Entities are the objects which form the basis of the security events.
You can reach the Entity Explorer screen by clicking on an Entity from the Cases screen.
The Entity explorer screen gives you insight into:

  • The number of and specific cases this entity was involved with during the last three months. This provides information about the entity throughout the cases in the system. This explains why the information presented here might be different from the information you will see for a specific entity in the Context Details screen. For example, a URL where is suspicious = true and is highlighted in red in the Context Details, might appear here as false if this same URL is defined according to different criteria in a few other cases.
  • The details about the entity including basic information and enrichment information gathered about this entity from different cases
  • The linked entities such as users and IP addresses
  • The frequency of each type of case
  • A list of log entries

You can expand or contract of each category by clicking the arrow at the right side of the category name (Entity, Default, etc.).

Need more help with this?
Click here to open a Support ticket

Thanks for your feedback.