A sample application (Sample Application) and risk policy (Sample) are added upon installation of the Security Analytics Engine. These function as both an example of how to configure your own applications and a starting point as you begin to create risk policies. For that reason, the sample application can be reconfigured to direct to an actual application and the sample risk policy edited to fit this new application.
The following settings are used in the Sample Application and Sample risk policy:
Field | Setting |
---|---|
Application Name |
Sample Application |
Application Description |
This is a sample application. |
Client API ID |
Demo Client |
Client API Secret |
<nn> (A 34-character secret) |
Policies |
Sample |
Field | Setting |
---|---|
Policy Name |
Sample |
Description |
Sample Policy |
Disable Policy Override |
(Cleared) |
Alerting | |
Notify Admin |
(Cleared) |
Notify User |
(Cleared) |
Alert When |
Always |
Scores <nn> Or More. |
(Cleared) |
The following conditions are configured for the Sample risk policy. See Condition categories for information on the settings within these conditions. | |
Application | |
Abnormal Browser (Default) |
20% Modifiers:
|
Behavior | |
Abnormal Authentication (Default) |
20% Modifiers
|
Abnormal Time (Default) |
20% Modifiers
|
Associated w/ Blacklist (Default) |
90% |
Associated w/ Country (Default) |
70% |
Associated w/ Malware (Default) |
90% |
Associated w/ Application Threat Level (Default) |
60% |
Associated w/ Application Category (Default) |
30% |
Weak Authentication (Default) |
20% Modifiers:
|
Location | |
Restricted Country (Default) |
70% |
Abnormal Location (Default) |
20% Modifiers:
|
Network | |
Dynamic Blacklist (Default) |
90% |
User | |
Application Role (Default) |
10% Modifiers:
|
LDAP Group (Default) |
10% Modifiers:
|
Last Logon (Default) |
30% |
In order for an application to connect with the Security Analytics Engine, it must first be configured on the Applications page. Once an application has been added, it can be assigned risk policies, send alerts due to high scores, and audit event information can be collected. See the following sections for more information:
To add a new application
To add a shared risk policy, see Adding a shared risk policy to an application.
NOTE: Shared risk policies can only be viewed, duplicated and selected for use by an application on the Applications page. The creation and management of shared risk policies is done through the Shared Policies page. See Adding and managing shared risk policies for more information. |
After an application is added, it appears on the Applications page where it can be edited.
To edit an application
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center