Chat now with support
Chat with Support

Security Analytics Engine 1.2 - User Guide

Security Analytics Engine Overview Plugins Conditions Shared Policies Applications Auditing Issued Alerts Policy Overrides Fallback Password

Sample Application

A sample application (Sample Application) and risk policy (Sample) are added upon installation of the Security Analytics Engine. These function as both an example of how to configure your own applications and a starting point as you begin to create risk policies. For that reason, the sample application can be reconfigured to direct to an actual application and the sample risk policy edited to fit this new application.

The following settings are used in the Sample Application and Sample risk policy:

Table 25: Sample Application settings
Field Setting

Application Name

Sample Application

Application Description

This is a sample application.

Client API ID

Demo Client

Client API Secret

<nn> (A 34-character secret)

Policies

Sample

Table 26: Sample risk policy settings
Field Setting

Policy Name

Sample

Description

Sample Policy

Disable Policy Override

(Cleared)

Alerting

Notify Admin

(Cleared)

Notify User

(Cleared)

Alert When

Always

Scores <nn> Or More.

(Cleared)

The following conditions are configured for the Sample risk policy. See Condition categories for information on the settings within these conditions.
Application

Abnormal Browser (Default)

20%

Modifiers:

  • Whitelist (Default) - 0%
  • Strong Authentication (Default) - 50%
Behavior

Abnormal Authentication (Default)

20%

Modifiers

  • Whitelist (Default) - 0%
  • Strong Authentication (Default) - 50%

Abnormal Time (Default)

20%

Modifiers

  • Whitelist (Default) - 0%
  • Strong Authentication (Default) - 50%

Associated w/ Blacklist (Default)

90%

Associated w/ Country (Default)

70%

Associated w/ Malware (Default)

90%

Associated w/ Application Threat Level (Default)

60%

Associated w/ Application Category (Default)

30%

Weak Authentication (Default)

20%

Modifiers:

  • Whitelist (Default) - 0%
Location

Restricted Country (Default)

70%

Abnormal Location (Default)

20%

Modifiers:

  • Whitelist (Default) - 0%
  • Strong Authentication (Default) - 50%
Network

Dynamic Blacklist (Default)

90%

User

Application Role (Default)

10%

Modifiers:

  • Whitelist (Default) - 0%
  • Strong Authentication (Default) - 50%

LDAP Group (Default)

10%

Modifiers:

  • Whitelist (Default) - 0%
  • Strong Authentication (Default) - 50%

Last Logon (Default)

30%

Adding and managing applications

In order for an application to connect with the Security Analytics Engine, it must first be configured on the Applications page. Once an application has been added, it can be assigned risk policies, send alerts due to high scores, and audit event information can be collected. See the following sections for more information:

Adding a new application

To add a new application

  1. On the Applications page, click the button to open the Add Application dialog.
  2. In the Application Name field, enter a unique display name for the application. This name is only used within the Administration web pages.
  3. (Optional) In the Application Description field, enter a brief description of the application. This description is only used within the Administration web pages.
  4. In the Client API ID field, specify the client’s API ID. The API ID cannot be a used again for another application.
  5. (Optional) In the Client API Secret field, click the button to display the text of the API secret.
  6. (Optional) To change the client API’s secret, click the Generate New button.
  7. The Policies section of the Add Application dialog is used for adding and managing the risk policies associated with an application. Although client applications use only one risk policy at a time for evaluating access attempts, multiple risk policies can be associated with an application to create individual alerts for when specific conditions are triggered during an access attempt (for more information, see Risk policies). The following options are available for adding risk policies to an application:
  8. Once you have finished creating or adding any desired risk policies, click the Save button on the Add Application dialog to save the application and return to the Applications page.

Editing an application

After an application is added, it appears on the Applications page where it can be edited.

To edit an application

  1. On the Applications page, select the application to edit.
  2. Click the button to open the Edit Application dialog.
  3. After making edits, click Save to save the changes and close the dialog.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating