...
At the bottom of the page there are three six different lists: top users, top devices, and top domains, unique risks, unique tactics, and unique techniques. These are three six different categories of entities that are each sorted by descending order of risk. These lists should be used to quickly identify risky entities. In order to choose which entity to investigate first, either drill into the critical entities flagged by the application or choose a Top User/Device/Domain with a high risk score.
Widgets
Name | Description |
---|---|
Entities Tracked | The number of entities that have risk associated with them over the last 7 days. |
Critical Risk Entities | These are the highest priority entities and should be looked at first. These entities have a risk source that is greater than 90. |
High Risk Entities | These are the high priority entities with a risk source that is between 70-89. |
Medium Risk Entities | These entities have a risk source that is between 50-69. |
Recently Risky Entities | These are entities with new risk in the last day or entities that have a deviation from their normal level of risk. |
Number of Alerts Over Time | Graphical display of the SecOps and behavior alerts that have triggered over the last 30 days. This helps you get a high-level understanding of your organization’s environment. |
Top 10 Users (Last 7 days) | A list of the riskiest users in your organization based on cumulative risk. |
Top 10 Devices (Last 7 days) | A list of the riskiest devices in your organization based on cumulative risk. |
Top 10 Domains (Last 7 days) | A list of the riskiest domains in your organization has interacted with based on cumulative risk. This can include phishing links, DGAs, and other malicious domains seen in your network traffic. |
...