The Observations page lets you see interesting or suspicious activity in your environment that does not always reach the importance of generating an alert.
This page lets you search through the stream of notable activities on one or more devices; you can avoid researching all the raw events that are reported by every asset. This page provides a convenient means by which to perform a sweeping search across all your organization's assets.
Observations are the noteworthy, searchable findings across your whole fleet. They complement raw events on Process Analysis page. Not every observation has corresponding raw events; not every observation is truly suspicious.
A smaller subset of observed events are further elevated to Alert status.
Observations are therefore the middle layer of suspicious events.