The Entity Insights tab provides details about the entities that are the sources of violations, including:

• User
• Device
• Location
• Application
• Content

• External user

  Each entity is labeled in the outer circle of the graph. By default, the tenant name appears in the center circle. The label for each entity shows the name of the entity and the count found for it. For example, User (25) would indicate 25 users found, Device (10) would indicate 10 devices found.

  For more precise search results, you can filter this information by date (today, last 4 hours, last 24 hours, week, month, or year. (The default is Last 24 Hours.)

  You can search for additional details about an entity. For example, if you search on a user by entering the user name in the Search field, the graph displays the user name and their risk level. The user’s risk level is displayed as a half-circle around the user name. The color indicates the risk level (low, medium, or high).

  For entity types that have incidents, a table to the right shows additional details about each incident for the entity. The type of information shown in the table varies according to the entity. Click the entity label to see the table for that entity.

  Notes

• The Entity Insights table can display no more than 1,000 records. If your search yielded a high count for an entity, the table displays only the first 1,000 records found, even if the total number of records exceeds 1,000. You might need to refine your search further to keep the total record count at 1,000 or fewer.
• When exporting Entity Insights activity records from the Activity Audit Logs page to a CSV file, the export is limited to 10,000 events. If your search yielded an activity count higher than this, the exported CSV file will include only the first 10,000 records found.