Entity risk detections widget

Early Access release

The entity risk detections widget displays high-risk detections, their source, and the entity risk policy rule that was triggered. You can use the information on this widget to watch for spikes in high-risk violations or observe patterns over a period of time.

Initial view

Before you configure the entity risk policy, the widget displays basic information about the number of high-risk detections and the top several detections.

The colors of the graph identify the source of the information or signal source:

  • Blue: The source of this data is Okta.
  • Green: The source of this data is security events provider data sources like Palo Alto Network and other vendors.
  • Gray: The source of this data is network appliances and security events providers.

The blue and green items may also appear in darker and lighter shades of their respective color. Darker shades indicate higher-risk items, and lighter shades indicate lowest-risk items.

Click Past 7 days or Past 24 hours to switch views.

Click View all detections to see all entries.

Click Configure entity risk policy to configure rules for this policy. After you’ve configured the entity risk policy, this link changes to Edit Entity Risk Policy. See Add an entity risk policy rule.

Most matched entity risk policy rules view

After you configure the entity risk policy, you can see which rules were triggered, the action that was taken for each rule, and the number of events that matched each rule.

Click Past 7 days or Past 24 hours to switch views.

Click View all detections to see all entries.

Related topics

Entity risk policy

Entity risk report

Entity risk detections widget