Attack Surface InsightsAttack Surface Insights Guide

Full Name

The printable display name for the user, usually represented as a combination of first name, middle initial, and last name.

Barbara Salazar

Context

Source

The sources from where the entity attributes are derived.

AD

Event or Context

User Name

The user names associated with the user.

To derive the user name from an event, Attack Surface Insights considers certain event fields in a specific order:

The first event field with a value is considered the user name.

barbara.salazar

Event

Email Address

The email addresses associated with the user.

[email protected]

Event

First Name

The given name for the user.

Barbara

Context

Last Name

The surname or family name for the user.

Salazar

Context

Mobile Number

The primary cellular telephone number for the user.

+1 123 456 7890

Context

Security Criticality

The level of potential organizational risk if the entity becomes compromised.

High

Attack Surface Insights

Tags

Labels or keywords you create and add to entities to categorize them or indicate they have a certain characteristic.

Privileged User

Attack Surface Insights

Badge ID

The badge ID in the event associated with the user.

C102230

Event

Employee ID

The code used to identify that the user works for a company.

ISED0003

Event

Phone Number

The primary work phone number for the user.

+1 123 456 7890

Context

Department

Name of the department in which the user works.

Engineering

Context

Department Number

A number used to identify a department within an organization.

1100

Context

Title

The formal job title for the user. Not typically used to indicate occupational class, like programmer; or for titles with suffixes like Esq. or DDS.

Senior Programmer

Context

Manager

The manager to whom a user reports.

Tu Peterson

Context

Country

Country or region where the user is located.

US

Context

City

A locality, such as a town or city, in the user's address.

Philadelphia

Context

Employee Type

An employment category for an employee.

Contractor

Context

Division

The division of the company in which the user works.

R&D

Context

Lockout

Whether the user is locked out of their accounts.

Unlocked

Event

Is Active

Whether the user has successfully logged into an account within the last 12 hours.

True

Event

Current Logged Endpoint

The endpoint into which the user is currently logged in.

Barbaras-MacBook-Pro

Event

Last Logged Endpoint

The endpoint into which the user was most recently logged in.

src_host_name

Event

Is On VPN

Whether the user is currently connected to VPN.

Connected

Event

Last Password Reset

The time when the last user last reset their password.

10/26/2023, 3:37:23 PM

Event

First Seen

The time when the user was first seen.

10/26/2023, 3:37:23 PM

Event

Last Seen

The time when the user was last seen.

10/26/2023, 3:37:23 PM

Event

Last Badge Access

The location and time when the user last used their badge to access a physical location.

Pune 10/26/2023, 3:37:23 PM

Context

User SID

A unique security identifier for a security principal object.

Calculated based on a binary value that specifies a unique security identifier for the security pricipal object.

A-1-2-34-567890123-4567890123-4567890123-456789

Event

Event ID

The ID of the event associated with the user entity.

12a34567-b8c9-01de-2fgh-3i45i6j7k89l

Event

Account Status

Whether an account associated with the user is active, expired, locked out, disabled, or has an expired password.

Context

Rule Name

The Attack Surface Insights rule that determined the security criticality and tags for the user entity.

Privileged Users

Attack Surface Insights