Adding to the above, on the switches you can have SFlow to monitor and analyze the type of traffic coming on the switch ports for a connected user.
The switches also have an option to track session of all users logging into it and their activity, locally via show cli-command-history and remotely via AAA Accounting.
However, the requirement here is to check the specific user's traffic generated on the device [ PC ] that they are working on or are using. This would generally come under EDR : End point detection and Response, where a continuous monitoring is done on end-point [ user's PC ] to track and analyze the activity.
The same cannot be done by the switches, however using port mirroring options you can have the traffic mirrored and redirected to a system that's capable of analyzing it. This is usually done at the core or gateway point where the Ingress and Egress point for all the traffic would be converged in the whole network. And the System would do threat assessment of the traffic coming in and track it.