Security Analytics Engine 1.2 - User Guide

Editing a plugin

While the plugins provided by the Security Analytics Engine cannot be deleted nor additional plugins created, the settings for each plugin can be edited.

To edit a plugin instance

1. On the Plugins page, select the plugin to edit.
2. Click the button to open the Edit Plugin page.
3. After editing the plugin settings (see Available plugins for information on the specific settings available for each plugin), click Validate to test the configuration.
4. Click Save to save the changes.
5. Use your browser’s back button or the left pane to return to the Plugins page.

Conditions

Topics:

Introduction to conditions

While a plugin retrieves and stores the data for the Security Analytics Engine, conditions are what allow you to tailor how that data is used to fit the needs of each application. Each condition contains parameters that dictate what to look for specifically during an access attempt: a certain IP address, a browser that is rarely used by that user, a regularly occurring time of access, etc.

When working with conditions, keep in mind that within a risk policy all conditions can be used to modify other conditions, in which case it becomes a modifier. However, all modifiers cannot be used as conditions. Conditions with a risk type value of Can increase risk, Can both increase or decrease risk, and those without a risk type value are able to be used as both conditions and modifiers since they can increase a risk score. Conditions assigned the risk type value of Can decrease risk are only usable as modifiers since they are designed to decrease condition scores not decrease an entire risk score. All conditions and modifiers, regardless of risk type value, are managed using the Conditions page.

Conditions page

The Conditions page is displayed when Conditions is clicked in the left pane of the Security Analytics Engine Administration web page.

The following buttons appear on the top left of this page:

This button is used for creating a duplicate of an existing condition.

This button is used for previewing a default condition.

NOTE: This button is replaced by the button when a non-default condition is selected from the table.

This button is used for editing and/or viewing a non-default condition.

NOTE: This button replaces the button when a non-default condition is selected from the table.

This button is used for deleting a non-default condition.

The following information is displayed for each condition:

, , or

These icons indicate the affect a condition has on a risk score. The icon is displayed next to conditions which increase a risk score, whereas the icon is displayed next to conditions which decrease a risk score (and thus can only be used as modifiers in a risk policy). Certain conditions can also be configured to either increase or decrease a risk score depending on how they are used within the risk policy. There types of conditions use the icon.

Condition Name

This column displays the name of the condition.

Type

This column displays the type of condition.

Category

This column displays the category for each condition.

Description

This column displays a description of the condition.