Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Overview

Entity risk groups enable organizations to identify specific sets of entities and adjust their risk score based on their own organization's context.

Example entity risk groups:  

  • VIP users 

  • Noisy users / entities

  • Crown jewels 

  • Terminated employees 

  • New employees 

  • Flight risk employees 

VIP users are users that are very important people to the organization such as the C-suite and administrators that have access to sensitive information or many different systems. If these users were compromised or conducting risky behavior it is imperative to look into them sooner rather than later. As a result, it is important to add risk multipliers to these users such that they bubble up to the top of the risk curve within Devo Behavior Analytics 

The Crown jewels list would be similar to the VIP user list except that it is for assets / endpoints within the IT environment. 

Noisy users / entities are users that are involved in many risky activities that you still want visibility into but do not want their noise overshadowing everything else going on in your organization. The list / lookup maintained here would be to reduce the risk score of these entities such that they would show up in the application but have a generally lower risk score. 

Reset risk score entities would be a list of entities that have their risk score reset for a fixed amount of time. These are entities that have been triaged by an analyst and have been deemed to not be a threat.  The risk score is then reset for a period of time such that the application bubbles up other entities with risk to be triaged.

Configuring entity risk groups

Entity risk groups are configured in the Entity Groups tab within the Content Manager.

5_Entity risk groups.png10_Entity risk groups.png

To create a new one, simply click the New Group button at the top right and give it a name (Risk Group) and Risk Score Multiplier that will increase or decrease the risk score of the entities belonging to this group.

20_Entity risk groups.png

You can manage existing groups using the ellipsis menu at the end of each row. Edit Score Multiplier will open the group settings to modify them, while Editing List will open the Behavior Models tab.

30_Entity risk groups.png

  • No labels