{"id":358,"date":"2026-04-08T00:00:00","date_gmt":"2026-04-08T00:00:00","guid":{"rendered":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/04\/08\/risk-score-user-risk-scoring-for-high-risk-browsing-activity\/"},"modified":"2026-04-08T00:00:00","modified_gmt":"2026-04-08T00:00:00","slug":"risk-score-user-risk-scoring-for-high-risk-browsing-activity","status":"publish","type":"post","link":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/04\/08\/risk-score-user-risk-scoring-for-high-risk-browsing-activity\/","title":{"rendered":"Risk Score &#8211; User risk scoring for high risk browsing activity"},"content":{"rendered":"<p>Cloudflare One&#8217;s <strong>User Risk Scoring<\/strong> now incorporates direct signals from <strong>Gateway DNS traffic patterns<\/strong>. This update allows security teams to automatically elevate a user&#8217;s risk score when they visit high-risk or malicious domains, providing a more holistic view of internal threats.<\/p>\n<h4>Why this matters<\/h4>\n<p>Browsing activity is a primary indicator of potential compromise. By tying Gateway DNS logs to specific users, administrators can now flag individuals interacting with:<\/p>\n<ul>\n<li><strong>Security threats<\/strong>: Domains associated with malware, phishing, or command-and-control (C2) centers.<\/li>\n<li><strong>High-risk content<\/strong>: Categories such as questionable content or violence that may violate corporate compliance.<\/li>\n<\/ul>\n<p>Even if a Gateway policy is set to <strong>Block<\/strong> the traffic, the interaction is still captured as a &#8220;hit&#8221; to ensure the user&#8217;s risk profile reflects the attempted activity.<\/p>\n<h4>New risk behaviors<\/h4>\n<p>Two new behaviors are now available in the dashboard:<\/p>\n<ul>\n<li><strong>Suspicious Security Domain Visited<\/strong>: Triggers when a user visits a domain in the security threats or security risk categories.<\/li>\n<li><strong>High risk domain visited<\/strong>: Triggers when a user visits domains categorized as questionable content, violence, or CIPA.<\/li>\n<\/ul>\n<p>To learn more and get started, refer to the <a href=\"https:\/\/developers.cloudflare.com\/cloudflare-one\/team-and-resources\/users\/risk-score\/\">User Risk Scoring documentation<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Cloudflare One&#8217;s User Risk Scoring now incorporates direct signals from Gateway DNS traffic patterns. This update allows security teams to automatically elevate a user&#8217;s risk score when they visit high-risk or malicious domains, providing a more holistic view of internal threats. Why this matters Browsing activity is a primary indicator of potential compromise. By tying [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-358","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/comments?post=358"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/358\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/media?parent=358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/categories?post=358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/tags?post=358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}