Entity analytics

Entity analytics generates a set of threat detection and risk analytics that allows you to expedite alert triage and hunt for new threats from within an entity's environment. This feature combines the power of the SIEM detection engine and Elastic's machine learning capabilities to identify unusual user behaviors and generate comprehensive risk analytics for hosts, users, and services.

Entity analytics provides the following key capabilities:

• Entity risk scoring
• Advanced behavioral detections
• Privileged user monitoring

To learn about how entity analytics can help you manage your hosts, users, and network activity, refer to:

• Hosts page
• Network page
• Users page