Security Findings By Entity Widget
The Security Findings By Entity widget shows how security findings are distributed between Device and User entities over time using a stacked area chart. This helps you understand whether your security findings are concentrated on user accounts (suggesting credential or access issues) or on devices (suggesting endpoint or infrastructure issues), and how that distribution changes over time.
Configuration
Click + Add Widget, select Security Findings By Entity, and click Next.
Field | Required | Description | Default |
Widget Name | Yes | A title (e.g., 'Security Findings By Entity'). | — |
Time Range | No | Period to display. | Use Global |
Entity Types | No | Filter to show only Device, only User, or both. | All (both) |
Display | No | Chart display options. | — |
Reading the Chart
The stacked area chart has two series:
Series | Color | Represents |
Device | Blue | Findings associated with device entities (endpoints, servers, network devices). |
User | Green | Findings associated with user accounts (login events, access violations, credential issues). |
The X-axis shows time intervals and the Y-axis shows the total finding count. The stacked areas let you see both the total volume and the Device/User split at any point in time.
Tip: If the User area suddenly grows while Device stays flat, it may indicate a credential compromise or brute-force attack targeting user accounts. If Device grows while User stays flat, look for malware or endpoint issues.
Interactive Features
- Use the legend at the bottom to toggle Device or User on/off.
- Hover over the chart to see exact counts at each time point.