Skip to main content

Attack Surface InsightsAttack Surface Insights Guide

View Entity Details

Learn and review details about a specific entity.

To view more details about an entity, select the entity.

In the entity details, you can review all attributes related to the entity. For user entities, you can also review the number of associated open Threat Center cases, a history of the user entity risk score, their associated accounts, and the attributes associated with a specific account. For device entities, you can also review the IP addresses associated with the device.

Available attributes vary based on entity type. For some attributes, you can hover over the attribute to reveal more information or actions.

View User Entity Details

To view details about a user entity, select the user entity. From the details, view:

View Associated Open Threat Center Cases

If there are any open Threat Center cases whose detections are grouped by the user entity, view the number of open cases created during the time frame selected in the User Risk Trend chart:

User details showing associated open Threat Center cases.

To investigate and navigate to the open cases in Threat Center, click <#> open cases.

If there are no open cases created during the time frame selected in the User Risk Trend chart, the information doesn't appear.

View User Entity Risk Score History

Under User Risk Trend, view a line chart of a user entity's risk score over time. Each point on the line chart represents the highest Threat Center case or alert risk score associated with the user entity on a given day.

attacksurfaceinsights-users-userdetails-userrisktrend.png

You can view the risk score over a time frame you specify: the past seven days, two weeks, one month, two months, or three months.

attacksurfaceinsights-users-userdetails-userrisktrend-timerange.png

To view the highest case or alert risk score on a given day, hover over the point on the line chart:

The User Risk Trend chart showing a specific point on the chart.

To navigate to the associated case or alert in Threat Center, click the point.

View User Entity Accounts

You can view all accounts associated with the user entity and the attributes associated with a specific account.

To view all attributes across all accounts, select All Accounts.

The user details for user Barbara Salazar with All Accounts highlighted in a red rectangle.

To view attributes associated with a specific account, select the account from the menu.

The user details for user Barbara Salazar with other associated accounts highlighted in a red rectangle.

To view all linked accounts, under Usernames, click View linked accounts.

User entity details with the View linked accounts action highlighted in a red rectangle.

For each linked account, view:

  • Full name – The printable display name of the user associated with the account.

  • Email address – The email address associated with the account.

  • User name – The user name associated with the account.

  • Security criticality – The security criticality associated with the account.

  • Tags – The tags associated with the account.

  • Department – The department associated with the account.

  • Title – The formal job title of the user associated with the account.

  • Manager – The manager to whom the user reports associated with the account.

  • Lockout – Whether the user is locked out of the account.

  • Is active – Whether the user is currently actively using the account.

  • Current logged endpoint – The endpoint into which the user is currently logged in.

  • Is on VPN – Whether the user is currently connected to VPN.

  • Last seen – The time when the user was last associated with this account.

View Device Entity Details

To view details about a device entity, select the device entity. From the details, view: