Entity Behavior dashboard
- Former user (Deleted)
- Borja Moro Moreno (Unlicensed)
- Former user (Deleted)
Overview
The Entity Behavior dashboard provides a high-level overview of the riskiest entities in your organization. Metrics including total entities tracked and entities by criticality (critical, high, medium, low) are displayed on this page. There is also a dashboard that demonstrates the total number of alerts over time.
The top part of the Overview area displays the following widgets:
Name | Description |
Entities Tracked (Last 7 days) | The number of entities that have risk associated with them over the last 7 days, divided by criticality (Critical, High, Medium) and entity type (Users, Devices, and Domains). |
Entities Tracked (Last 24 hours) | The number of entities that have risk associated with them over the last 24 hours, divided by entity type (Users, Devices, and Domains). |
Number of Alerts Over Time | Graphical display of the SecOps and behavior alerts that have triggered over the last 30 days, represented in individual swim lanes. This helps you get a high-level understanding of your organization’s environment. |
Detailed behavior
At the bottom of the page there are seven different widgets. These lists should be used to quickly identify risky entities. In order to choose which entity to investigate first, either drill into the critical entities flagged by the application or choose a Top User/Device/Domain with a high risk score.
Name | Description |
|---|---|
Notable Entities | A list of entities that need specific attention to ensure no further malicious behavior. Entities marked as favorite will appear in this list. |
Top 10 Users (Last 7 days) | A list of the riskiest users in your organization based on cumulative risk. |
Top 10 Devices (Last 7 days) | A list of the riskiest devices in your organization based on cumulative risk. |
Top 10 Domains (Last 7 days) | A list of the riskiest domains in your organization has interacted with based on cumulative risk. This can include phishing links, DGAs, and other malicious domains seen in your network traffic. |
Top Unique Alert Count (Last 7 days) | The top 10 entities with the highest unique alert count over the last 7 days. |
Top Tactic Count (Last 7 days) | The top 10 entities with the highest number of unique tactics over the last 7 days. |
Top Technique Count (Last 7 days) | The top 10 entities with the highest number of unique techniques over the last 7 days. |
Search for entities
There is an Entity Search box at the top right of the Overview area, which you can also find in the Entity Analysis area. Simply type a few characters and entities with be shown in a list below as you type. Clicking an entity name in the results will navigate to the Entity Details page for that entity.
