Viewing a Single Entity’s Details

The single entity page provides a clear, organized view of individual entities—whether user or host—by grouping critical information into dedicated tabs and sections. It enables users to quickly assess entity-specific details such as risk levels, behavior patterns, generated signals, and their correlation to Situations and ActOns.

Entity Types and Tabs

User Entity

• Available Tabs: Summary

Host Entity

• Available Tabs:
  • Summary
  • Software Installed
  • Patches Missed

Viewing User Entity Details

Follow the steps below to view comprehensive details of a User entity:

To view user entity details:

1. Navigate to Resolutions → Overview, under Entities. The Entities page appears.
2. Select the User category to view the list of user entities.
3. Click on a specific user entity name to open its detailed view. The entity's information is displayed on the Summary tab.

Summary Tab Overview (User Entity)

Contact Information

• E-mail: The user's primary email address used for communication.
• Job Title: The professional title or designation of the user within the organization.
• Location: The physical location or office from which the user operates.
• Mobile: The mobile phone number associated with the user.
• Employee ID: A unique identifier assigned to the user for internal tracking.
• Department: The organizational unit the user belongs to.

Manager Information

• Name: Full name of the user’s reporting manager.
• Job Title: The job title of the manager.
• Email: The email address of the manager.
• Location: The manager's office or work location.
• Mobile: The manager’s contact number.
• Employee ID: Unique identifier for the manager.

Meta Information

• Source: Indicates the system from which this user entity is synchronized (e.g., Azure AD, GitHub).
• Type: Denotes the entity classification, e.g., "User".
• Created Time: Timestamp of when the user was first synced into the platform.
• Updated Time: The last time the user’s metadata was modified.

Widgets

• Risk Level: Displays the user’s risk classification (Low, Medium, or High) based on behavioral and contextual signals.
• Device Locations: Shows the user’s last login location and other historically recorded login locations.
• Entity Groups: Lists any entity groups the user is associated with. 
• Behaviors: Displays patterns of behavior detected for the user based on MITRE tactics, including signals generated per observed behavior.

Viewing Host Entity Details

Follow the steps below to view comprehensive details of a Host entity:

To view host entity details:

1. Navigate to Resolutions → Overview, under Entities.

2. The Entities page appears.

3. Select the Host category to view the list of host entities.

4. Click on a specific host entity name to open its detailed view.

5. The entity's information is displayed across the Summary, Software Installed, and Patches Missed tabs.

Summary Tab Overview (Host Entity)

Host Information

• Name: The name of the host machine.
• Operating System: The OS installed on the host (e.g., Windows, Linux).
• Kernel Version: The version of the OS kernel currently running on the host.
• SSH Server: Indicates whether an SSH server is enabled on the host.
• IP Address: The IP address assigned to the host.
• MAC Address: The host’s hardware (MAC) address.
• Location: Geographical or data center location of the host.
• Last Login User: The username of the last user who logged into the host.
• Owned by: Indicates the primary owner or responsible party for the host.
• Domain Name: The domain to which the host belongs.
• Environment: Identifies the host's operating environment (e.g., Production, Development).
• POD: The Point of Delivery or Pool of Deployment; denotes the region or deployment zone.

Hardware Information

• Processor: The type of CPU or processor installed in the host.
• RAM: Total memory (RAM) available on the host.
• Disk Space: The amount of disk storage available and/or used.
• OS Architecture: Architecture of the operating system (e.g., x64, ARM).
• System Manufacturer: The manufacturer of the host machine.
• Motherboard Model: Specific motherboard model used in the host.
• Hard Drive Info: Detailed specifications of the hard drive(s) installed.
• Network Adapter Info: Information about the network adapter.
• USB Devices: Lists all USB devices connected or recognized by the host.

Network Details

• DHCP Server: The Dynamic Host Configuration Protocol server used by the host.
• Gateway: Default gateway for the host’s network.
• IP Address: The IP address currently assigned.
• Network Adapter: Specific network adapters configured on the host.

Platform Classification Details

• Source: Indicates the integration source from which the host entity was synced.
• Type: Identifies the type of entity — typically “Host”.
• Created Time: Timestamp of when the host was initially synced to the platform.
• Updated Time: Most recent update timestamp for the host's metadata.

Widgets

• Risk Level: Displays current risk classification of the host (Low, Medium, or High).
• Software Installed: Shows the list of installed software packages on the host.
• Vulnerabilities: Lists vulnerabilities identified via internal or external scanning tools.
• Entity Groups: Displays groups to which the host is assigned.
• Behaviors: Shows behavioral patterns detected, categorized by MITRE tactics with linked signal data.

Software Installed tab

Lists the software packages currently installed on the host.

Patches Missed tab

Highlights the patches that have not been applied to the host.

Common Widgets for Both User and Host Entities

Security Activities

• Total Signals: Number of signals triggered from the entity.
• Signals to Situations: Number of signals that were converted to Situations.
• Situations to ActOns: Number of Situations that were converted to ActOns.

Situation vs. ActOn Graph

This widget presents an interactive time-series graph that visualizes trends in Situations and ActOns over a selected time range. Each plotted point represents the number of Situations and ActOns recorded on a specific date. Clicking a data point opens a side sheet that provides a focused view of the signals that were converted into Situations and ActOns on that day.

Side Sheet Details (from Graph)

Signals Tab

• Signal ID: Unique identifier of the signal.
• Signal Time: Timestamp when the signal was generated.
• Subject: Context or subject of the signal.
• Entities: All entities associated with the signal.
• Function: Function or team assigned to handle the signal.
• Priority: Assigned severity (e.g., High, Medium, Low).
• Status: Current state of the signal (e.g., Open, In Progress, Resolved).
• External Signal ID: Identifier from the originating platform/source.
• Situation: ID of the associated Situation created from the signal.
• Detection Rule: Rule name or identifier that triggered the signal.

Options:

• Export CSV: Download signal data in CSV format.
• Search Bar: Filter and locate specific signals quickly.

Impacted Entities Tab

• Name: Name of the impacted entity.
• Class: Classification of the entity (User or Host).
• Type: Type of entity (e.g., Endpoint, Cloud Resource).
• IP Address: The entity's IP address.
• Source: System that synced the entity.
• Critical: Whether the entity is flagged as critical.
• Updated Time: Last metadata update time for the entity.

Additional Options

• Critical / Non-Critical: Mark the criticality of the entity based on its importance to business operations.
• Assign Functions: Assign one or more functions under which the signals triggered for the entity should be routed. 
• Assign SKUs: Associate one or more SKUs with the entity.
• Add Tags: Open the side sheet to assign metadata tags in key-value format. Tags synced from the source appear by default; additional tags can be manually added and removed later if are not required.
• Sync Now: Manually trigger a metadata sync for the entity from platforms such as AWS, Azure, OpsRamp, GCP, or GitHub.

Note: Sync now option is available only at the tenant level.