[DOCS] Entity dashboard

docs/dashboards/dashboards-overview.asciidoc

@@ -11,3 +11,5 @@ include::detection-response-dashboard.asciidoc[leveloffset=+1]
 include::kubernetes-dashboard.asciidoc[leveloffset=+1]
 
 include::cloud-posture.asciidoc[leveloffset=+1]
+
+include::entity-dashboard.asciidoc[leveloffset=+1]

docs/dashboards/entity-dashboard.asciidoc

@@ -0,0 +1,57 @@
+[[detection-entity-dashboard]]
+= Entity dashboard
+
+The Entity Analytics dashboard provides a centralized view of critical entity metrics, which include hosts, users, and anomalies. Use this information to determine which emerging threats pose a higher risk to your environment so you can respond quickly. 
+
+
+.Requirements
+[sidebar]
+--
+The following is required to display the Entity Analytics dashboard: 
+
+* A https://www.elastic.co/pricing/[Platinum subscription] or higher.
+* To display host and user risk scores, the host risk score and user risk score features must be enabled. For more information, refer to Enable host risk score and <<deploy-user-risk-score, Enable user risk score>>.
+* To display notable anomalies, the following machine learning jobs need to be installed and run. You can do this directly from the dashboard's Notable anomalies table: 
+** `auth_rare_source_ip_for_a_user`
+** `suspicious_login_activity`
+** `packetbeat_dns_tunneling`
+** `packetbeat_rare_server_domain`
+** `packetbeat_rare_dns_question`
+** `v3_windows_anomalous_script`
+--
+
+
+[insert screenshot, waiting for a good one]
+
+
+The dashboard includes the following sections:
+
+* Entity KPIs 
+* Host risk scores
+* User risk scores
+* Notable anomalies 
+
+*Entity KPIs (key performance indicators)*
+
+Displays the total number of critical hosts, critical users, and anomalies. Select a link to go to the Host risk table, User risk table, or Anomaly Detection Jobs page. 
+
+*Host risk scores*
+
+Displays host risk score metrics in your environment, including the total number of hosts, the five most recently recorded host risk scores, their host name, and host risk classification. Host risk scores are calculated using a weighted sum and are on a scale of 0 to 100. Select the *Host risk classification* menu to filter the chart by the selected classification. Click a host name link to go to the Host details page, or *View all* in the upper-right to display all host risk information on the Hosts page. 
+
+
+For more information about host risk scores, click the *Learn more* link in the table, or refer to <<host-risk-score>>. 
+
+*User risk scores* 
+
+Displays user risk score metrics in your environment, including the total number of users, the five most recently recorded user risk scores, their user name, and user risk classification. Like host risk scores, user risk scores are also calculated using a weighted sum and are on a scale of 0 to 100. Select the *User risk classification* menu to filter the chart by the selected classification. Click a user name link to go to the User details page, or *View all* in the upper-right to display all user risk information on the Users page. 
+
+NOTE: The host risk and user risk score tables are not affected by the date and time range. 
+
+*Notable anomalies*
+
+Anomalies identify suspicious or irregular behavior patterns. This section displays the total number of host and user anomalies identified by six predefined machine learning jobs (anomaly name). If no counts are displayed next to a machine learning job, it is uninstalled or needs to run. Click *Run job* to run the job, or *uninstalled* to find out how to install and run the job. 
+
+
+Click *View all host anomalies* to go to the Anomalies table on the Hosts page, *View all users anomalies* to go to the Anomalies table on the Users page, or *View all* to display and manage all machine learning jobs on the Anomaly Detection Jobs page. To learn more about machine learning, refer to {ml-app}/machine-learning-intro.html[What is Elastic machine learning?]. 
+