Inactive users

Inactive user tickets report instances of inactive users.

Inactive users are users who have not been active in their accounts for a predefined number of days. Examples of an activity include downloading files, deleting files, signing in, and adding someone as an admin.

Inactive accounts can serve as entry points for attackers to gain unauthorized data access. These accounts often have outdated cloud permissions, or old passwords, which can make data vulnerable. Inactive accounts with access to cloud data can lead to non-compliance with regulations like GDPR, HIPAA, and PCI DSS that require strict data protection.

note

Coro closes the Inactive user ticket on creation and it appears on the Closed tab of the Ticket Log.

Inactive user ticket

The Inactive user ticket shows when the user became inactive, the cloud application the user is protected by, if the ticket has been re-opened, details of the user’s last activity, and the IP address where the last activity occurred.

Activity Log

To take action on the ticket, select the ticket, and then select ACTIONS.

note

If you do not act on an open Inactive user ticket, Coro closes it automatically after 14 days.

The default number of days of inactivity before an Inactive user ticket is raised is 30. You can modify how long before the Inactive user ticket is raised using the Inactive users setting on the Cloud Security page’s Settings tab. For more information, see Settings.

For more information about ticket types and the actions you can take, see Ticket types for Cloud Security.