Entity Insights Available in ContraForce

ContraForce provides additional insights for entities associated with incidents. This article provides an overview of the types of entity insights available in ContraForce.

Overview

In ContraForce, the following insights are available depending on the entity associated to the incident: 

  • User
    • Related Incidents 
    • Sign-In Logs 
    • Audit Logs
    • User Insights
  • IP
    • Related Incidents 
    • IP Insight Logs
  • Device
    • Timeline
    • Related Incidents
    • Device Insights
  • Email 
    • Email Insights 
    • Related Incidents
  • File
    • Related Incidents
    • File Insights
  • URL 
    • Related Incidents 
    • URL Insights

Where do I find available insights?

  1. Within the incident table, click the incident ID to open the compact incident overview. 
  2. Next to the "X" icon on the top right of the popup, click on the diagonal arrows to open the detailed incident view.
  3. Select Entities
  4. Associated entities will be listed as individual rows. Click the three dots to open the available insights. You can open multiple insights at once and there will be a tab for each. The popup window can also be resized. 

List of available entity insights for a user.

Example user insights for a user entity.

ContraForce Capability Matrix 

Please refer to this document to see which entities insights are available for individual XDR and SIEM tools.