Chat now with support

Live-Hilfe anfordern
Registrierung abschließen

Anmelden

Preisinformationen anfragen

Vertrieb kontaktieren

Security Analytics Engine 1.1 - User Guide

Inhaltsnavigation

Security Analytics Engine Overview

Introduction Launch the Security Analytics Engine Administration web site Web site components

Heading bar Main web pages Navigating the Security Analytics Engine Administration web site Filter data

Introduction Plugins page Plugins

BlacklistProviderPlugin BuiltinPlugin GeoLocationPlugin LdapPlugin SonicWALLPlugin

Editing plugins

Introduction Conditions page Condition categories

Abnormal Browser

Abnormal Authentication Abnormal Time Associated w/ Application Category Associated w/ Application Threat Level Associated w/ Blacklist Associated w/ Country Associated w/ Malware Authentication List

Abnormal Location Country List

Dynamic Blacklist Network List

Role List Last Logon LDAP Group

Adding and managing conditions

Creating a new condition Managing conditions

Shared Policies

Introduction Shared risk policies Shared Policies page Adding and managing shared risk policies

Adding a new shared risk policy Managing shared risk policies

Shared Policy wizard

Introduction Risk policies Applications page

Sample Application

Adding and managing applications

Adding a new application Managing applications

Adding and managing risk policies

Adding a new risk policy Managing risk policies Managing shared risk policies in an application

Application wizard

Introduction Auditing page

Filtering options Retention settings option Audit Events table Event details Download options

Filtering the audit events Configuring the retention settings Displaying details for an individual audit event Downloading audit events information Adding and managing overrides on the Auditing page

Adding a policy override Managing a policy override

Introduction Issued Alerts page

Filtering options Issued Alerts table

Filtering the issued alerts

Policy Overrides

Introduction Policy Overrides page Managing overrides on the Policy Overrides page

Fallback Password

Introduction Fallback Administrator Password page

Security Settings

Introduction Security wizard

Adding new authentication providers

Security wizard pages

Security Analytics Engine Overview

•

•

Launch the Security Analytics Engine Administration web site

•

Web site components

Introduction

The Security Analytics Engine from Dell™ provides an additional level of security that can be customized to fit the needs of every application. The Security Analytics Engine works by monitoring users and browsers to ensure they are not accessing applications from locations, networks, etc. that are potentially unsafe, thus reducing the threat of a malicious user or browser gaining access to your application.

How the Security Analytics Engine works

When a user attempts to access an application which uses the Security Analytics Engine, they are evaluated by a customizable risk policy to determine the risk of allowing the user access. Each risk policy is made up of conditions and modifiers which have assigned scores. For each access attempt these conditions and their associated modifiers are evaluated individually, and a single risk score is then calculated using all of the condition scores.

For example, a user could log into an application using an abnormal browser while also using a weak method of authentication. The risk policies allow you to take these two types of behavior into account by letting you apply modifiers to conditions in cases where additional circumstances may affect the risk from a triggered condition. The conditions are assigned a condition score and the modifiers are then able to increase or lessen that condition score if they are triggered at the same time. So in this case, by triggering both the abnormal browser condition and its associated weak authentication modifier, the configured condition score is further increased due to the modifier.

A condition can also have no impact on a risk score when triggered if there is a modifier applied which is configured to cancel out the condition score. If the user using an abnormal browser is also on a configured whitelist, the whitelist modifier could be applied to have a zeroing effect on both the condition it is associated with and any other modifiers that are also triggered. Assuming no other conditions are triggered, this would cause a risk score of 0 for the access attempt.

The Security Analytics Engine also allows you to include conditions without modifiers associated with them. For example, the earlier access attempts probably would not be as much of a security threat as someone that logs in from an IP address that is associated with malware. Configuring a risk policy to give the highest risk score to potential malware infected access attempts means that even if the user appears on a whitelist being used as a modifier to negate a different condition they will still receive the highest risk score.

The risk score that is calculated for each access attempt is then sent to the application which uses the risk score to determine whether to allow access, request additional authentication information from the user before allowing access, or deny access. A user may also contact a help desk operator for further assistance if they are unable to access an application due to a high risk score.


	NOTE: Help desk operators should see the Security Analytics Engine Help Desk User Guide for more information.

Launch the Security Analytics Engine Administration web site

You can access the Security Analytics Engine Administration web site from any computer that has network access to the server.

To launch the fallback login page of the Security Analytics Engine Administration web site


	NOTE: The first time the Security Analytics Engine Administration web site is launched, you are prompted to create a fallback password that is required for all future fallback logins. The fallback password can later be changed using the Fallback Password page of the Security Analytics Engine Administration web site. Once logged in using the fallback password, the Security Analytics Engine can be configured to accept Active Directory® or LDAP credentials from the Security Settings page of the Administration web site.

1

Open your web browser and enter the URL for the fallback login page of the Security Analytics Engine Administration web site:

https://<server>/SecurityAnalyticsEngine/Fallback


	NOTE: Where <server> is the IP address or host name (or ‘localhost’) of the server where you installed the Security Analytics Engine.

2

When the web site is launched, enter the fallback password in the Password field.

3

Click Log in.

4

The Home page of the Security Analytics Engine Administration web site appears.

To launch the Security Analytics Engine Administration web site


	NOTE: Once the Security Analytics Engine has been configured to accept Active Directory or LDAP credentials from the Security Settings page of the Administration web site, the following procedure is used for non-fallback logins.

1

Open your web browser and enter the URL of the Security Analytics Engine Administration web site:

https://<server>/SecurityAnalyticsEngine


	NOTE: Where <server> is the IP address or host name (or ‘localhost’) of the server where you installed the Security Analytics Engine.

2

When the web site is launched, enter your username and password.

3

(Optional) Select the Keep me logged in check box to remain logged in to the Security Analytics Engine Administration web site until the Log Out option is selected.

4

Click Log in.

5

The Home page of the Security Analytics Engine Administration web site appears.

Web site components

The Security Analytics Engine Administration web site consists of the following components allowing you to navigate and use the Security Analytics Engine Administration web site.

•

•

•

Navigating the Security Analytics Engine Administration web site

•

Self-Service-Tools: Knowledge Base; Benachrichtigungen und Warnmeldungen; Produkt-Support; Software-Downloads; Technische Dokumentationen; Benutzerforen; Videoanleitungen; RSS Feed

Kontakt: Unterstützung bei der Lizenzierung; Technische Support; Alle anzeigen

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen

© 2025 One Identity LLC. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center