Table of Contents | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Overview
Entity risk groups enable organizations to identify specific sets of entities and adjust their risk score based on their own organization's context. Example Here are some examples of entity risk groups:
VIP users
Noisy users / entities
Crown jewels
Terminated employees
New employees
Flight risk employees
...
Reset risk score entities would be a list of entities that have their risk score reset for a fixed amount of time. These are entities that have been triaged by an analyst and have been deemed to not be a threat. The risk score is then reset for a period of time such that the application bubbles up other entities with risk to be triaged.
Configuring entity risk groups
Entity risk groups are configured through the Behavior Analytics application UI as seen in the below prototype:
...
The risk group of an entity will also be shown within the entity details screen for context to a SOC Analyst.in the Entity Groups tab within the Content Manager.
...
To create a new one, simply click the New Group button at the top right and give it a name (Risk Group) and Risk Score Multiplier that will increase or decrease the risk score of the entities belonging to this group.
...
You can manage existing groups using the ellipsis menu at the end of each row. Edit Score Multiplier will open the group settings to modify them, while Editing List will open the Behavior Models tab.
...