Security Analytics Engine Overview
Introduction to the Security Analytics Engine
Launch the Administration web site (fallback)
Web site components
Plugins
Introduction to plugins
Plugins page
Available plugins
BlacklistProviderPlugin
BuiltinPlugin
GeoLocationPlugin
LdapPlugin
SonicWALLPlugin
Editing a plugin
Conditions
Introduction to conditions
Conditions page
Condition categories
Shared Policies
Application
Behavior
Adding and managing conditions
Abnormal Authentication
Abnormal Time
Associated w/ Application Category
Associated w/ Application Threat Level
Associated w/ Blacklist
Associated w/ Country
Associated w/ Malware
Authentication List
Location
Network
User
Introduction to shared risk policies
Shared risk policies
Shared Policies page
Adding and managing shared risk policies
Shared Policy wizard
Applications
Introduction to applications
Risk policies
Applications page
Adding and managing applications
Adding and managing risk policies
Adding and managing shared risk policies in an application
Auditing
Adding a shared risk policy to an application
Duplicating a shared risk policy in an application
Deleting a shared risk policy from an application
Application wizard
Introduction to auditing
Auditing page
Filtering the audit events
Configuring the retention settings
Displaying details for an individual audit event
Downloading audit events information
Adding and managing overrides on the Auditing page
Issued Alerts
Policy Overrides
Fallback Password
Managing overrides on the Policy Overrides page
From the Policy Overrides page, you can manage the overrides originally created on the Auditing page.
|
|
IMPORTANT: Policy overrides must first be created on the Auditing page by selecting specific audit events. See Auditing page for more information. |
|
|
NOTE: In cases where overrides have been disabled for a risk policy, the risk score is always reported regardless of whether there is an override in place for the user. |
|
|
IMPORTANT: Since adding an override causes the Security Analytics Engine to return a risk score of 0, alerts will not be sent for the user until the override has expired. |
See the following sections for more information:
- Editing a policy override on the Policy Overrides page
- Deleting a policy override on the Policy Overrides page
Editing a policy override on the Policy Overrides page
Policy Overrides > Managing overrides on the Policy Overrides page > Editing a policy override on the Policy Overrides page
|
|
IMPORTANT: Policy overrides must first be created on the Auditing page by selecting specific audit events. See Auditing page for more information. |
|
|
NOTE: In cases where overrides have been disabled for a risk policy, the risk score is always reported regardless of whether there is an override in place for the user. |
|
|
IMPORTANT: Since adding an override causes the Security Analytics Engine to return a risk score of 0, alerts will not be sent for the user until the override has expired. |
To edit a policy override
- From the left pane, click Policy Override.
- Select the override to edit and click Edit to open the Modify Override dialog. For information on locating a specific override, see Filtering data on the Administration web site.
- The following information is displayed for the override:
-
Last Updated By: <nn> - The username of the administrator or help desk operator that last created or modified the override.
NOTE: This field cannot be edited. -
User Name - The name of the user to whom the override applies.
NOTE: This field cannot be edited. - Browser ID - The browser ID to which the override applies.
- User Address - The IP address to which the override applies.
- Expires In - The time left before the override expires. The override must be in effect a minimum of 30 minutes.
-
- Click the Save button to save the changes to the override and close the dialog. The changes to the override are now in effect and alerting is still stopped for the user the specified expiration time.
Deleting a policy override on the Policy Overrides page
Policy Overrides > Managing overrides on the Policy Overrides page > Deleting a policy override on the Policy Overrides page
To delete a policy override
- From the left pane, click Policy Override.
- On the Policy Override page, use one of the following methods to delete a policy override:
- Click the Edit button associated with the override to open the Modify Override dialog. Click the Delete button.
-
Select an override from the table, then click the Delete Selected Overrides button.
NOTE: Use the Shift or Ctrl keys to select multiple overrides for deletion.
- A dialog displays confirming that you want to delete the selected override(s). Click the Delete button. Risk scores will now be reported and alerting will be enabled for the user.
Fallback Password
Fallback Password