Use this procedure to view the details of a specific entity such as number of active signals, Situations created and turned into ActOns.
To view the entity details:
1. Navigate to Resolutions --> Overview, under Entities.
The Entities page appears.
2. Click on the entities of a particular category to see the list of entities belonging to this category.
The Entity Inventory page appears.
3. Click on the entity name to view the comprehensive data related to the selected entity.
4. Review the basic entity details in the Base attributes section, under the Overview tab.
Field name | Field description |
---|---|
Name | The name of the entity. |
Display name | The display name of the entity. |
Category | The category to which the entity belongs to. |
Type | The type of entity. |
Source | The source from where the entity is obtained. |
Class | The class to which the entity belongs to. |
5. Review these details in the Identifier attributes section. Note that you can view these details only if you are at the domain or organization level.
Field name | Field description |
---|---|
Tenant name | The name of the tenant. You can see this tenant name if you are an organizational or domain user. |
Organizations name | The name of the organization to which the entity belongs to. You can only view this information if you are an organizational user. |
6. Review these details in the Time attributes section:
Field name | Field description |
---|---|
Created on | The time and date on which the entity has been synced up to the platform. |
Updated on | The time at which the entity details were last updated. |
Info: You can view raw data of an entity in the JSON format. There is also a copy option to copy the JSON
7.View the existing tags linked to this entity.
Note: You can see View in Chronicle option only for Google Chronicle entities. Clicking on this option takes you to the Chronicle page to view detailed information about the entity and alerts triggered.
8. Click the Actions drop-down:
- Select Add Tags to add tags to this entity. To add tags, please refer to Adding tags to a group of entities.
- Select Mark as Critical to mark the entity as critical based on how critical the entity is for the business. In case the entity is marked as critical, then you see Unmark as Critical option to remove the criticality tag for the entity.
- Select Assign Functions to assign functions to an entity. Refer to Assigning Functions to entities. If there are no functions or you want to create a new function, click Create Function. To create a function, refer to create a function.
- Select Sync now to sync the updated metadata of a specific entity. This option is enabled only for AWS, Azure, Opsramp, and GitHub entities.
9. Click the Functions tab. If you want to assign functions to an entity, click Assign Functions. Refer to Assigning Functions to entities. If there are no functions or you want to create a new function, click Create Function. To create a function, refer to create a function.
10. Review the escalation policy within a function and is associated with this entity:
Field name | Field description |
---|---|
Name | The function name assigned to the entity. |
Escalation policy | The escalation policy associated with this function. |
11. Click the ellipses icon corresponding to the function that you want to unassign or remove from this entity.
12. Click Unassign.
Note: If you select the source type as OpsRamp while filtering entities, you can view two additional tabs - Applications and Patch. On Applications tab, you can view the list of applications available for the entity and on the Patch tab, you can view the patches applied on the entity.
13. Click the Signals tab to view the number of signals detected for this entity.
14. Review all active signal information related to this entity. The following table describes about each column in the Signals table:
Column name | Description |
---|---|
ID | The ID for the signal. |
Description | The description of the signal created for this entity. |
Sub-category | The sub-category to which the signal belongs to. |
Created-on | The date on which the signal was generated. |
Status |
The status of the active signals. Possible values:
|
Note: Search for a specific signal from the list of signals, using the search box.
15. Click on a particular signal to redirect to the signal page and view comprehensive signal details.
16. Click the Situations tab to see the number of situations created for this entity.
17. Review the situation details. The following table describes about each column in the Situations table:
Column name | Description |
---|---|
ID | A unique ID assigned to the situation. |
Title | The title given for the situation. |
Priority |
The priority of this situation. Possible values:
|
Assignee | The user assigned to resolve the situation. |
Status |
The status of the situation. Possible values:
|
Likelihood | Applicable only for security assets. The higher the detection, the higher will be the score. The score decides how likely there is a chance for this entity to be susceptible to security threats. |
Impact | Indicates the damage caused to the entity due to the threat concern. The score depends on Likelihood and confidence scores. The higher the impact, the critical the entity is. |
Confidence | The higher the score, the higher the probability for this entity to encounter a security threat. |
18. Click on a particular situation from the list of situations to redirect to the Situations page and view its details.
19. Click the ActOns tab to see the ActOns generated for this entity.
20. Review the ActOn details. The following table describes about each column in the ActOns table:
Column name | Description |
---|---|
ID | A unique ID assigned to an ActOn. |
Title | The title given for the ActOn. |
Priority |
The priority assigned to the ActOn. The resolution time depends on the set priority for this ActOn. Possible values:
|
Assignee | The user assigned to act on this ActOn. |
Status |
The status of the ActOn. Possible values:
|
Likelihood | Applicable only for security assets. The higher the detection, the higher will be the score. The score decides how likely there is a chance for this entity to be susceptible to a security threat. |
Impact | Indicates the damage caused to the entity due to the threat concern. The score depends on Likelihood and confidence scores. The higher the impact, the critical the entity is. |
Confidence | The higher the score, the higher the probability for this entity to be susceptible to a security attack. |
21. Click on a specific ActOn from the list of ActOns to redirect to the ActOn page and view its details.
Comments
0 comments
Please sign in to leave a comment.