サポートと今すぐチャット
サポートとのチャット

Security Analytics Engine 1.0 - User Guide

Sample Application

A sample application (Sample Application) and risk policy (Sample) are added upon installation of the Security Analytics Engine. These function as both an example of how to configure your own applications and a starting point as you begin to create risk policies. For that reason, the sample application can be reconfigured to direct to an actual application and the sample risk policy edited to fit this new application.
The following settings are used in the Sample Application and Sample risk policy:
Table 11. Sample Application settings
Field
Setting
Application Name
Application Description
This is a sample application.
Client API ID
Demo Client
Client API Secret
<nn> (A 34-character secret)
Policies
Sample
Table 12. Sample risk policy settings
Field
Setting
Policy Name
Sample
Description
Sample Policy
Disable policy override
(Cleared)
Bad Conditions
These conditions will increase a risk score when triggered. See Condition types for information on the settings within these conditions.
Dynamic Blacklist (Default)
Major Threat.
Abnormal Time (Default)
1
Abnormal Location (Default)
2
Abnormal Browser (Default)
1
Restricted Country (Default)
Major Threat.
Good Conditions
These conditions will decrease a risk score when triggered. See Condition types for information on the settings within these conditions.
Whitelist (Default)
Safe.
Approved Country (Default)
0

Adding and managing applications

Adding a new application
To add a new application:
1
On the Applications page, click the button to open the Add Application dialog.
2
In the Application Name field, enter a unique display name for the application. This name is only used within the Administration web pages.
3
(Optional) In the Application Description field, enter a brief description of the application. This description is only used within the Administration web pages.
4
In the Client API ID field, specify the client’s API ID. The API ID cannot be a used again for another application.
5
In the Client API Secret field, click the button to display the text of the API secret.
6
(Optional) To change the client API’s secret, click the Generate New button.
7
The Policies section of the Add Application dialog is used for adding and managing the risk policies assigned to the application. To add a new risk policy, click the button to open the Add Policy dialog.
8
In the Policy Name field, enter a unique name for the risk policy.
9
(Optional) In the Description field, enter a description for the risk policy.
10
(Optional) Select the Disable policy override check box to disable overrides for this risk policy.
11
Click the button in the upper right corner to open the Select conditions to monitor dialog.
12
Use the tabs located at the top of the dialog to view the available types of conditions organized by their influence on the risk score:
Bad Conditions - These conditions increase a risk score when triggered.
Good Conditions - These conditions decrease a risk score when triggered.
13
Select a condition type from the left column to display the specific conditions available for that type of condition in the right column.
14
Select a check box in the right column (located to the left of a condition name) to add the corresponding condition to the risk policy.
15
Repeat Step 12 to Step 14 until you have selected all the conditions to apply to the risk policy.
Multiple conditions of the same type are allowed in a risk policy and are useful for adding levels of risk to a type of condition. For example, one Abnormal Browser condition can increase a risk score if the browser was unused for 15 days while a second Abnormal Browser condition can further increase the risk score if the browser was unused for 30 days. If a browser that has not been used in over 30 days is used for access, both will be triggered causing both assigned scores to be added to the risk score.
* 
NOTE: To help you keep track of the conditions selected for a risk policy, if a selection has been made in the right column, a dot appears to the left of the condition type in the left column. If no conditions are selected for a condition type then no dot appears.
16
Click the OK button to close the dialog.
17
The Edit Policy dialog displays the selected conditions according to their effect on the risk score. Each condition has a slider associated with it that is used to assign a score to the condition. For Bad Conditions the slider will raise the risk score when the condition is triggered during an access attempt, while Good Conditions will lower the risk score when triggered.
* 
NOTE: Hovering over a condition will display a button. Clicking this button will display the condition’s description.
Bad Conditions - Move the slider from left to right to increase the score between 0 (ignores the condition) and Major Threat (increases the risk score by 1000).
Good Conditions - Move the slider from right to left to decrease the score between 0 (ignores the condition) and Safe (decreases the risk score by 100).
18
(Optional) To preview possible risk scores and threat levels that can occur for the risk policy, click the button in the upper right corner of the dialog to enable Preview Mode. Edits to the condition scores are allowed while preview mode is active.
Select any of the check boxes to the left of a condition to preview what risk score and threat level will occur should the selected conditions be triggered during an access attempt.
The following fields at the top of the dialog will update as conditions are selected:
Real sum of conditions - This field displays the risk score that would occur if all selected conditions were triggered.
Threat level reported - This field displays the threat level that the Security Analytics Engine would send to the application if all selected conditions are triggered. The highest reportable threat level is 7.
* 
NOTE: Depending on the conditions selected, the Real sum of conditions and Threat level reported fields may display different numbers. This occurs when the total possible risk score is higher or lower than the values that can be reported as a threat level (0-7).
For example, if a selected condition is assigned a score of Major Threat the value of the Real sum of conditions will be 1000. However, the Security Analytics Engine will only send the application the highest reportable threat level (7) which is displayed in the Threat level reported field.
Click the button to close preview mode.
19
Once each condition has been assigned a score, click Save to save the risk policy and return to the Add Application dialog.
20
Repeat Step 7 to Step 19 if additional policies are needed for an application.
21
Click the Save button on the Add Application dialog to save the application and return to the Applications page.
Managing applications
After an application is added, it appears on the Applications page where it can be edited or deleted.
To edit an application:
1
On the Applications page, select the application to edit.
2
Click the button to open the Edit Application dialog.
3
After making edits, click Save to save the changes and close the dialog.
To delete an application:
1
On the Applications page, select the application to delete.
2
Click the button to delete the application.
3
A dialog is displayed confirming that you want to remove the application and its associated risk policies from the Security Analytics Engine. Click the Delete button.

