Versions Compared

Old Version 8

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel2
outlinefalse
stylenone
typeflat
printabletrue

Overview

The Entity Behavior dashboard provides a high-level overview of the riskiest entities in your organization. Metrics including total entities tracked and entities by criticality (critical, high, medium, low) are displayed on this page. There is also a dashboard that demonstrates the total number of alerts over time.

...

Name

Description

Entities Tracked (Last 7 days)

The number of entities that have risk associated with them over the last 7 days, divided by criticality (Critical, High, Medium) and entity type (Users, Devices, and Domains).

Entities Tracked (Last 24 hours)

The number of entities that have risk associated with them over the last 24 hours,  divided by entity type (Users, Devices, and Domains).

Number of Alerts Over Time

Graphical display of the SecOps and behavior alerts that have triggered over the last 30 days, represented in individual swim lanes. This helps you get a high-level understanding of your organization’s environment.

...

...

Detailed behavior

At the bottom of the page there are seven different widgets. These lists should be used to quickly identify risky entities. In order to choose which entity to investigate first, either drill into the critical entities flagged by the application or choose a Top User/Device/Domain with a high risk score.

...

Name

Description

Notable Entities

A list of entities that need specific attention to ensure no further malicious behavior. Entities marked as favorite will appear in this list.

Top 10 Users (Last 7 days)

A list of the riskiest users in your organization based on cumulative risk.

Top 10 Devices (Last 7 days)

A list of the riskiest devices in your organization based on cumulative risk.

Top 10 Domains (Last 7 days)

A list of the riskiest domains in your organization has interacted with based on cumulative risk. This can include phishing links, DGAs, and other malicious domains seen in your network traffic. 

Top Unique Alert Count (Last 7 days)

The top 10 entities with the highest unique alert count over the last 7 days.  

Top Tactic Count (Last 7 days)

The top 10 entities with the highest number of unique tactics over the last 7 days.  

Top Technique Count (Last 7 days)

The top 10 entities with the highest number of unique techniques over the last 7 days. 

Search for entities

There is an Entity Search box at the top right of the Overview area, which you can also find in the Entity Analysis area. Simply type a few characters and entities with be shown in a list below as you type. Clicking an entity name in the results will navigate to the Entity Details page for that entity.

...