The User Profile view provides detailed information about all the alerts and related indicators of a user or network entity.
*You can complete the tasks here.
- Begin an Investigation of High-Risk User Or Network Entity
- Investigate Top Alerts
- Filter Alerts
- Investigate Events
- Export a list of High-Risk User or Network Entity
To access this view:
Go to Investigate >ENTITIES. Do any of the following:
- In the OVERVIEW tab, under TOP RISKY USERS panel, click on the username.
- In the ENTITIES tab, click on the username.
- In the ALERTS tab, click on the alert name.
The Users Profile consist of the following panels:
|1||User Risk Score panel|
|2||Alerts Flow panel|
User or Network Entity Risk Score Panel
The User or Network Entity Risk Score panel contains the following information:
Alert Flow Panel
The Alert Flow panel displays the following information:
Click on a graph icon in the Alert Flow panel to open the Indicator panel. The following table describes the indicator panel elements:
In the Indicator panel the events table list events specific to the data sources.
- Common events for User Entity
The following tables list events specific to all the data sources.
- Windows File Servers
The following tables list events specific to Windows file servers.
- Active Directory
The following tables list event specific to Active Directory.
- Logon Activity
The following tables list events specific to Logon Activity.
The following tables list events specific to Process.
The following tables list events specific to Registry.
The following tables list events specific to JA3 and SSL Subject.