Sample Application
A sample application (Sample Application) and risk policy (Sample) are added upon installation of the Security Analytics Engine. These function as both an example of how to configure your own applications and a starting point as you begin to create risk policies. For that reason, the sample application can be reconfigured to direct to an actual application and the sample risk policy edited to fit this new application.
The following settings are used in the Sample Application and Sample risk policy:
| Field | Setting |
|---|---|
|
Application Name |
Sample Application |
|
Application Description |
This is a sample application. |
|
Client API ID |
Demo Client |
|
Client API Secret |
<nn> (A 34-character secret) |
|
Policies |
Sample |
| Field | Setting |
|---|---|
|
Policy Name |
Sample |
|
Description |
Sample Policy |
|
Disable Policy Override |
(Cleared) |
Alerting | |
|
Notify Admin |
(Cleared) |
|
Notify User |
(Cleared) |
|
Alert When |
Always |
|
Scores <nn> Or More. |
(Cleared) |
| The following conditions are configured for the Sample risk policy. See Condition categories for information on the settings within these conditions. | |
Application | |
|
Abnormal Browser (Default) |
20% Modifiers:
|
Behavior | |
|
Abnormal Authentication (Default) |
20% Modifiers
|
|
Abnormal Time (Default) |
20% Modifiers
|
|
Associated w/ Blacklist (Default) |
90% |
|
Associated w/ Country (Default) |
70% |
|
Associated w/ Malware (Default) |
90% |
|
Associated w/ Application Threat Level (Default) |
60% |
|
Associated w/ Application Category (Default) |
30% |
|
Weak Authentication (Default) |
20% Modifiers:
|
Location | |
|
Restricted Country (Default) |
70% |
|
Abnormal Location (Default) |
20% Modifiers:
|
Network | |
|
Dynamic Blacklist (Default) |
90% |
User | |
|
Application Role (Default) |
10% Modifiers:
|
|
LDAP Group (Default) |
10% Modifiers:
|
|
Last Logon (Default) |
30% |
Adding and managing applications
In order for an application to connect with the Security Analytics Engine, it must first be configured on the Applications page. Once an application has been added, it can be assigned risk policies, send alerts due to high scores, and audit event information can be collected. See the following sections for more information:
Adding a new application
To add a new application
- On the Applications page, click the
button to open the Add Application dialog.
- In the Application Name field, enter a unique display name for the application. This name is only used within the Administration web pages.
- (Optional) In the Application Description field, enter a brief description of the application. This description is only used within the Administration web pages.
- In the Client API ID field, specify the client’s API ID. The API ID cannot be a used again for another application.
- (Optional) In the Client API Secret field, click the
button to display the text of the API secret.
- (Optional) To change the client API’s secret, click the Generate New button.
- The Policies section of the Add Application dialog is used for adding and managing the risk policies associated with an application. Although client applications use only one risk policy at a time for evaluating access attempts, multiple risk policies can be associated with an application to create individual alerts for when specific conditions are triggered during an access attempt (for more information, see Risk policies). The following options are available for adding risk policies to an application:
-
To add a shared risk policy, see Adding a shared risk policy to an application.
NOTE: Shared risk policies can only be viewed, duplicated and selected for use by an application on the Applications page. The creation and management of shared risk policies is done through the Shared Policies page. See Adding and managing shared risk policies for more information. - To add a new risk policy, see Adding a new risk policy.
-
- Once you have finished creating or adding any desired risk policies, click the Save button on the Add Application dialog to save the application and return to the Applications page.
Editing an application
After an application is added, it appears on the Applications page where it can be edited.
To edit an application
- On the Applications page, select the application to edit.
- Click the
button to open the Edit Application dialog.
- After making edits, click Save to save the changes and close the dialog.