Viewing, Tuning, Editing, and Deleting a Behavior Profile

  • Updated

    The behavior analytics listing page consists of multiple models created by you or someone from your organization. You can reach any behavior model to drill down further from this listing page.

    The columns given in the below image are described as follows.

    Model Name The name was given to a model while configuring. You can not rename it.
    Model Type A type of model chosen while configuring. You can change this field.
    Dimensions Lists UDM fields tracked for behavior observation.
    Anomaly Score The score set during model creation to determine the threshold for considering a behavior anomalous.
    Confidence Score The score set during model creation to control signal generation based on data strength. A higher confidence score indicates signals require sufficient past behavior data.
    Total Signals generated The cumulative number of signals generated since model creation.
    Total behaviors tracked

    The total count of behaviors tracked since model inception.

    On the right side of the listing page (highlighted in red) is an aggregated overview of models within the listing page, categorized by Dimensions, Model Type, Created by, Tactics, and Techniques. This allows for a broader trend analysis of model types and facilitates filtering to view models with specific attributes/values.

    Viewing a behavior profile offers you information beyond a traditional chart. You can create what-if situations and tune the model, interact with the data(slice and dice) using the histogram/interactive filter on the right, or simply ask your question about the behaviors to Resolution Intelligence’s conversation AI.

    The page consists of three tabs categorized based on the outcomes you can achieve:

    1. Behavior Analysis

    2. Model Details

    3. Run History

                        Landing page on selecting a behavior profile

    Behavior Analysis

    The default landing page for selecting a behavior profile is the behavior analysis tab. In the behavior analysis tab, you can

    1. Learn more about the behaviors the model is tracking

    2. Investigate the behavior data using the interactive filtering on the right

    3. Create what-if analysis on the model and tune the model for better performance

    4. Ask questions to the behavior model using Resolution Intelligence’s conversational AI

    The first histogram – highlighted in yellow in the image below – visualizes the total behaviors tracked for each day for the last 30 days. By default, the last day is selected in the histogram. You can modify the anomaly score given under the histogram anytime and it ranges from 0 to 1. The total behaviors are updated according to the given anomaly score.

    Note: The data displayed on this page reflects the selected day in the histogram. Changing the day here will update the data in the secondary histogram, the table, and the interactive filtering options on the right-hand side of the page.

    2.png

    The second histogram visualizes the distribution of anomaly scores for the selected day. This graph also includes an interactive slider, using which you can do a what-if analysis on the behavior model.

    What if? By moving the slider across the distribution, you can visualize when certain behaviors shift from being non-anomalous to anomalous. This feature allows for a more granular and dynamic understanding of how the system tracks and scores behaviors, using which you can tune the model for better performance and false positives.

    Note: Other information presented in the chart: The top left of the histogram highlights the total behaviors tracked, which is a cartesian product of the unique value of each attribute selected in the model.
    3.png
    Figure highlighting the histogram with the distribution of anomaly score

    The table below the second histogram lists complete records data for the selected day. The table is interactive and allows you to sort by any dimension.

    The Interactive filtering on the right can help you control/filter what data you want to see in the table. But the interactive filtering also serves another purpose. It also highlights patterns in the selected data, sorted in descending order.

    Thus far, data analysis has primarily involved histograms, tables, and interactive filters. However, with Resolution Intelligence, you can achieve the same outcomes simply by asking questions through conversational AI.

    With conversational AI, you can benefit from unparalleled convenience and functionality. You can ask any question about the behavior model in plain language and the system will identify and execute the necessary steps to find the answer.

    Model Details

    This page provides a comprehensive list of details about the model, including the selected attributes, aggregation type, model type, alerting conditions, associated tactics, and all metadata associated with the model.

    Run History

    The run history allows you to see the status/outcomes of the behavior jobs that were run every day. Here, you can download the outcome of a job as a CSV file.

    Edit a Behavior Profile

    Edit enables you to modify the profile details - adding/removing filters, dimensions, and tags and increasing or decreasing the signal generation conditions.

    To edit a profile,

    1. At the top left, hover over breadcrumb menu.
    2. Under Security, click Behavior Analytics.
    3. From the models listing page, click the profile that you would like to edit.
      A behavior profile page opens on the screen.
    4. Click Edit right to the profile name.
      The profile opens in the edit mode.
    5. Modify the details wherever required.
    6. Click Submit.

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.