Skip to main content

Behavior Summary

Login to the Fluency Cloud portal: https://(companyname).cloud.fluencysecurity.com.

Open the main dropdown menu and choose the Behavior Summary option under the EventWatch section.

The Behavior Summary page shows a detailed view of behavior alerts.

The facet on the left side can be used to filter events. There are eight fields associated with a behavior model that can be used for search filters: incident status, analyst, score level, key, key type, behavior rule, behavior, and risks.

For each alert, we can see all the triggered events. To the right of that are the corresponding risk scores, in addition to the number of events that triggered them.

Clicking the arrow icon next to each "triggered events" displays two tabs: "Correlation Hits" and "Fields". The "Correlation Hits" tab shows risks that were triggered by the correlation rules associated with this alert, with a description of the field that triggered it corresponding to the alert.

The second tab is the "Fields" tab. This tab displays the attributes associated with the behavior model, in addition to their values alongside each field. Different triggered event has different information in this tab. Two examples are given below.

Clicking the "Status" drop-down menu allows the user to make changes to the current status of an alarm. By default, an alert will display with the N/A status. If the score associated with the alert passes a certain threshold (set by the customer), it will appear as "New."

Clicking the magnifying glass icon next to the key field will redirect you to the Behavior Timeline page and display all the events associated with the behavior alert triggered. From there, you can navigate to the events page and view more information on the events. More information on how to do this can be found on the page of Behavior Timeline.

Page last updated: 2023 Aug 09