From the Rules page, you can configure the Account Best Practices - Computers for your Active Directory and Active Roles data sources, while the Account Best Practices - Users rule can be configured for your Active Directory, Active Roles, and Azure Active Directory data sources. These rules focus on accounts with specific properties or behaviors that may lead to a security risk for your organization.
|
NOTE: Adding a new rule will override any existing default rule of that type. The default rule will then be hidden until all customized rules for it are deleted. Once the custom rules are deleted, the default rule (including any previous edits) will reappear on the Rules table. |
Configuring the Account Best Practices rules
To clone the existing Account Best Practices rule:
For each data source, the practices set to be evaluated are indicated with a check mark. Selecting a check mark will clear the check box and remove the practice from the evaluation. Additional configuration options are available for some of the listed practices:
Maximum Frequency: Use this field to specify how often a practice that is being monitored has occurred within the set timespan (1-99).
|
NOTE: During a collection, parameters that report based on the frequency of an action (Password Has Been Reset Too Frequently and Account Has Been Locked Out Too Frequently) are only able to detect the last time the action has occurred. Therefore an action may have occurred multiple times between two collections, but will only count once toward Maximum Frequency. |
The following are the default configurations for each type of data source:
Password Is Too Old
Failed Sign-In Occurs Too Frequently
|
NOTE: Once you have finished configuring the rule, clicking Preview shows what happens if the new rule is applied. |
From the Rules page, you can configure the Highly Privileged Group Members rule for your configured data sources to focus on accounts within specific domains or groups.
|
NOTE: Adding a new rule will override any existing default rule of that type. The default rule will then be hidden until all customized rules for it are deleted. Once the custom rules are deleted, the default rule (including any previous edits) will reappear on the Rules table. |
Configuring the Highly Privileged Group Members rule
To clone the existing Highly Privileged Group Members rule:
The default Highly Privileged Group Members rule is configured to evaluate groups in your Active Directory and Active Roles data source domains with the name Administrators, Domain Admins, Enterprise Admins, Schema Admins, Hyper-V Administrators, DnsAdmins, Account Operators, Backup Operators, Cert Publishers, Group Policy Creator Owners, Protected Users, and Server Operators for each of your configured Active Directory and Active Roles data sources.
NOTE: Once you have finished configuring the rule, clicking Preview shows what happens if the new rule is applied. |
From the Rules page, you can configure the Highly Privileged Role Members rule for your configured Azure Active Directory data sources to focus on accounts with specific roles.
|
NOTE: Adding a new rule will override any existing default rule of that type. The default rule will then be hidden until all customized rules for it are deleted. Once the custom rules are deleted, the default rule (including any previous edits) will reappear on the Rules table. |
Configuring the Highly Privileged Role Members rule
To clone the existing Highly Privileged Role Members rule:
The default Highly Privileged Role Members rule is configured to evaluate roles in any data source domain with the name Application Administrator, Application Developer, Billing Administrator, Cloud Application Administrator, Company Administrator, Compliance Administrator, Conditional Access Administrator, Device Administrators, Directory Synchronization Accounts, Directory Readers, Directory Writers, CRM Service Administrator, Exchange Service Administrator, Guest Inviter, Helpdesk Administrator, Information Protection Administrator, Intune Service Administrator, Lync Service Administrator, Power BI Service Administrator, Privileged Role Administrator, Reports Reader, Security Administrator, Security Reader, Service Support Administrator, SharePoint Service Administrator, and User Account Administrator.
NOTE: Once you have finished configuring the rule, clicking Preview shows what happens if the new rule is applied. |
From the Rule Details page, you can disable any entitlement classification rules currently configured for Starling Identity Analytics & Risk Intelligence. This includes disabling any of the default rules, which cannot be deleted from Starling Identity Analytics & Risk Intelligence.
To disable a rule
On the Rule Details page, click Enabled to switch the rule to disabled. The option will now display Disabled.
|
NOTE: To re-enable the rule, click Disabled to switch the rule to enabled. |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center