- Search Overview
- Search Home Page
- Performing Searches
- Basic Search
- Advanced Search
- Advanced Search Building Blocks
- Running an Advanced Search Query
- Query Syntax
- Query by Subject
- Query by Vendor and Product
- Query by Field and Value
- Query by Context Table
- Query Using Regex
- Query Using Wildcards
- Free Text Search
- Query Using Advanced Query Language Operators
- Query Using Aggregation Functions
- Query Using Structured Fields
- Dynamic Field Extraction
- Natural Language Search
- Anomaly Search
- Refine a Search
- Context Tables in Search
- Search Best Practices
- Search Results
- Histogram View of Search Results
- Search Results Navigation Bar
- Timeline View of Search Results
- List View of Search Results
- Table View of Search Results
- Aggregated Search Results
- Event Details
- Detection Details
- Entity Details
- Data Insights
- Export Search Results
- View and Download Exported Search Result Files
- Dashboard Visualizations
Entity Details
The Entities tab is available from the Details panel whenever you are viewing Search results that include events or detections with parsed user or device entity fields. When the Entities tab is displayed, it lists all of the user and device entities that are present in the search results. For each entity, you can opt to open an Entity Details panel that displays the extensive information stored about the entity in the Attack Surface Insights application.
Without leaving the Search application, the Entity Details panel provides detailed information about an entity and about the threat history, cases, and alerts associated with the entity. For more information about what the Entity Details panel shows and how to use it, see View Entity Details in the Attack Surface Insights Guide.
Accessing Entity Details
You can access the Entity Details information from Attack Surface Insights, without leaving the Search application, by first displaying the Entities tab in the Details panel. This option is available from different Search results views, as described below:
Open the Entities tab in one of the following ways:
In the Timeline View – Click on any event or detection box in a results row. The Details panel opens with either the Event or Detection tab displayed. Select the Entities tab.
In the List View – Click Event Details or Detection Details in the bottom left corner of an event or detection row. The Details panel opens with either the Event or Detection tab displayed. Select the Entities tab.
In the Table View – On the far right side of an event row, click the Details link. The Details panel opens with the Event tab displayed. Select the Entities tab.
On the Entities tab, identify the entity you want to view detailed information about.
Click the options menu icon (
) on the right of an entity and select either User Entity Details or Device Entity Details.
When the User Entity Details panel or the Device Entity Details panel opens, it displays the information stored in Attack Surface Insights about the entity and it's history in the system. To learn more about the entity attributes, the history of cases and alerts associated with the entity, and the accounts associated with entity, see View Entity Details in the Attack Surface Insights Guide.
Interacting with the Entities Tab
When you display the Entities tab in the Search Details panel, you can interact with information on tab in the ways described below.
|
Use the
icons at the top of the panel to navigate between event rows in the Search results.Click the
icon to close the Details panel and return to the Search results.Click the options menu icon (
) on the right of the entity and select from the following options:User Entity Details or Device Entity Details – Click to open either the User Entity Details or Device Entity Details panel with information stored in Attack Surface Insights about the selected entity. For more information, see View Entity Details in the Attack Surface Insights Guide.
User Entity Timeline or Device Entity Timeline – Click to open a new Search window that automatically populates and runs a search for activities related to the selected entity. This option pivots to a new Search window so you can drill down on the behavior of specific entities without closing the results you're already exploring.
Query Operators – Click the AND, AND NOT, or OR operators to add the selected entity directory to your Search query.
