|
NOTE: This condition is associated with the SonicWALLPlugin type which requires that the Security Analytics Engine Installer - SonicWALL Processor Service.msi and SonicWALL firewall be installed and configured. See the Security Analytics Engine SonicWALL Configuration Guide for more information. |
|
NOTE: The SonicWALLPlugin is associated with this condition and provides important settings |
Categorized as a Behavior condition, this type of condition always causes the risk score to increase if the user or IP address is associated with a blacklist. The following parameters are available:
Parameter | Description | Associated default condition |
---|---|---|
Identifier |
Enter a name for the condition. |
Associated w/ Blacklist (Default) |
Description |
Enter a description for the condition. |
Blacklist association detected for the user or IP address. |
Days To Check |
The number of days to check for blacklist association. A maximum of 365 days can be checked. |
7 |
Minimum Count |
The minimum number of times activity associated with a blacklist has been detected per day. This must be a value between 1 to 9999. |
1 |
Minimum Days |
The minimum number of days that meet the Minimum Count criteria. A maximum of 365 days can be entered. The number of days entered must be equal to or lower than the Days To Check parameter. |
1 |
Use Blacklist Type(s) |
Select the blacklist(s) to use:
|
All Lists |
The following procedure explains how the Security Analytics Engine checks the username and IP address attempting to access an application for a blacklist association.
How the Security Analytics Engine checks for blacklist association
A user attempts to access an application that uses an Associated w/ Blacklist condition type to check if the username or IP address is associated with a blacklist.
|
NOTE: If there is no user ID or IP address available, or the IP address is in a configured DynamicNetwork range, checking the selected blacklists is not relevant. Therefore, the request is considered not associated with a blacklist and the risk score is not affected. |
|
NOTE: This condition is associated with the SonicWALLPlugin type which requires that the Security Analytics Engine Installer - SonicWALL Processor Service.msi and SonicWALL firewall be installed and configured. See the Security Analytics Engine SonicWALL Configuration Guide for more information. |
|
NOTE: The SonicWALLPlugin is associated with this condition and provides important settings. |
Categorized as a Behavior condition, this type of condition always causes the risk score to increase if the user or IP address is associated with malware in a specified country. The following parameters are available:
Parameter | Description | Associated default condition | ||
---|---|---|---|---|
Identifier |
Enter a name for the condition. |
Associated w/ Country (Default) | ||
Description |
Enter a description for the condition. |
User or IP address identified as being associated with activity in specific countries. | ||
Days To Check |
The number of days to check for country association. A maximum of 365 days can be checked. |
7 | ||
Minimum Count |
The minimum number of times activity in a listed country has been detected per day. This must be a value between 1 to 9999. |
1 | ||
Minimum Days |
The minimum number of days that meet the Minimum Count criteria. A maximum of 365 days can be entered. The number of days entered must be equal to or lower than the Days To Check parameter. |
1 | ||
Country |
From the drop-down list of countries, select the check box for each country that is considered high risk if a user or IP address is associated with activity in the country. |
3 item(s) selected - Iran, Islamic Republic of; Sudan; Syrian Arab Republic
|
The following procedure explains how the Security Analytics Engine checks the user and IP address attempting to access an application for an association with activity in a specified country.
How the Security Analytics Engine checks for country association
A user attempts to access an application that uses an Associated w/ Country condition type to check if the username or IP address is associated with activity in a specified country.
|
NOTE: If there is no user ID or IP address available, or the IP address is in a configured DynamicNetwork range, checking for country association is not relevant. Therefore, the request is considered not associated with activity and the risk score is not affected. |
|
NOTE: This condition is associated with the SonicWALLPlugin type which requires that the Security Analytics Engine Installer - SonicWALL Processor Service.msi and SonicWALL firewall be installed and configured. See the Security Analytics Engine SonicWALL Configuration Guide for more information. |
|
NOTE: The SonicWALLPlugin is associated with this condition and provides important settings. |
Categorized as a Behavior condition, this type of condition always causes the risk score to increase if the user or IP address is associated with malware. The following parameters are available:
Parameter | Description | Associated default condition |
---|---|---|
Identifier |
Enter a name for the condition. |
Associated w/ Malware (Default) |
Description |
Enter a description for the condition. |
User or IP address identified as being associated with malware detection. |
Days To Check |
The number of days to check for malware association. A maximum of 365 days can be checked. |
7 |
Minimum Count |
The minimum number of times malware has been detected. This must be a value between 1 to 9999. |
1 |
The following procedure explains how the Security Analytics Engine checks the username and IP address attempting to access an application for an association with malware.
How the Security Analytics Engine checks for malware association
A user attempts to access an application that uses an Associated w/ Malware condition type to check if the username or IP address is associated with malware.
|
NOTE: If there is no user ID or IP address available, or the IP address is in a configured DynamicNetwork range, checking for malware is not relevant. Therefore, the request is considered not associated with malware and the risk score is not affected. |
|
NOTE: The BuiltinPlugin is associated with this condition and provides important settings. |
Categorized as a Behavior condition, this type of condition determines the method of authentication used for access. The following parameters are available:
Parameter | Description | Associated default conditions | ||
---|---|---|---|---|
Identifier |
Enter a name for the condition. |
Weak Authentication (Default) Strong Authentication (Default) | ||
Description |
Enter a description for the condition. |
Weak Authentication (Default)
Strong Authentication (Default)
| ||
Risk Type Value |
Select the impact the condition will have on the risk score:
|
Weak Authentication (Default)
Strong Authentication (Default)
| ||
Authentication Definitions |
From the drop-down list, select the check box to the left of an authentication method to check for it during an access attempt. |
Weak Authentication (Default)
Strong Authentication (Default)
|
The following procedure explains how the Security Analytics Engine checks the method of authentication used during an access attempt.
How the Security Analytics Engine checks for an authentication method
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Términos de uso Privacidad Cookie Preference Center