the organisation’s domain. This helps identify potential exposure of organisational data outside trusted boundaries.
2. **External Downloads:** Shows which files are being downloaded by external users and how often. This helps highlight potential data exfiltration, especially when large volumes or sensitive files are involved.
3. **Anonymous Downloads:** Shows downloads performed using anonymous links that do not require authentication. Since user identity is not verified, this represents a higher risk of uncontrolled data distribution.
4. **Anonymous Access:** Shows access to SharePoint content through anonymous links. This helps identify content that is accessible without authentication, increasing the risk of unauthorised access.
5. **Platform Downloads External Mobile:** Shows file downloads by external users on mobile devices. This provides visibility into access from potentially unmanaged or less secure environments.
6. **Platform Access External Mobile:** Shows access to SharePoint content by external users from mobile devices, helping identify activity from untrusted or non-corporate devices.
7. **Links Shared to External Users using Teams:** Shows files or links shared with external users through Microsoft Teams, providing visibility into collaboration-based sharing activities.
8. **Use of Sensitive Libraries by External Users:** Shows external user activity within libraries marked as sensitive, helping identify access to critical or confidential data.
9. **Downloads using Sensitive Libraries by External Users:** Shows downloads of files from sensitive libraries by external users, indicating potential data leakage risks.

#### **SharePoint Internal**

1. **Creation of Links for Anonymous Users:** Shows when internal users create anonymous access links, which may introduce risks by allowing access without authentication.
2. **Internal Access:** Shows access to SharePoint files, folders, or sites by internal users, helping identify unusual or unexpected access behaviour.
3. **Internal Downloads:** Shows files downloaded by internal users. High-volume or unusual downloads may indicate potential misuse or insider risk.
4. **Platform Downloads Internal (Mobile Devices):** Shows downloads performed by internal users on mobile devices, providing visibility into activity outside controlled environments.
5. **Platform Access Internal (Mobile Devices):** Shows SharePoint access by internal users from mobile devices, helping track access from non-corporate or unmanaged devices.
6. **Links Shared to Internal Users using Teams:** Shows files or links shared internally through Microsoft Teams, helping track internal collaboration and data distribution.
7. **Use of Sensitive Libraries by Internal Users:** Shows internal user activity within sensitive libraries, helping ensure appropriate access to critical data.
8. **Downloads using Sensitive Libraries by Internal Users:** Shows downloads of sensitive files by internal users, indicating potential insider risk or policy violations.
9. **Internal File Deletions:** Shows file deletion activity by internal users, helping identify accidental or intentional data removal.
10. **Internal File Uploads:** Shows files uploaded by internal users to SharePoint, providing visibility into new data being introduced.
11. **Internal File Deletions from Sensitive Libraries:** Shows deletion of files from sensitive libraries by internal users, highlighting potential loss of critical data.
12. **Internal File Uploads to Sensitive Libraries:** Shows uploads of files to sensitive libraries by internal users, helping track what data is being stored in controlled locations.

#### **Email**

1. **Emailing of attachments from Corporate Email to Non-Corporate:** Shows attachments sent from corporate email accounts to external (non-corporate) recipients, helping identify potential data sharing outside the organisation.
2. **Emailing of attachments from Corporate Email Address to Unsecure Email Address:** Shows attachments sent to email addresses that are considered insecure or untrusted, highlighting increased risk of data exposure.
3. **Emailing of attachments from Corporate Email Address to Personal Email Address:** Shows attachments sent from corporate accounts to personal email accounts (e.g. Gmail, Yahoo), indicating potential data leakage.
4. **Emailing of attachments from Corporate Email Address to Potential Personal Email Address:** Shows attachments sent to email addresses that may be personal but are not explicitly verified, helping detect possible policy violations.
5. **Emailing of attachments from Corporate Email Address to Own Corporate Email Address:** Shows attachments sent within the organisation using corporate email accounts. While internal, unusual patterns may still indicate misuse.
6. **Emailing of attachments from Non-Corporate Email Address:** Shows attachments sent using non-corporate email accounts on organisational devices, indicating potential bypass of corporate controls.

