Chat now with support
Chat with Support

Security Analytics Engine 1.1 - User Guide

Security Analytics Engine Overview Plugins Conditions Shared Policies Applications Auditing Issued Alerts Policy Overrides Fallback Password Security Settings Glossary

Authentication List

NOTE: The BuiltinPlugin is associated with this condition and provides important settings.
Can increase risk - Selecting this option will cause the risk score to increase if the access attempt comes from a listed authentication method.
Can decrease risk - Selecting this option will cause the condition score to decrease if the access attempt comes from a listed authentication method. A condition with this setting can only be used as a modifier in a risk policy.
Can both increase or decrease risk - Selecting this check box will allow you to configure the risk score to either increase or decrease.

Location

Abnormal Location

NOTE: The GeoLocationPlugin is associated with this condition and provides important settings.
3
If the internal network check returns as false, the Security Analytics Engine checks the VPN Networks (IP address and subnet mask) configured for the GeoLocationPlugin. If this check returns as true (the VPN is configured), the geolocation is considered normal and the risk score is not affected.
NOTE: If the Security Analytics Engine cannot connect to the OnDemand Service at the time of the access attempt and the Also Report Unknown Location check box is selected, the geolocation is considered abnormal based on the previous steps and the risk score is increased.
If the Security Analytics Engine cannot connect to the OnDemand Service at the time of the access attempt and the Also Report Unknown Location check box is cleared, an unknown geolocation is reported as normal and the risk score is not affected.

Country List

NOTE: The GeoLocationPlugin is associated with this condition and provides important settings.
Can increase risk - Selecting this option will cause the risk score to increase if the access attempt comes from a listed country.
Can decrease risk - Selecting this option will cause the condition score to decrease if the access attempt comes from a listed country. A condition with this setting can only be used as a modifier in a risk policy.
Can both increase or decrease risk - Selecting this check box will allow you to configure the risk score to either increase or decrease.
3
If the access attempt did not come from an internal network, the Security Analytics Engine checks the VPN networks (configured and enabled using the GeoLocationPlugin). If this check returns as true (the VPN is configured), then the Security Analytics Engine returns false and the risk score is not affected.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating