Behavior Analytics Incidents
Behavior Analytics Incidents
To access the Behavior Analytics page, go to Incidents > Behavior Analytics. Admins can view this page and act on the Unacknowledged incidents.
If you have the standard Behavior Analytics licensing, you will see the following:
If you have Advanced Behavior Analytics licensing, you will see the following:
Primary metrics appear in the panels on top, and a table view provides more specific information. The information shown on this page includes:
- Summary: Lists the total number of incidents and unacknowledged incidents.
- Top Users: Lists the users in your organization and the total number of associated incidents.
- Top Applications: Lists the applications with the highest incident rates.
- Incident Description: List a short description of the incident that triggered the policy. Click the Incident description name to view the Behavior Analytics Incident details page.
- Application: Lists the application name that is involved with this incident.
- Severity: Lists the severity of the incident as determined by the policy enabled.
- Behavior Analytics Policy: Lists the policy you enabled that triggered the incident.
- Acting User: Lists the user in your organization that triggered the alert.
- Created Time: Displays the time the incident was created.
- Users Active: Shows active users in the last 48 hours (default), or last 7/30/60 days. This expands the number of active users that can be viewed on the page for the user confidence score (UCI) trend and Behavior Analytics anomalies.
You can filter the Incidents list by Acknowledged or Unacknowledged incidents. The default view is Unacknowledged incidents. Click to customize the view by the following options:
- Severity: Select incidents to view by a specific severity level.
- Acting User: Search for a specific user.
- Application: Select an application name.
- Instance: Search for an instance.
- Behavior Analytics Policy: Select a policy you created in Policies > Behavior Analytics.
Use the Sort by option to view the Incidents table data by:
- Created Time (default)
- Application
- Severity
- Behavior Analytics Policy
- Created Time
- Last Edited Time
Click the gear icon to customize the columns.
You can export all rows (up to 500,000) or select a custom number or rows (1,000 rows, 10,000 rows, or 100,000 rows). Type a name for your export file and click Export.
