Alarm Analysis helps you identify and track potentially concerning user behaviors by assigning weighted scores to different activity types. For example, occasional social media use may have less impact than frequent access to file-sharing sites. Alarm Analysis aggregates these weighted activities to help you:
- Track risk patterns by user based on how frequently an alarm is triggered
- Identify users with recurring issues who may need coaching
- Prioritize the handling of alarm notifications
- Compare users and groups
Navigate to Notifications > Compliance Alarms > Alarm Analysis to access this feature.
Contents
How risk scoring works
Risk scoring is based on ActivTrak alarms designed to help you identify activities that may be a risk to security or productivity. Each alarm can be assigned a risk level from 1 to 10 when created. These risk levels are used to calculate two key metrics in Alarm Analysis.
-
Risk Points are calculated by multiplying:
- The number of times an alarm was triggered
- The risk level assigned to that alarm
- For example, if a Level 3 alarm triggers 10 times, it generates 30 risk points (3 × 10)
-
The Risk Score provides a normalized way to compare users by dividing:
- The total risk points for each user
- The maximum number of activity logs for that user in the selected time period
- This creates a relative score between 0 and 1 that can be compared across teams and time periods
Example
AI Tool Risk Scoring: When configuring risk levels for risky AI tools (such as DeepSeek.ai):
Assign higher risk scores (>3) to:
- Applications storing data in sensitive regions
- Tools with broad system access permissions
- Services with known security vulnerabilities
- Applications with unclear data handling practices
Note: Alarm Analysis only shows alarms that have been assigned a risk level. You can assign or change risk levels at any time via Alarm configuration.
Reading the report
Users tab
The Users tab is best used when investigating a user to learn about historical trends and to identify or document repeat infractions.
The Users tab displays:
- A user list with alarm counts and risk metrics
- A detailed breakdown of alarms by type and risk level
- Filtering options by date range and user groups
Alarms tab
The Alarms tab is best used to identify users with the highest risk levels who might require further investigation or coaching.
The Alarms tab displays:
- An alarm list with user count and risk metrics
- A detailed breakdown of alarms by users and risk level
- Filtering options by date range and user groups
Best practices
It's important to understand typical employee work patterns, since having a clear picture of routine behaviors helps you uncover potentially noncompliant and risky activities. To make the most of Alarm Analysis, consider these tips:
- Leverage Alarm Analysis when investigating alarm notifications for a deeper understanding of user activity.
- Use risk levels consistently when creating new alarms.
- Combine Alarm Analysis with other reports, such as Productivity Trends and Website Usage, to gain a full context on user behavior.
- Regularly analyze user risk scores to identify behaviors most likely to violate critical security or data compliance policies.
Need help? Contact ActivTrak Support for assistance in configuring and using the Risk Level Report.