Versions Compared

Old Version 8

changes.mady.by.user Anthony Shevlin

Saved on

compared with

New Version 9

changes.mady.by.user Anthony Shevlin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

entity.behavior.risk.events overview

entity: Name of entity
total_risk: Culmunative (sum) risk score
related: All related entities observed
last_risk: Time of the most recent alert/anomaly signal observed
alert_metrics_secops: Total number of observed SecOps alerts
alert_metrics_ueba: Total number of observed anomaly signals
priority_metrics_high: Total number of observed SecOps alerts that were of severity "High"
prioiritypriority_metrics_critical: Total number of observed SecOps alerts that were of severity "Critical"
entity_risk: Normalized risk score for this entity's type
entity_type: Type of entity
global_risk: Normalized risk score for all entities
unique_alerts: Unique or distinct number of alerts observed
unique_techiniques: Unique or distinct number of Mitre techniques observed
unique_tactics: Unique or distinct number of Mitre tactics observed