|
NOTE: The LdapPlugin is associated with this condition and provides important settings. |
Categorized as a User condition, this type of condition always causes the risk score to increase if the user has not logged in within the specified number of days. The following parameters are available:
Parameter | Description | Associated default condition | ||
---|---|---|---|---|
Identifier |
Enter a name for the condition. |
Last Login (Default) | ||
Description |
Enter a description for the condition. |
Active Directory user account has not logged in within a set number of days. | ||
Days To Check |
The number of days to check for the Active Directory user. A maximum of 365 days can be checked. The minimum number of days is dependent upon the ms-DS-Logon-Time-Sync-Interval attribute which controls how frequently the domain updates the data which is then utilized by the LdapPlugin. By default this domain attribute is set to 14 days, in which case the value entered into this field would need to be between 14 to 365 days. If necessary, previously created conditions will automatically update to be within the acceptable range should the domain attribute be reconfigured.
|
30 | ||
Include Never Logged On |
Select this check box to consider users that have never before logged on to have failed the Days to Check parameter.
|
(Selected) |
The following procedure explains how the Security Analytics Engine checks if the Active Directory user logged in within the set number of days.
How the Security Analytics Engine checks an Active Directory account for last logon activity
If the check returns as true (the account has not logged in within the time period), the risk score is affected.
|
NOTE: If the Include Never Logged On check box is selected, a first time login for an Active Directory user account will automatically return true. |
|
NOTE: The LdapPlugin is associated with this condition and provides important settings. |
Categorized as a User condition, this type of condition determines if the request originates from a user belonging to a certain LDAP Group in order to increase or decrease protection for accounts of certain groups. The following parameters are available:
Parameter | Description | Associated default condition | ||
---|---|---|---|---|
Identifier |
Enter a name for the condition. |
LDAP Group (Default) | ||
Description |
Enter a description for the condition. |
User identified as belonging to a certain LDAP group. | ||
Risk Type Value |
Select the impact the condition will have on the risk score:
|
Can increase risk | ||
Ldap GroupsThe following field and buttons appear in this section: | ||||
Group Name |
Select the LDAP group name(s) from the drop-down menu to test for membership. |
(Default LDAP groups are dependent upon on the groups currently available in the domain) | ||
Delete |
Click this button to remove the corresponding LDAP group from the list. |
N/A | ||
Add |
Click to add additional LDAP groups to the list. |
N/A |
The following procedure explains how the Security Analytics Engine checks if an access attempt is from a user belonging to a configured LDAP group.
How the Security Analytics Engine checks for an LDAP group member
Although a set of default conditions is available with the Security Analytics Engine, each condition is customizable in order to accommodate the needs of any application. See the following sections for more information:
All default conditions can be viewed on the Conditions page, and non-default conditions can be edited or deleted.
To view a default condition
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Términos de uso Privacidad Cookie Preference Center