Versions Compared

Old Version 7

changes.mady.by.user Anthony Shevlin

Saved on

compared with

New Version Current

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel2
outlinefalse
stylenone
typeflat

...

printabletrue

Overview

The Entity Behavior dashboard provides a high-level overview of the riskiest entities in your organization. Metrics including total entities tracked and entities by criticality (critical, high, medium, low) are displayed on this page. There is also a dashboard that demonstrates the total number of alerts over time.

There are two categories of alerts: SecOps and Behavioral. SecOps alerts are alerts with a name that starts with ‘SecOps’, examples can be found in the Devo Exchange. Behavioral Alerts come from the models deployed in the Content Manager. To turn off one of the alert types in the dashboard, simply click on the SecOps or Behavioral Alerts button at the bottom of the dashboard.

The top part of the Overview area displays the following widgets:

Name

Description

Entities Tracked (Last 7 days)

The number of entities that have risk associated with them over the last 7 days, divided by criticality (Critical, High, Medium) and entity type (Users, Devices, and Domains).

Entities Tracked (Last 24 hours)

The number of entities that have risk associated with them over the last 24 hours,  divided by entity type (Users, Devices, and Domains).

Number of Alerts Over Time

Graphical display of the SecOps and behavior alerts that have triggered over the last 30 days, represented in individual swim lanes. This helps you get a high-level understanding of your organization’s environment.

...

Detailed behavior

At the bottom of the page there are six different lists: top users, top devices, top domains, unique risks, unique tactics, and unique techniques. These are six different categories of entities that are each sorted by descending order of risk. These seven different widgets. These lists should be used to quickly identify risky entities. In order to choose which entity to investigate first, either drill into the critical entities flagged by the application or choose a Top User/Device/Domain with a high risk score.

...

Name

Description

Top Unique Risk Count

The top 10 entities with the highest number of unique alerts over the last 7 days. 

Top Tactic Count 

The top 10 entities with the highest number of unique tactics over the last 7 days.  

Top Technique Count

The top 10 entities with the highest number of unique techniques over the last 7 days. 

Widgets

Name

Description

Entities Tracked

The number of entities that have risk associated with them over the last 7 days. 

Critical Risk Entities

These are the highest priority entities and should be looked at first. These entities have a risk source that is greater than 90.  

High Risk Entities

These are the high priority entities with a risk source that is between 70-89.

Medium Risk Entities

These entities have a risk source that is between 50-69.

Recently Risky Entities

These are entities with new risk in the last day or entities that have a deviation from their normal level of risk.

Number of Alerts Over Time

Graphical display of the SecOps and behavior alerts that have triggered over the last 30 days. This helps you get a high-level understanding of your organization’s environment

Notable Entities

A list of entities that need specific attention to ensure no further malicious behavior. Entities marked as favorite will appear in this list.

Top 10 Users (Last 7 days)

A list of the riskiest users in your organization based on cumulative risk.

Top 10 Devices (Last 7 days)

A list of the riskiest devices in your organization based on cumulative risk.

Top 10 Domains (Last 7 days)

A list of the riskiest domains in your organization has interacted with based on cumulative risk. This can include phishing links, DGAs, and other malicious domains seen in your network traffic. 

Top Unique Alert Count (Last 7 days)

The top 10 entities with the highest unique alert count over the last 7 days.  

Top Tactic Count (Last 7 days)

The top 10 entities with the highest number of unique tactics over the last 7 days.  

Top Technique Count (Last 7 days)

The top 10 entities with the highest number of unique techniques over the last 7 days. 

Search for entities

There is an Entity Search box at the top right of the Overview area, which you can also find in the Entity Analysis area. Simply type a few characters and entities with be shown in a list below as you type. Clicking an entity name in the results will navigate to the Entity Details page for that entity.

...