Risk Based Entity Insights for AWS

Join the Beta!

Risk Based Entity Insights is in private beta.

Request Access

Overview

Cloud SIEM’s Risk Based Entity Insights for AWS consolidates multiple data sources, such as SIEM threats and CSM insights, into a profile representing a single security entity, such as an IAM user.

With Risk Based Entity Insights, you can:

  • Explore entities, filtering them by attributes such as risk score or entity type.
  • View all data relevant to an entity, such as signals, misconfigurations, and identity risks.
  • Triage relevant items in bulk.
  • Take mitigation steps such as creating a global suppression or creating a case for an entity.

Prerequisites

No other setup is required to use Cloud SIEM Entities.

Explore entities

Query and filter entities

On the Entities Explorer page, you can view all entities that have at least one signal.

A list of entities and their risk scores in the Entities Explorer

Quickly build context on an entity

Click an entity in the Explorer to open the entity side panel.

The details panel for an entity

The What Happened section of the panel displays the count of related signals and how they have contributed to the risk score, as well as any potential configuration risks.

The What contributes section displays the list of fired signals, relevant misconfigurations, and identity risks.

Triage and mitigate threats in bulk

The Next steps section of the entity details panel includes the available mitigation steps.

The available next steps for an entity as shown in the entity details panel

Risk scoring

An entity’s risk score summarizes the entity’s risk level over time.

The risk score is calculated from the characteristics of the entity’s associated signals, such as the severity level of the signal and how many times the signal has fired. All signals fired in the past 14 days are used to calculate the risk score.

Further reading

PREVIEWING: rtrieu/product-analytics-ui-changes