Chat now with support
Chat with Support

Security Analytics Engine 1.0 - User Guide

Auditing page

The Auditing page is displayed when Auditing is clicked on the Home page of the Security Analytics Engine Administration web site.
The Search button updates the Audit Events table located beneath the filtering options.
When an event is selected from the audit events list, a Details button appears at the bottom of the screen. Clicking the Details button will open a panel along the bottom of the page with the following fields and button:
Clicking show all will switch to displaying the Monitored Conditions section.
Displayed when the show all link is clicked, this will display all conditions that were monitored during the access attempt. Selecting a condition will display information regarding what caused the condition to return as true or false.
Clicking show only true will switch to displaying the Conditions that returned TRUE section.

Filtering the audit events

1
From the Home page, click Auditing to open the Auditing page.
2
In the From field, click the button to display a calendar and select the start date.
3
In the To field, click the button to display a calendar and select the end date.
4
In the Application(s) field, select to display auditing information for all applications or a specific application.
5
In the Max Records field, set the maximum number of records (1-10000) to return for the search. By default, this is 1000 records.
6
Click the Search button to update the Audit Events table.
7
To further filter the list of events, enter characters into the Filter Results field. The Audit Events table is updated automatically.

Configuring the retention settings

1
From the Home page, click Auditing to open the Auditing page.
2
Click the Settings button () in the upper right corner of the screen.
4
Click the Save button to save the changes.

Displaying details for an individual audit event

1
From the Home page, click Auditing to open the Auditing page. By default, the audit events for the current day are displayed.
2
Select an event and click the Details button on the bottom left of the page (see Filtering the audit events for information on locating a specific event and/or an event from a previous date).
Clicking the show all link will display all conditions that were monitored during the access attempt regardless of whether they returned true or false.
<plugin name> - <condition name> (Result: <true/false>) - This displays the name of the plugin, the name of the condition and whether the condition returned as true or false during the access attempt. For example, BuiltinPlugin1 - IsAbnormalTime (Result: true).
Parameters - Use the expand properties button (right arrow) to the left of this heading to display each condition parameter with its current setting. For example, Days = 30.
Details - Use the expand properties button (right arrow) to the left of this heading to display information on what caused the condition to trigger or not trigger during the access attempt.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating