Navigating the Entity Explorer page

Entities are the objects which form the basis of the security events.
From the Cases page, click on an entity to be redirected to the Entity Explorer page.
The Entity Explorer page gives you insight into:

  • The number of and specific cases this entity was involved with during the last three months. This provides information about the entity throughout the cases in the system. This explains why the information presented here might be different from the information you see for a specific entity in the side drawer. For example, a URL where is suspicious = true and is highlighted in red in the side drawer, might appear here as false if this same URL is defined according to different criteria in a few other cases.
  • The details about the entity including basic information and enrichment information gathered about this entity from different cases
  • The linked entities such as users and IP addresses
  • The frequency of each type of case
  • A list of log entries

You can expand or contract of each category by clicking the arrow at the right side of the category name (Entity, Default, etc.).