- Search Overview
- Search Home Page
- Performing Searches
- Basic Search
- Advanced Search
- Advanced Search Building Blocks
- Running an Advanced Search Query
- Query Syntax
- Query by Subject
- Query by Vendor and Product
- Query by Field and Value
- Query by Context Table
- Query Using Regex
- Free Text Search
- Query Using Advanced Query Language Operators
- Query Using Aggregation Functions
- Query Using Structured Fields
- Dynamic Field Extraction
- Natural Language Search
- Anomaly Search
- Refine a Search
- Context Tables in Search
- Search Best Practices
- Search Results
- Histogram View of Search Results
- Search Results Navigation Bar
- Timeline View of Search Results
- List View of Search Results
- Table View of Search Results
- Aggregated Search Results
- Event Details
- Detection Details
- Entity Details
- Data Insights
- Export Search Results
- View and Download Exported Search Result Files
- Dashboard Visualizations
Entity Details
The Entities tab is available from the Details panel whenever you are viewing Search results that include events or detections with parsed entity fields. When the Entities tab is displayed, it lists all of the entities that are present in the search results. For each entity, you can opt to open an Entity Details panel that displays the extensive information stored about the entity in the Attack Surface Insights application.
Without leaving the Search application, the Entity Details panel provides detailed information about the entity and about the threat history, cases, and alerts associated with the entity. For more information about what the Entity Details panel shows and how to use it, see View Entity Details in the Attack Surface Insights Guide.
Important
Entity information is currently available only for user entities and not for device entities.
Accessing Entity Details
You can access the Entity Details information from Attack Surface Insights, without leaving the Search application, by first displaying the Entities tab in the Details panel. This option is available from different Search results views, as described below:
Open the Entities tab in one of the following ways:
In the Timeline View – You can do either of the following:
Click the options menu icon (
) on the right side of an event row (or of an associated event row) and select Entities. The Details panel opens with the Entities tab displayed.Expand the event or detection box on a row and click either the Event Details or the Detection Details link. The Details panel opens and you can click on the Entities tab to display it.
In the List View – Click Event Details or Detection Details in the upper right corner of an event or detection row. The Details panel opens with either the Event or Detection tab displayed. Select the Entities tab.
In the Table View – Click on an event row. The Details panel opens with the Event tab displayed. Select the Entities tab.
On the Entities tab, identify the entity you want to view details information about.
Click the options menu icon (
) on the right of the entity and select User Entity Details. 
When the User Entity Details panel opens, it displays the information stored in Attack Surface Insights about the entity and it's history in the system. To learn more about the entity attributes, the history of cases and alerts associated with the entity, and the accounts associated with entity, see View Entity Details in the Attack Surface Insights Guide.
Interacting with the Entities Tab
When you display the Entities tab in the Search Details panel, you can interact with information on tab in the ways described below.
Use the
icons at the top of the panel to navigate between event rows in the Search results.Click the
icon to close the Details panel and return to the Search results.Click the options menu icon (
) on the right of the entity and select from the following options:User Entity Details – Click to open the User Entity Details panel with information stored in Attack Surface Insights about the selected entity. For more information, see View Entity Details in the Attack Surface Insights Guide.
User Entity Timeline – Click to open a new Search window that automatically populates and runs a search for activities related to the selected entity. This option pivots to a new Search window so you can drill down on the behavior of specific entities without closing the results you're already exploring.
Query Operators – Click the AND, AND NOT, or OR operators to add the selected entity directory to your Search query.