#### **Data Transfer using Non-Corporate Websites**

1. **File Uploads to Non-Corporate Websites:** Shows files uploaded to external or non-corporate websites, helping identify potential data exfiltration through web platforms.

**File Uploads to Non-Corporate File Sharing Applications**

1. **File Uploads via Non-Corporate Sharing Applications:** Shows files uploaded using non-corporate file sharing applications, indicating potential unauthorised data transfer.
2. **File Uploads to Non-Corporate OneDrive Folders:** Shows files uploaded to personal or non-corporate OneDrive accounts, highlighting the risk of data leaving the organisation’s control.

#### **Storage Device Risk**

1. **Files Transferred to Non-Corporate External Storage:** Shows files copied or transferred to external storage devices (e.g. USB drives, external hard disks) that are not managed by the organisation.
2. **Insertion of Non-Corporate Storage Devices:** Shows when external storage devices are connected to organisational systems, providing visibility into potential data transfer points.

#### **Printing Incidents**

1. **Files Printed using Non-Corporate Printers:** Shows files printed using printers that are not managed or approved by the organisation, increasing the risk of data leakage.

#### **Key Stroke Capture**

1. **Key Stroke Capture of Monitored Phrases in Non-Corporate Applications:** Shows instances where monitored or sensitive phrases are typed into non-corporate applications, indicating possible exposure of sensitive information.

#### **Copy Paste**

1. **Copy Paste of Monitored Phrases into Non-Corporate Applications:** Shows when sensitive or monitored content is copied and pasted into non-corporate applications, highlighting potential data leakage.

#### **Access of Documents on Local Devices**

1. **Viewing of Office Documents:** Shows when Office documents are accessed locally on user devices. This provides baseline visibility, though typically considered lower risk.

#### **Usage Of AI Tools**

1. **Files Uploaded to Generative AI Applications:** Shows files uploaded to installed or integrated generative AI applications, indicating potential exposure of organisational data.
2. **Files Uploaded to Generative AI Websites:** Shows files uploaded to web-based generative AI platforms, which may pose higher risks due to external processing of data.
3. **Sensitive Prompts Used in AI Websites:** Shows instances where sensitive or monitored information is entered as prompts in AI websites.
4. **Time Spent on Generative AI Applications:** Shows the duration of usage of generative AI applications, helping assess behavioural patterns and potential productivity or data risks.
5. **Time Spent on Generative AI Websites:** Shows time spent on web-based AI tools, providing insight into external AI usage trends.

#### **Usage of Non-Corporate Websites and Applications**

1. **Time Spent on Non-Corporate Websites:** Shows the amount of time users spend on non-corporate websites, helping identify potential productivity concerns or risky browsing behaviour.
2. **Time Spent on Non-Corporate Applications:** Shows time spent on non-corporate applications, providing visibility into usage of unapproved software.

## Enable/Disable Risk Summary Report

You can enable or disable the Risk Summary Report. When enabled, the system sends the report based on the configured settings and schedule; when disabled, the report is not sent.

To enable or disable the Risk Summary Report:

1. Navigate to ***INSIGHT > Risk Summary***.
2. In the **STATUS** column, use the toggle to turn the report on or off.

<figure><img src="/files/8jJcSWF4GKfFE60MEoPN" alt=""><figcaption></figcaption></figure>

## Update a Risk Summary Report

1. Navigate to ***INSIGHT > Risk Summary***.
2. Click **Edit** under the **ACTIONS** column.<br>

   <figure><img src="/files/5bwHiIgVbZlC0YBn039D" alt=""><figcaption></figcaption></figure>
3. Edit the information in each section, then click **Update** at the end.

## Delete a Risk Summary Report

1. Navigate to ***INSIGHT > Risk Summary***.
2. Click the **Delete** icon under the **ACTIONS** column.<br>

   <figure><img src="/files/zPLPDgcj4dGxtI0PH31m" alt=""><figcaption></figcaption></figure>
3. Click **Yes, Delete it!** to confirm.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.guardware.com/insight/guardware-insight/insight-v5/risk-summary.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.