Available Insights by Entity Type
| Insight | Users | Devices | IPs | Files | URLs |
|---|---|---|---|---|---|
| Sign-in logs | ✅ | — | — | — | — |
| Audit trail | ✅ | — | — | — | — |
| Device timeline | — | ✅ | — | — | — |
| Threat intelligence | — | — | ✅ | ✅ | ✅ |
| Related incidents | ✅ | ✅ | ✅ | ✅ | ✅ |
Available insights vary based on the entity type and which integrations are connected. Threat intelligence enrichment requires active threat intel feeds in your security environment.
Using Insights During Investigation
Entity Insights help you answer key questions during triage:- Is this user’s sign-in behavior normal? Check sign-in logs for anomalous locations, times, or devices.
- Has this device been involved in other incidents? Related incidents show historical context.
- Is this IP known to be malicious? Threat intelligence provides reputation data and known associations.
- Have we seen this file before? File hash lookups reveal if the file is known malware.