Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Introduction

The Entity Behavior dashboard provides a high-level overview of the riskiest entities in your organization. Metrics including total entities tracked and entities by criticality (critical, high, medium, low) are displayed on this page. There is also a dashboard that demonstrates the total number of alerts over time.

There are two categories of alerts: SecOps and Behavioral. SecOps alerts are alerts with a name that starts with ‘SecOps’, examples can be found in the Devo Exchange. Behavioral Alerts come from the models deployed in the Content Manager. To turn off one of the alert types in the dashboard, simply click on the SecOps or Behavioral Alerts button at the bottom of the dashboard.

At the bottom of the page there are six different lists: top users, top devices, top domains, unique risks, unique tactics, and unique techniques. These are six different categories of entities that are each sorted by descending order of risk. These lists should be used to quickly identify risky entities. In order to choose which entity to investigate first, either drill into the critical entities flagged by the application or choose a Top User/Device/Domain with a high risk score.

Name

Description

Top Unique Risk Count

The top 10 entities with the highest number of unique alerts over the last 7 days. 

Top Tactic Count 

The top 10 entities with the highest number of unique tactics over the last 7 days.  

Top Technique Count

The top 10 entities with the highest number of unique techniques over the last 7 days. 

Widgets

Name

Description

Entities Tracked

The number of entities that have risk associated with them over the last 7 days. 

Critical Risk Entities

These are the highest priority entities and should be looked at first. These entities have a risk source that is greater than 90.  

High Risk Entities

These are the high priority entities with a risk source that is between 70-89.

Medium Risk Entities

These entities have a risk source that is between 50-69.

Recently Risky Entities

These are entities with new risk in the last day or entities that have a deviation from their normal level of risk.

Number of Alerts Over Time

Graphical display of the SecOps and behavior alerts that have triggered over the last 30 days. This helps you get a high-level understanding of your organization’s environment.

Top 10 Users (Last 7 days)

A list of the riskiest users in your organization based on cumulative risk.

Top 10 Devices (Last 7 days)

A list of the riskiest devices in your organization based on cumulative risk.

Top 10 Domains (Last 7 days)

A list of the riskiest domains in your organization has interacted with based on cumulative risk. This can include phishing links, DGAs, and other malicious domains seen in your network traffic. 

  • No labels