Skip to main content

Attack Surface InsightsAttack Surface Insights Guide

Manually Edit Entities in Attack Surface Insights

Manually edit the tags and security criticality of entities.

You can also automatically edit certain entities based on conditions you specify using Attack Surface Insights rules.

Tags applied to Attack Surface Insights entities are referenced in Threat Detection Management analytics rules. To ensure analytics rules have the necessary attributes to work optimally, it's important that you assign entities the appropriate tags.

Tags applied to Attack Surface Insights entities are also automatically added to Threat Center case and alert tags if detections are grouped by entity. Tags are copied to the case or alert. If you remove a tag from the entity, the tag remains in the case or alert. If you remove a tag from the case or alert, it remains in the entity. To ensure you can find cases or alerts related to groups of entities, it's important that you assign entities the appropriate tags.

You can monitor entities with the same tag using watchlists in Threat Center.

We recommend the relevant user entities have the following tags:

  • Executive

  • Privileged User

  • Service Account

  • Departing Employee

We recommend the relevant device entities have the following tags:

  • Critical Device

  • Domain Controller

  • Server

  • Workstation

The security criticality of an entity is one of the business factors used to calculate a related Threat Center case or alert risk score. To ensure Threat Center scores cases and alerts accurately, it's important that you assign entities the appropriate security criticality.

You can manually edit an individual entity or multiple entities at once.

Edit an Entity

  1. Select an entity to edit:

    • Select the entity, then click Edit.

      attacksurfaceinsights-userdetails-edit.png

    • For an entity, click the More menu The more options menu; three vertical dark grey dots on an off-white background., then select Edit.

      The more menu open for an entity with the Edit option highlighted in a red rectangle.

  2. Edit the tags or security criticality:

    • In Tags, specify up to 20 tags. Select from the list of existing tags or create a new one. To create a new tag, start typing, then click Add "<tag>".

    • In Security Criticality, select a security criticality: Low, Medium, or High.

  3. Click Save.

Edit Multiple Entities

  1. Select the entities you're editing:

    • To select all entities in the list, click the checkbox in the header row.

      The checkbox in the header row selected.

    • To select all existing entities matching your search query, click the checkbox in the header row, then click Select all <#> matching entities in the system.

      The checkbox in the header row selected with the Select all 36551 matching entities in the system action highlighted in a red rectangle.

    • To select specific entities, click the checkbox for each entity.

      The checkbox for three entities selected.

  2. Click Edit.

    The Edit action highlighted in a red rectangle.

  3. Edit the tags or security criticality:

    • In Tags, specify up to 20 tags. Select from the list of existing tags or create a new one. To create a new tag, start typing, then click Add "<tag>".

    • In Security Criticality, select a security criticality: Low, Medium, or High.

  4. Click Save.