Overview Tab
The Overview tab provides an initial view into the recent and most important user or network entity activities in the environment. Each panel shows either prioritized incidents for investigation or consolidated metrics reflecting potential risks to the enterprise.
Workflow
What do you want to do?
| User Role | I want to ... | Documentation |
|---|---|---|
| UEBA Analyst |
View top ten high-risk users or network entities.* |
Identify High-Risk User or Network Entity |
| UEBA Analyst |
View risky user or network entities, and watchlist or network entities.* |
Identify High-Risk User or Network Entity |
|
UEBA Analyst |
View user based on alert type and indicator. |
|
| UEBA Analyst | Investigate alerts in my environment. | Investigate Top Alerts |
| UEBA Analyst | Begin an investigation of critical alerts. | Investigate Top Alerts |
| UEBA Analyst | Sort alerts to focus my investigation. | Filter Alerts |
| UEBA Analyst | Investigate threat indicators. | Investigate Events |
| UEBA Analyst | Export alert data. | Manage Top Alerts |
*You can complete the tasks here.
Related Topics
- Begin an Investigation of High-Risk User Or Network Entity
- Investigate Top Alerts
- Filter Alerts
- Manage Top Alerts
Quick Look
The following figure shows the Overview tab.
The Overview tab consists of the following panels:
| 1 | Top Risky User or Network entities panel |
| 2 | Top Alerts panel |
| 3 | Alerts Severity panel |
Top Risky User or Network Entity Panel
The High Risk User or Network entities panel lists the top ten high-risk users or network entities along with the user or network entity score.
In this example, the following table describes the high risk users panel elements.
| Name | Description |
|---|---|
| Risky | All user or network entities with a risk score greater than 0. |
| Watched | All user or network entities who are currently flagged as Watched. |
| Total Users | All user or network entities in the network. |
| User or Network entity name | The name of the user or network entity. |
| User or Network Entity Score |
The score of the user or network entity, with the color indicating the severity of the score.
|
Top Alerts Panel
The Top Alerts panel displays a list of alerts for the associated user or network entity, severity, alert creation date, and number of indicators. The list consists of the top ten alerts in the Last 24 Hours, Last 7 days, Last 1 Month and Last 3 Months.
The following table describes the top alerts panel elements.
| Name | Description |
|---|---|
| Severity Icon | The alert severity icon. The options are Critical, High, Medium, or Low. |
| Alert Name | The name of the alert. |
|
Alert Creation Date |
The date when an alert is generated. |
| Number of Indicators |
The number of indicators associated with the alert. |
Alerts Severity Panel
The Alert Severity panel graphically displays the number of alerts.
The following table describes alert severity panel elements.
| Name | Description |
|---|---|
| Severity level |
The severity is color coded, where red indicates a Critical alert, orange represents a High risk alert, yellow indicates a Medium risk alert, and green represents a Low risk alert. For example: |
