Skip to main content

Key Risk Indicators (KRIs)

KRIs are metrics that quantify your privileged access risk posture. Each KRI measures a specific aspect of risk and uses RAG (Red/Amber/Green) thresholds to indicate severity.

KRI Overview

Navigate to KRIs to see all current indicator values.

KRI Trends

Each KRI card shows:

ElementDescription
NameWhat is being measured
Current ValueLatest count or percentage
RAG StatusGreen (within tolerance), Amber (warning), or Red (critical)
ChangeIncrease or decrease since the last snapshot

Built-in KRIs

KRI cards are shown in the order below. The Community column shows which 4 KRIs are included in the free edition — all others require Pro or Enterprise (see Licensing).

KRIDescriptionCommunity
Privileged Without OwnerEnabled privileged accounts with no linked identityYes
Standing PrivilegesAll enabled accounts with privileged entitlements (always-on, not just-in-time)Yes
Not in PAM ToolPrivileged accounts not linked to a PAM inventory entryYes
Shared/Non-Human Privileged AccountsNon-human (shared/service) accounts with privileged entitlementsPro+
Inactive Identity with Privileged AccountPrivileged accounts linked to inactive or out-of-date identitiesPro+
High-Risk Unmanaged Privileged AccountsPrivileged accounts on High/Critical-risk systems not in PAMPro+
Stale Passwords on Privileged AccountsPrivileged accounts with passwords older than the threshold agePro+
Dormant Privileged AccountsPrivileged accounts with no logon within the threshold periodPro+
Disabled Accounts in PAMDisabled accounts that still exist in the PAM inventoryPro+
Account-Identity Type MismatchAccounts where the account type doesn't match the linked identity's typePro+
Unlinked AccountsAll accounts (privileged or not) not linked to any identityYes
Systems Never ScannedActive systems that have never been scannedPro+
Systems with Stale ScansActive systems not scanned within the threshold periodPro+
Systems Without CredentialsActive systems with no configured credentialsPro+
Privileged Services with Non-Privileged AccountPrivileged services running as a non-privileged accountPro+
Privileged Services Without AccountPrivileged services with no linked run-as accountPro+
Scan Failure RatePercentage of scans that failed or partially completed within the periodPro+
Unclassified EntitlementsEntitlements not yet classified as privileged or non-privilegedPro+
Privileged Account ConcentrationSystems exceeding the privileged account concentration thresholdPro+
PAM Coverage RatioPercentage of privileged accounts managed in your PAM toolPro+
Open Threat DetectionsUnresolved Threat Detections currently in Open statusPro+
High-Confidence Threat DetectionsOpen Threat Detections with an ML-adjusted confidence score above 0.80Pro+
Accounts with Active Threat DetectionsDistinct privileged accounts with at least one open Threat DetectionPro+
Confirmed Threat Detection RatePercentage of resolved Threat Detections confirmed as true positivesPro+
Unacknowledged High-Confidence ThreatsOpen high-confidence Threat Detections left unacknowledged past the threshold agePro+
Offline Monitor AgentsEndpoint Sensors that stopped heartbeating and were marked OfflinePro+
Systems with Overdue Attestation RequestsSystems with an attestation request that expired without being submitted or cancelledPro+
Systems Overdue for Scheduled AttestationSystems on a scheduled attestation cadence that haven't completed one within their configured periodPro+
Privileged Access Attestation Completion RatePercentage of attestation requests submitted rather than left to expirePro+

KRI Definitions

Navigate to KRIs and view the definitions to see or edit the configuration for each KRI.

Each definition has:

FieldDescription
CodeUnique identifier (e.g., PRIVILEGED_WITHOUT_OWNER)
NameDisplay name
DescriptionWhat the KRI measures and why it matters
Green ThresholdValues at or below this are healthy
Amber ThresholdValues between Green and Red are a warning
Red ThresholdValues at or above this are critical
EnabledWhether the KRI is active
note

Thresholds are inclusive. For example, if Green = 5, Amber = 15, and Red = 16, then a value of 5 is Green, 15 is Amber, and 16 is Red.

Editing Thresholds

  1. Click on a KRI definition
  2. Adjust the Green, Amber, and Red threshold values
  3. Click Save

Threshold changes take effect immediately on the dashboard and KRI pages.

KRI Snapshots

Requires Pro or Enterprise edition.

Snapshots capture a point-in-time record of all KRI values. They are used to build trend charts and track progress over time.

Automatic Snapshots

A snapshot is taken automatically each time a scan completes.

Manual Snapshots

  1. Navigate to KRIs > Snapshots
  2. Click Take Snapshot

Viewing Snapshots

The snapshots page shows a table of all historical snapshots with their timestamp and KRI values. Click a snapshot to see its full breakdown.

Requires Pro or Enterprise edition.

Navigate to KRIs > Trends to view KRI values over time as a chart.

  • Select one or more KRIs to display
  • Choose a time range
  • The chart background uses RAG colouring to show threshold bands

This makes it easy to spot whether your risk posture is improving or deteriorating.

KRI Exceptions

Requires Enterprise edition.

Exceptions allow you to formally acknowledge and exclude specific accounts from KRI calculations. This is useful for accounts that have been reviewed and accepted as a known risk.

Creating an Exception

  1. Navigate to KRIs > Exceptions
  2. Click Add Exception
  3. Fill in:
FieldRequiredDescription
KRIYesWhich KRI this exception applies to
AccountYesThe account being excepted
ReasonYesJustification for the exception
ApproverYesWho approved this exception
Expiry DateNoWhen the exception expires (must be re-approved after this date)
  1. Click Save

Managing Exceptions

  • Expired exceptions are highlighted in amber and should be reviewed and either renewed or removed
  • Delete an exception to bring the account back into KRI calculations
  • All exception changes are recorded in the audit log