Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Security Analytics Engine 1.2 - User Guide

Security Analytics Engine Overview Plugins Conditions Shared Policies Applications Auditing Issued Alerts Policy Overrides Fallback Password

Condition categories

Conditions are used to define how the information stored and retrieved by a plugin is used by an application. The Security Analytics Engine provides a selection of default conditions which are usable by risk policies without requiring additional configuration. You can also create customizable conditions of any type (see Creating a new condition).

There are five condition categories available in the Security Analytics Engine:

Application

The following condition is available in the Application category:

Table 3: Application condition
Condition type Plugin Default condition

Abnormal Browser

BuiltinPlugin

Abnormal Browser (Default)

Abnormal Browser

NOTE: The BuiltinPlugin is associated with this condition and provides important settings.

Categorized as an Application condition, this type of condition always causes the risk score to increase if the browser is determined to be abnormal. The following parameters are available:

Table 4: Abnormal Browser parameters
Parameter Description Associated default condition

Identifier

Enter a name for the condition.

Abnormal Browser (Default)

Description

Enter a description for the condition.

Browser considered abnormal for the user.

Days To Check

The number of days to check for the browser ID. For example, if set to 3 the data from the last three days is used for comparison. A maximum of 365 days can be checked.

30

Checking for an abnormal browser

The following procedure explains how the Security Analytics Engine checks the browser attempting to access an application to determine if it is an abnormal browser for the user.

How the Security Analytics Engine checks for an abnormal browser

  1. A user attempts to access an application that uses an Abnormal Browser condition type to check for abnormal browsers.
  2. The Security Analytics Engine checks if this access attempt is from a browser not used by the user within the time period specified by the condition. If this check returns as false (it is a previously used browser), the browser is considered normal and the risk score is not affected.
  3. If this check returns as true (the browser was not previously used within the specified time period), the browser is considered abnormal and the risk score is increased.

Behavior

The following conditions are available in the Behavior category:

Table 5: Behavior conditions
Condition type Plugin Default condition(s)

Abnormal Authentication

BuiltinPlugin

Abnormal Authentication (Default)

Abnormal Time

BuiltinPlugin

Abnormal Time (Default)

Associated w/ Application Category

SonicWALLPlugin

Associated w/ Application Category (Default)

Associated w/ Application Threat Level

SonicWALLPlugin

Associated w/ Application Threat Level (Default)

Associated w/ Blacklist

SonicWALLPlugin

Associated w/ Blacklist (Default)

Associated w/ Country

SonicWALLPlugin

Associated w/ Country (Default)

Associated w/ Malware

SonicWALLPlugin

Associated w/ Malware (Default)

Authentication List

BuiltinPlugin

Weak Authentication (Default)

Strong Authentication (Default)

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation