Entities of Interest Panel

The Entities of interest sub-panel of an investigation stores the entities that the analyst has observed and considered important, or relevant to annotate for future consultation. That is why this resource is used as a repository for items that can be accessed quickly, which also acts as a history showing the direction that the investigation is taking.

Access the Entities of Interest Panel

In the top menu, select Investigations. Select an investigation. Select the Details tab. Find the Entities of interest sub-panel at the bottom left of the page.

The entities in the panel are grouped by type. Click a group title to show or hide the group entities.

Types of Entities of Interest

Each entity of interest has a type associated with it, which you select when you mark and entity as an entity of interest:

Name	Description
Computer	MUID of the investigated computer.
Client	Name and identifier of the client to which the investigated computer belongs. If the account with which you are accessing the web console does not have sufficient permissions, only the identifier is shown.
User	User account that ran the program on the investigated computer.
File hash	Hash of the file stored on the investigated computer.
IP	IP address of the investigated computer.
Port	Port used by the process run on the investigated computer.
Domain	Domain belonging to the communication established from/to the investigated computer.
URL	Web address accessed from the investigated computer.
File path	Path to the file in the investigated computer file system.
File name	Hash of the file stored on the investigated computer.
Types of entities of interest

The data type you assign to an entity determines the actions that Cytomic Orion can take on the entity. Therefore, it is very important that analysts assign the entity type correctly.