|
NOTE: The BlacklistProviderPlugin is associated with this condition and provides important settings. |
Categorized as a Network condition, this type of condition always causes the risk score to increase if the access attempt originates from a blacklisted IP address. The following parameters are available:
Parameter | Description | Associated default condition |
---|---|---|
Identifier |
Enter a name for the condition. |
Dynamic Blacklist (Default) |
Description |
Enter a description for the condition. |
Dynamic blacklist sources identified the request as being from a blacklisted IP address. |
Use Blacklist Type(s) |
Select the blacklist(s) to use:
|
All Lists |
The following procedure explains how the Security Analytics Engine checks the IP address against one or more blacklists to determine if the access attempt is from a blacklisted IP address.
How the Security Analytics Engine checks for a blacklisted IP address
|
NOTE: The BuiltinPlugin is associated with this condition and provides important settings. |
Categorized as a Network condition, this type of condition determines if the request originates from a specific IP address. The following parameters are available:
Parameter | Description | Associated default condition | ||
---|---|---|---|---|
Identifier |
Enter a name for the condition. |
Whitelist (Default) | ||
Description |
Enter a description for the condition. |
Originated from a whitelisted IP address range. | ||
Risk Type Value |
Select the impact the condition will have on the risk score:
|
Can decrease risk | ||
Include Local IP Addresses |
Select this option to include all web server local host IP addresses when evaluating configured loopback addresses. |
(Selected) | ||
Subnet DefinitionsThe following fields and buttons appear in this section:
| ||||
Network IP Address |
Enter the network IP address. |
IPv4
IPv6
| ||
IP Subnet Mask |
Enter the subnet mask. |
IPv4
IPv6
| ||
Delete |
Click this button to remove the subnet definition. |
N/A | ||
Add |
Click to add additional subnet definitions to the list. |
N/A |
The following procedure explains how the Security Analytics Engine checks the IP address to determine if the access attempt is from a listed network.
How the Security Analytics Engine checks for specific networks
The Security Analytics Engine compares the IP address used in the access attempt against the list of networks. If this check returns as true (the IP address is in a listed network), the risk score is affected.
|
NOTE: If the Include Local IP Addresses parameter is selected and a loopback IP address is configured in the list, the Security Analytics Engine will also return true if the IP address used is one of the local IP addresses configured on the web server. |
The following conditions are available in the User category:
Condition type | Plugin | Default condition |
---|---|---|
Application Role (Default) | ||
Last Logon (Default) | ||
LDAP Group (Default) |
|
NOTE: The BuiltinPlugin is associated with this condition and provides important settings. |
Categorized as a User condition, this type of condition determines if the user belongs to certain application roles to increase/decrease protection for accounts with specific roles. The following parameters are available:
Parameter | Description | Associated default condition | ||
---|---|---|---|---|
Identifier |
Enter a name for the condition. |
Application Role (Default) | ||
Description |
Enter a description for the condition. |
User belongs to certain application specific roles. | ||
Risk Type Value |
Select the impact the condition will have on the risk score:
|
Can increase risk | ||
Role DefinitionsThe following field and buttons appear in this section: | ||||
Role |
Enter the name of an application specific role to check the user against. |
| ||
Delete |
Click this button to remove the corresponding role from the list of role definitions. |
N/A | ||
Add |
Click to add additional roles to the list. |
N/A |
The following procedure explains how the Security Analytics Engine checks if the user belongs to the specified role(s).
How the Security Analytics Engine checks application roles
The Security Analytics Engine checks if this access attempt is from a specified role. If this check returns as false (the account is not in a specified role or has no assigned roles), the risk score is not affected.
|
NOTE: In cases where a user has multiple roles, each role is checked to see if it corresponds with any of the roles specified in the Application Roles condition. |
© ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center