Edit Entities in Attack Surface Insights
Assign tags and a security criticality to entities.
There are only two attributes you can edit in an entity: tags and security criticality. You can edit entities automatically using Attack Surface Insights rules or manually.
Tags applied to Attack Surface Insights entities are referenced in Threat Detection Management analytics rules. To ensure analytics rules have the necessary attributes to work optimally, it's important that you assign entities the appropriate tags.
Tags applied to Attack Surface Insights entities are also automatically added to Threat Center case and alert tags if detections are grouped by entity. Tags are copied to the case or alert. If you remove a tag from the entity, the tag remains in the case or alert. If you remove a tag from the case or alert, it remains in the entity. To ensure you can find cases or alerts related to groups of entities, it's important that you assign entities the appropriate tags.
You can monitor entities with the same tag using watchlists in Threat Center.
We recommend the relevant user entities have the following tags:
Executive
Privileged User
Service Account
Departing Employee
We recommend the relevant device entities have the following tags:
Critical Device
Domain Controller
Server
Workstation
The security criticality of an entity is one of the business factors used to calculate a related Threat Center case or alert risk score. To ensure Threat Center scores cases and alerts accurately, it's important that you assign entities the appropriate security criticality.