Citrix Cloud Analytics

Citrix Cloud Analytics solutions facilitate organizations to detect and deflect potential threats and instantly address performance issues long before security incidents occur, or employees begin to submit help desk tickets. Citrix Analytics for Security continuously assesses the behavior of Citrix Virtual Apps and Desktops users, Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) users, and Citrix Workspace users. It applies actions to protect sensitive corporate information.

Netsurion Open XDR dashboard and reports will provide information about possible attacks, suspicious activities, or any other threat noticed in user activities based on the user’s risk score.

For a new instance, integrate Citrix Cloud Analytics with Netsurion Open XDR by streaming the logs to Logstash and then to Netsurion Open XDR using a syslog extension from Logstash.

Configure the alerts, dashboards, and reports into Netsurion once configured to deliver events to the Netsurion Manager.

The following are the key Data Source Integration available in Netsurion Open XDR.


Type Name Description
Security Citrix Cloud Analytics – User risk score change and suspicious activities detected This alert is triggered when the following events occur.
  • Change in user’s risk score: If there is a change in a user’s risk score (that is, an increase or decrease in the risk score) based on user activity.
  • Detection of suspicious activities: If there is a summary of the event that indicates a threat or risk based on user activity.


Type Name Description
Security Citrix Cloud Analytics – User risk score activities This report delivers detailed information on the increase and decrease of the user risk scores. It includes username, risk score value changes (difference between earlier and current risk score), and more.
Security Citrix Cloud Analytics – User profile summary This report provides a detailed summary of user data usage, location, and device access information.
Security Citrix Cloud Analytics – User risk activities summary This report summarizes any suspicious activities or threats linked to a user. It comprises user details, threat type, the severity of the threat, risk probability, and other events occurrence details.


The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Citrix Analytics.

Download Integration Guide and How-to Guide for configuration instructions and more information.