サポートと今すぐチャット
サポートとのチャット

Security Analytics Engine 1.1 - User Guide

Security Analytics Engine Overview Plugins Conditions Shared Policies Applications Auditing Issued Alerts Policy Overrides Fallback Password Security Settings Glossary

BlacklistProviderPlugin

Maximum Audit Records - This is the maximum number of blacklist records to list in the details of an audit record. By default, this is 10 audit records. The maximum number of records that can be returned is 20.
SecureWorks Portal Token - SecureWorks customers need to enter their SecureWorks issued portal token into this field to enable the SecureWorks blacklist. When this field is empty, the SecureWorks blacklist is disabled.
Update Frequency (Minutes) - This is how often the Security Analytics Engine will connect to SecureWorks to update the blacklist. By default, this is 1440 minutes. The maximum update frequency is 9999 minutes.
List ID - This is the ID of the specific SecureWorks blacklist to retrieve. By default, this is -1.
Provider URL - https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist
Provider URL - https://palevotracker.abuse.ch/blocklists.php?download=ipblocklist
Provider URL - https://feodotracker.abuse.ch/blocklist/?download=ipblocklist
Provider URL - https://feodotracker.abuse.ch/blocklist/?download=badips
Provider URL - https://www.openbl.org/lists/base.txt
Provider URL - http://rules.emergingthreats.net/blockrules/compromised-ips.txt
Provider URL - http://lists.blocklist.de/lists/all.txt
Provider URL - http://lists.blocklist.de/lists/strongips.txt
Click Add to display the following fields:
Provider URL - The URL used to retrieve the text blacklist (for example, http://localhost/sampleblacklist.txt)
Provider Name - The name of the text list provider.
Update Frequency (Minutes) - This is how often the Security Analytics Engine will connect to the provider to update the text blacklist. The maximum update frequency is 9999 minutes.
Comment Start Pattern - In order to ignore comments in the text file, enter the character used to distinguish the comments from the blacklist items (for example, #).
Enabled - Select this check box to enable the text blacklist for use by the Security Analytics Engine.
Delete - Click this button to remove the custom blacklist.
After making changes to the plugin, click the Validate button in the lower right corner to check that the configuration is valid.

BuiltinPlugin

Maximum Days Tracking - This specifies the number of days to keep the tracking data. By default, this is 30 days. The maximum number of days tracking data can be retained is 365 days.
Click Add to display the following fields:
URN - This is the uniform resource name.
Display Name - This is the display name for the authentication method.
Delete - Click this button to remove the custom authentication method.
After making changes to the plugin, click the Validate button in the lower right corner to check that the configuration is valid.

GeoLocationPlugin

Maximum Days Tracking - This specifies the number of days to track the location data. By default, this is 30 days. The maximum number of days tracking data can be retained is 365 days.
Click Add to display the following fields:
IP Address - This is for configuring an IPv4 or IPv6 address.
IP Subnet Mask - This is for configuring the optional IPv4 or IPv6 subnet mask.
Enable - Select this check box to enable the configured VPN network definition.
Delete - Click this button to remove the VPN network.
After making changes to the plugin, click the Validate button in the lower right corner to check that the configuration is valid.

LdapPlugin

Server - This is the name (or IP address) of the LDAP server, Active Directory® domain or the domain controller to which the Security Analytics Engine will connect. If the field is left empty, the domain controller of the current Active Directory domain is used.
Port - This is the TCP/IP port of the LDAP server. Active Directory uses ports 389 for LDAP and 3268 for Global Catalog. By default this is set to use port 389.
User Name - Enter the user name to use for connecting to the LDAP or Active Directory server.
Password - Enter the password for the specified user.
Base DN - This is the Base DN value for the LDAP server (e.g., dc=example, dc=com). If left empty, the Security Analytics Engine will attempt to automatically detect the Base DN.
After making changes to the plugin, click the Validate button in the lower right corner to test the configuration.
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択