About Accounts

An Account represents a system or user account within the monitored environment. Accounts are stored in the and serve as critical reference points for tracking user activities, access patterns, and potential security events. Proper documentation and linkage of accounts help ensure thorough investigation and streamlined incident management.

Accounts Database Fields

Accounts contain the following fields:

• Username
  • The unique identifier for the account, typically the username used for authentication within the system or platform.
• Description
  • A brief description of the account, including its purpose, role, or other relevant details.
• Tags
  • Customizable labels or keywords associated with the account. Tags help in categorizing and organizing accounts for easy filtering and identification (e.g., "admin", "service account", "dormant").
• Analyst Notes
  • Notes or comments added by analysts to provide context, observations, or any other relevant details regarding the account.
• Owner
  • The individual or team responsible for the account. This ensures accountability and supports efficient communication during investigations or audits.
• Belongs to Asset
  • Links to the corresponding asset in the Hosts Database . This establishes a relationship between the account and the associated asset, providing context for user or system activities.