You can use different filters in the entities and anomalies in the Users, Shares, Servers, and Websites tabs:
Date-range
Filter labels
Anomaly risk level
Entity name
Anomaly list
Filters in the UEBA Page¶
You can use the date-range filter, at the top of the page, to filter the anomalies by time and further drill-down the threat results. When you select a single date, the chart shows only 24 hours data of the selected date.
You can filter the data using different labels in the Filter field. You can select a label from the suggestion list in Filter, or search the labels by typing the name.
UEBA divides the filter labels into the following groups:
Category lists all the categories of anomalies.
Families lists all the anomaly families.
Threat lists all the threat types.
User lists all the anomalous users.
Entity lists multiple groups of all the anomalous entities such as shares, servers, and websites detected by UEBA in the analyzed data. You can select only one filter from these groups.
If you choose a different filter from the same suggestion group, the previous filter is replaced with the new one.
You can filter the anomalies listed based on their risk level and Risk Scores. The risk levels available are low, medium, high and critical.
You can select an entity name from the Entity Overview section to filter the matrix of anomalies chart and the anomalies list.
You can filter the information from anomalies list by:
Selecting a threat from the Possible Threat column.
Selecting an anomaly risk from the Anomaly Risk column.
Selecting an entity name from the description in the Anomaly column.
Selecting a family or a category from Anomaly Details after expanding an anomaly.