Overview dashboard
- Gunther Brenes
About this page
The Overview dashboard is the landing page for the Behavior Analytics end-user. it provides a high-level summary of the entities in your organization. Summary metrics displayed on this dashboard include total counts of entities tracked, grouped by entity type and relative risk. The dashboard also includes a trend chart of the volume of recent alerts and behavior signals over time.
The Overview dashboard also provides dynamically generated lists of entities that may be of interest. Clicking on any one of the entity names in these lists will navigate the end-user to the details page for that selected entity. These lists are useful in scenarios where the Behavior Analytics end-user is conducting an open-ended review rather than investigating a particular known entity.
If the Behavior Analytics end-user already knows the name (or part of the name) of the entity they wish to investigate, they may simply enter the name (or part of the name) in the search box near the top-right corner of the page, and then click on the desired search result for details. Alternatively, if the end-user wishes to conduct a more sophisticated search for entities, they may click on the Entity Analysis link in the page header.
Page contents
The top half of the Overview dashboard displays the following sections:
Title | Description |
|---|---|
Entities Tracked (Last 7 days) | The number of entities that have risk associated with them over the last 7 days, grouped by relative risk (very high, high, and medium) and entity type (users, devices, and domains). Clicking on any of these counts will navigate to the Entity Analysis page where you can browse the corresponding list of entity names. |
Entities Tracked (Last 24 hours) | The number of entities that have risk associated with them over the last 24 hours, grouped by entity type (users, devices, and domains). Clicking on any of these counts will navigate to the Entity Analysis page where you can browse the corresponding list of entity names. |
Alerts & Signals Over Time | Trend chart of alerts and behavior signals that have been recently triggered over time. The chart is divided into four separate swim lanes:
|
Underneath the trend chart is a set of dynamically generated lists of entities. Each list applies a different set of filtering criteria to the entities. The purpose of these lists is to provide quick access to the interesting risky entities in your organization. Clicking on any entity name in these lists will navigate to the Entity Details page for the selected entity, where you can browse the activity that contributed to that entity’s risk score.
The following lists are displayed in the Overview dashboard:
Title | Description |
|---|---|
Notable Entities | A configurable watch list of entities which are pinned to the Overview dashboard for ease of monitoring. This list can be configured in Content Manager > Notable Entities. Internally, the list is stored in the Devo table |
Top Users By Risk | A list of the top 10 user entities detected in the last 7 days, sorted by risk score (highest first). |
Top Devices By Risk | A list of the top 10 device entities detected in the last 7 days, sorted by risk score (highest first). |
Top Domains By Risk | A list of the top 10 domain entities detected in the last 7 days, sorted by risk score (highest first). |
Top Entities By Unique Alert Count | A list of the top 10 entities detected in the last 7 days, sorted by the count of unique alerts triggered by the entity. |
Top Entities By Tactic Count | A list of the top 10 entities detected in the last 7 days, sorted by the count of unique MITRE Tactics from the alerts triggered by the entity. |
Top Entities By Technique Count | A list of the top 10 entities detected in the last 7 days, sorted by the count of unique MITRE Technique from the alerts triggered by the entity. |