Adding and managing risk policies

After an application had been added, it appears on the Applications page with the associated risk policies listed in the Policies column. It is the responsibility of the client application to determine which policy to evaluate during access attempts.

Adding a new risk policy

To add a new risk policy:
1
On the Applications page, select the application which will use the new policy.
2
Click the button to open the Edit Application dialog.
3
The Policies section of the Edit Application dialog is used for adding and managing the risk policies assigned to the application. To add a new risk policy, click the button to open the Add Policy dialog.
4
In the Policy Name field, enter a unique name for the risk policy.
5
(Optional) In the Description field, enter a description for the risk policy.
6
(Optional) Select the Disable policy override check box to disable overrides for this risk policy.
7
Click the button in the upper right corner to open the Select conditions to monitor dialog.
8
Use the tabs located at the top of the dialog to view the available types of conditions organized by their influence on the risk score:
Bad Conditions - These conditions increase a risk score when triggered.
Good Conditions - These conditions decrease a risk score when triggered.
9
Select a condition type from the left column to display the specific conditions available for that type of condition in the right column.
10
Select a check box in the right column (located to the left of a condition name) to add the corresponding condition to the risk policy.
11
Repeat Step 8 to Step 10 until you have selected all the conditions to apply to the risk policy.
Multiple conditions of the same type are allowed in a risk policy and are useful for adding levels of risk to a type of condition. For example, one Abnormal Browser condition can increase a risk score if the browser was unused for 15 days while a second Abnormal Browser condition can further increase the risk score if the browser was unused for 30 days. If a browser that has not been used in over 30 days is used for access, both conditions will be triggered causing both assigned scores to be added to the risk score.
* 
NOTE: To help you keep track of the conditions selected for a risk policy, if a selection has been made in the right column, a dot appears to the left of the condition type in the left column. If no conditions are selected for a condition type then no dot appears.
12
Click the OK button to close the dialog.
13
The Edit Policy dialog displays the selected conditions according to their effect on the risk score. Each condition has a slider associated with it that is used to assign a score to the condition. For Bad Conditions the slider will raise the risk score when the condition is triggered during an access attempt, while Good Conditions will lower the risk score when triggered.
* 
NOTE: Hovering over a condition will display a button. Clicking this button will display the condition’s description.
Bad Conditions - Move the slider from left to right to increase the score between 0 (ignores the condition) and Major Threat (increases the risk score by 1000).
Good Conditions - Move the slider from right to left to decrease the score between 0 (ignores the condition) and Safe (decreases the risk score by 100).
14
(Optional) To preview possible risk scores and threat levels that can occur for the risk policy, click the button in the upper right corner of the dialog to enable Preview Mode. Edits to the condition scores are allowed while preview mode is active.
Select any of the check boxes to the left of a condition to preview what risk score and threat level will occur should the selected conditions be triggered during an access attempt.
The following fields at the top of the dialog will update as conditions are selected:
Real sum of conditions - This field displays the risk score that would occur if all selected conditions were triggered.
Threat level reported - This field displays the threat level that the Security Analytics Engine would send to the application if all selected conditions are triggered. The highest reportable threat level is 7.
* 
NOTE: Depending on the conditions selected, the Real sum of conditions and Threat level reported fields may display different numbers. This occurs when the total possible risk score is higher or lower than the values that can be reported as a threat level (0-7).
For example, if a selected condition is assigned a score of Major Threat the value of the Real sum of conditions will be 1000. However, the Security Analytics Engine will only send the application the highest reportable threat level (7) which is displayed in the Threat level reported field.
Click the button to close preview mode.
15
Once each condition has been assigned a score, click Save to save the risk policy and return to the Edit Application dialog.
16
Click the Save button on the Edit Application dialog to save the application and return to the Applications page.
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択