You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/entity-pages.md
+7-3Lines changed: 7 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -69,20 +69,24 @@ The following types of items are included in the timeline.
69
69
70
70
# [Defender portal](#tab/defender-portal)
71
71
72
-
The timeline on the **Sentinel events** tab adds a major part of the entity page's contribution to behavior analytics in the Defender portal. It presents a story about entity-related events, helping you understand the entity's activity within a specific time frame.
72
+
The timeline on the [**Sentinel events** tab](/defender-xdr/entity-page-device#sentinel-events-tab) adds a major part of the entity page's contribution to behavior analytics in the Defender portal. It presents a story about entity-related events, helping you understand the entity's activity within a specific time frame.
73
73
74
74
In particular, you'll see on the Sentinel events timeline alerts and events from third-party sources collected only by Microsoft Sentinel, such as syslog/CEF and custom logs ingested through the Azure Monitor Agent or custom connectors.
75
75
76
76
The following types of items are included in the timeline.
77
77
78
-
-**Alerts**: any alerts in which the entity is defined as a **mapped entity**. Note that if your organization has created [custom alerts using analytics rules](./detect-threats-custom.md), you should make sure that the rules' entity mapping is done properly.
78
+
-**Alerts**: any alerts in which the entity is defined as a **mapped entity**. If your organization created [custom alerts using analytics rules](./detect-threats-custom.md), make sure that the rules' entity mapping is done properly.
79
79
80
80
-**Bookmarks**: any bookmarks that include the specific entity shown on the page.
81
81
82
-
-**Anomalies**: UEBA detections based on dynamic baselines created for each entity across various data inputs and against its own historical activities, those of its peers, and those of the organization as a whole.
82
+
-**Anomalies**: [UEBA detections](./anomalies-reference.md) based on dynamic baselines created for each entity across various data inputs and against its own historical activities, those of its peers, and those of the organization as a whole.
83
83
84
84
-**Activities**: aggregation of notable events relating to the entity. A wide range of activities are collected automatically, and you can now [customize this section by adding activities](customize-entity-activities.md) of your own choosing.
85
85
86
+
For device entities, a new activity type was added in January 2025. This activity includes dropped, blocked, or denied network traffic originating from a given device, based on data collected from industry-leading network device logs. These logs provide your security teams with critical information to quickly identify and address potential threats.
87
+
88
+
As of January 2025, **activities** for the device entity are visible on the main [*Timeline* tab](/defender-xdr/entity-page-device#timeline-tab) of the [device entity page](/defender-xdr/entity-page-device), as well as remaining visible on the Sentinel events tab as before. For more information, see [Unified timeline (Preview)](/defender-xdr/entity-page-device#unified-timeline-preview).
89
+
86
90
:::image type="content" source="./media/entity-pages/entity-pages-timeline-defender.png" alt-text="Screenshot of an example of a timeline on an entity page in the Defender portal." lightbox="./media/entity-pages/entity-pages-timeline-defender.png":::
87
91
88
92
This timeline displays information from the past 24 hours. This period is not currently adjustable.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments