지금 지원 담당자와 채팅
지원 담당자와 채팅

Security Analytics Engine 1.1 - User Guide

Security Analytics Engine Overview Plugins Conditions Shared Policies Applications Auditing Issued Alerts Policy Overrides Fallback Password Security Settings Glossary

Conditions page

The Conditions page is displayed when Conditions is clicked on the Home page of the Security Analytics Engine Administration web page.
The following buttons appear on the top left of this page:
This button is used for creating a duplicate of an existing condition.
This button is used for previewing a default condition.
* 
NOTE: This button is replaced by the button when a duplicate condition is selected from the table.
This button is used for editing and/or viewing a duplicate condition.
* 
NOTE: This button replaces the button when a duplicate condition is selected from the table.
This button is used for deleting a non-default condition.
The following information is displayed for each condition:
, , or
These icons indicate the affect a condition will have on a risk score. The icon is displayed next to conditions which increase a risk score, whereas the icon is displayed next to conditions which decrease a risk score (and thus can only be used as modifiers in a risk policy). Certain conditions can also be configured to either increase or decrease a risk score depending on how they are used within the risk policy. These types of conditions use the icon.
Name
This column displays the name of the condition.
Type
This column displays the type of condition.
Category
This column displays the category for each condition.
Description
This column displays a description of the condition.

Condition categories

Conditions are used to define how the information stored and retrieved by a plugin is used by an application. The Security Analytics Engine provides a selection of default conditions which are usable by risk policies without requiring additional configuration. You can also create customizable conditions of any type (see Creating a new condition).
There are five condition categories available in the Security Analytics Engine:
Application
Behavior
Location
Network
User

Application

The following condition is available in the Application category:
Table 3. Application condition
Condition type
Plugin
Default condition
Abnormal Browser
BuiltinPlugin
Abnormal Browser (Default)

Abnormal Browser

* 
NOTE: The BuiltinPlugin is associated with this condition and provides important settings.
Categorized as an Application condition, this type of condition always causes the risk score to increase if the browser is determined to be abnormal. The following parameters are available:
Table 4. Abnormal Browser parameters
Parameter
Description
Associated default condition
Identifier
Enter a name for the condition.
Abnormal Browser (Default)
Description
Enter a description for the condition.
Browser considered abnormal for the user.
Days To Check
The number of days to check for the browser ID. For example, if set to 3 the data from the last 3 days is used for comparison. A maximum of 365 days can be checked.
30
Checking for an abnormal browser
The following procedure explains how the Security Analytics Engine checks the browser attempting to access an application to determine if it is an abnormal browser for the user.
How the Security Analytics Engine checks for an abnormal browser
1
A user attempts to access an application that uses an Abnormal Browser condition type to check for abnormal browsers.
2
The Security Analytics Engine checks if this access attempt is from a browser not used by the user within the time period specified by the condition. If this returns as false (it is a previously used browser), the browser is considered normal and the risk score is not affected.
3
If this returns as true (the browser was not previously used within the specified time period), the browser is considered abnormal and the risk score is increased.
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택