...
entity.behavior.risk.events overview
entity
: Name of entitytotal_risk
: Culmunative (sum) risk scorerelated
: All related entities observedlast_risk
: Time of the most recent alert/anomaly signal observedalert_metrics_secops
: Total number of observed SecOps alertsalert_metrics_ueba
: Total number of observed anomaly signalspriority_metrics_high
: Total number of observed SecOps alerts that were of severity "High"
prioiritypriority_metrics_critical
: Total number of observed SecOps alerts that were of severity "Critical"entity_risk
: Normalized risk score for this entity's typeentity_type
: Type of entityglobal_risk
: Normalized risk score for all entitiesunique_alerts
: Unique or distinct number of alerts observedunique_techiniques
: Unique or distinct number of Mitre techniques observedunique_tactics
: Unique or distinct number of Mitre tactics observed