- Get Started with Attack Surface Insights
- View Entities in Attack Surface Insights
- Search for Entities in Attack Surface Insights
- Manage Entities in Attack Surface Insights
- Entity Attributes
View Entity Details
Learn and review details about a specific entity.
To view more details about an entity, select the entity.
In the entity details, you can review all attributes related to the entity. For user entities, you can also review the number of associated open Threat Center cases, a history of the user entity risk score, their associated accounts, and the attributes associated with a specific account. For device entities, you can also review the IP addresses associated with the device.
Available attributes vary based on entity type. For some attributes, you can hover over the attribute to reveal more information or actions.
View User Entity Details
To view details about a user entity, select the user entity. From the details, view:
View User Entity Threat History
Under User Risk Trend, view the cases and alerts associated with a user entity over a period you specify: last seven days, last two weeks, last month, last two months, or last three months:
![]() |
To view the number of open cases and alerts created over the specified period, minimize User Risk Trend:

To view details about the cases and alerts, click <#> cases or <#> alerts:
![]() |
![]() |
To view a line chart of a user entity's risk score over time, expand User Risk Trend. Each point on the line chart represents the highest Threat Center case or alert risk score associated with the user entity on a given day.
![]() |
To view more information about the case or alert with the highest risk score, hover over the point on the line chart:

To navigate to the case or alert with the highest risk score in Threat Center, click the point.
View User Entity Accounts
You can view all accounts associated with the user entity and the attributes associated with a specific account.
To view all attributes across all accounts, select All Accounts.

To view attributes associated with a specific account, select the account from the menu.

To view all linked accounts, under Usernames, click View linked accounts.

For each linked account, view:
Full name – The printable display name of the user associated with the account.
Email address – The email address associated with the account.
User name – The user name associated with the account.
Security criticality – The security criticality associated with the account.
Tags – The tags associated with the account.
Department – The department associated with the account.
Title – The formal job title of the user associated with the account.
Manager – The manager to whom the user reports associated with the account.
Lockout – Whether the user is locked out of the account.
Is active – Whether the user is currently actively using the account.
Current logged endpoint – The endpoint into which the user is currently logged in.
Is on VPN – Whether the user is currently connected to VPN.
Last seen – The time when the user was last associated with this account.
View Device Entity Details
To view details about a device entity, select the device entity. From the details, view:
Under IP Address History, all IP addresses associated with the device entity. To refresh the list, click