UEBA: Overview View

Document created by RSA Information Design and Development Employee on Feb 5, 2020Last modified by RSA Information Design and Development Employee on Feb 9, 2020
Version 3Show Document
  • View in full screen mode

The OVERVIEW tab provides an initial view into the recent and most important user or network entity activities in the environment. Each panel shows either prioritized incidents for investigation or consolidated metrics reflecting potential risks to the enterprise.

Workflow

Investigate Top Users and Alerts workflow diagram

What do you want to do?

                                                     
User RoleI want to ...Documentation
UEBA Analyst

View top ten high-risk users or network entities*.

Identify High-Risk User or Network Entity
UEBA Analyst

View risky user or network entities, and watchlist or network entities.

Identify High-Risk User or Network Entity

UEBA Analyst

View user based on alert type and indicator.

Identify High-Risk User or Network Entity

UEBA AnalystInvestigate alerts in my environment.Investigate Top Alerts
UEBA AnalystBegin an investigation of critical alerts.Investigate Top Alerts
UEBA AnalystSort alerts to focus my investigation.Filter Alerts
UEBA AnalystInvestigate threat indicators.Investigate Events
UEBA AnalystExport alert data Manage Top Alerts

*You can complete the tasks here.

Related Topics

Quick Look

The following figure shows the Overview tab.
Overview tab with callouts for each panel

To access this view, go to Investigate >OVERVIEW.

The Overview tab consists of the following panels:

                 
1Top Risky User or Network entities panel
2Top Alerts panel
3Alerts Severity panel

Top Risky User or Network Entity Panel

The High Risk User or Network entities panel lists the top ten high-risk user or network entity along with the user or network entity score.

In this example, the following table describes the high risk users panel elements.

                               
NameDescription
RiskyAll user or network entities with a risk score greater than 0.
WatchedAll user or network entities who are currently flagged as Watched.
Total UsersAll user or network entities in the network.
User or Network entity nameThe name of the user or network entity.
User or Network Entity Score

The score of the user or network entity, with the color indicating the severity of the score. red indicates critical, orange represents a high risk, yellow indicates a medium risk, and green represents a low risk.

Top Alerts Panel

The Top Alerts panel displays a list of alerts for the associated user or network entity, severity, alert creation date, and number of indicators. The list consists of the top ten alerts in the Last 24 Hours, Last 7 days, Last 1 Month and Last 3 Months.

The following table describes the top alerts panel elements.

                           
NameDescription
Severity IconThe alert severity icon. The options are Critical, High, Medium, or Low.
Alert NameThe name of the alert.

Alert Creation Date

The date when an alert is generated.

Number of Indicators

The number of indicators associated with the alert.

Alerts Severity Panel

The Alert Severity panel graphically displays the number of alerts.

The following table describes alert severity panel elements.

               
NameDescription
Severity level

The severity is color coded, where red indicates a Critical alert, orange represents a High risk alert, yellow indicates a Medium risk alert, and green represents a Low risk alert. For example:
Severity levels displayed with each color

Previous Topic:Reference
Next Topic:Entities View
You are here
Table of Contents > Reference > Overview View

Attachments

    Outcomes