Overview Tab

The Overview tab provides an initial view into the recent and most important user or network entity activities in the environment. Each panel shows either prioritized incidents for investigation or consolidated metrics reflecting potential risks to the enterprise.

Workflow

Investigate Top Users and Alerts workflow diagram

What do you want to do?

User Role I want to ... Documentation
UEBA Analyst

View top ten high-risk users or network entities.*

Identify High-Risk User or Network Entity
UEBA Analyst

View risky user or network entities, and watchlist or network entities.*

Identify High-Risk User or Network Entity

UEBA Analyst

View user based on alert type and indicator.

Identify High-Risk User or Network Entity

UEBA Analyst Investigate alerts in my environment. Investigate Top Alerts
UEBA Analyst Begin an investigation of critical alerts. Investigate Top Alerts
UEBA Analyst Sort alerts to focus my investigation. Filter Alerts
UEBA Analyst Investigate threat indicators. Investigate Events
UEBA Analyst Export alert data. Manage Top Alerts

*You can complete the tasks here.

Related Topics

Quick Look

The following figure shows the Overview tab.
Overview tab with callouts for each panel

The Overview tab consists of the following panels:

1 Top Risky User or Network entities panel
2 Top Alerts panel
3 Alerts Severity panel

Top Risky User or Network Entity Panel

The High Risk User or Network entities panel lists the top ten high-risk users or network entities along with the user or network entity score.

In this example, the following table describes the high risk users panel elements.

Name Description
Risky All user or network entities with a risk score greater than 0.
Watched All user or network entities who are currently flagged as Watched.
Total Users All user or network entities in the network.
User or Network entity name The name of the user or network entity.
User or Network Entity Score

The score of the user or network entity, with the color indicating the severity of the score.

  • red indicates critical
  • orange represents a high risk
  • yellow indicates a medium risk
  • green represents a low risk

Top Alerts Panel

The Top Alerts panel displays a list of alerts for the associated user or network entity, severity, alert creation date, and number of indicators. The list consists of the top ten alerts in the Last 24 Hours, Last 7 days, Last 1 Month and Last 3 Months.

The following table describes the top alerts panel elements.

Name Description
Severity Icon The alert severity icon. The options are Critical, High, Medium, or Low.
Alert Name The name of the alert.

Alert Creation Date

The date when an alert is generated.

Number of Indicators

The number of indicators associated with the alert.

Alerts Severity Panel

The Alert Severity panel graphically displays the number of alerts.

The following table describes alert severity panel elements.

Name Description
Severity level

The severity is color coded, where red indicates a Critical alert, orange represents a High risk alert, yellow indicates a Medium risk alert, and green represents a Low risk alert. For example:
Severity levels displayed with each color