This post is authored by Itay Argoety, Product Manager, Azure ATP
Enterprise security operations (SecOps) often have limited resources and staff, and security analysts face evolving, more sophi...
Updated May 11, 2021
Version 5.0
Blog Post
3 MIN READ
Introducing Investigation Priority built on User and Entity Behavior Analytics
Hi David.
The top users scores is surfaced on the main dashboard to help you get an immediate idea of which users currently represent the highest risk within your organization and should be prioritized for further investigation (picture 1).
Under "Investigate" tab, click on "Activity log" to view all the activities we profile for users.
clicking on "Advanced" for advanced filters, selecting "Investigation Priority" "is set" will filter the results to all activities with the investigation priority score. you can add additional filters (user/device/country) for further investigation (Picture 2).
Since we are still in preview, there is no place to see all the users scores, only the top ones.
But we are working to add this option to the experience.
The users page timeline will only show alerts from the past 7 days - which impacts the Investigation Priority Score.
If the user has additional open alerts, which haven't impacted the score, you can pivot from the users page to the alert queue (picture 3).
Hope that's clarifying.
Feel free to send us feedback from the console itself, regarding the score, experience, help etc'.
We are always available :)
Itay
Top Users by Investigation Priority Widget
Activity log filtered by Investigation Priority
User page with Investigation Priority Score