Chat now with support
Chat with Support

Security Analytics Engine 1.1 - Help Desk User Guide

Displaying details for an individual audit event

1
From the Home page, click Reports to open the Reports page.
2
From the Reports page, click Auditing to open the Auditing page. By default, the audit events for the current day are displayed.
3
Click on a risk score event to open a panel displaying the details about the event (see Filtering the audit events for information on locating a specific event and/or an event from a previous date). By default, this panel will display the conditions and any associated modifiers which were triggered during the access attempt. The score listed to the right of the condition name is the score assigned to the triggered condition with any triggered modifiers also taken into account. Use the expand properties button (right arrow) to the left of a condition name to view the modifiers that were triggered marked with an icon depicting their effect on the condition score ( for increased, for decreased, and for no effect).
Switching the Conditions filter to Show All will display all conditions and modifiers that were monitored during the access attempt regardless of whether they returned true or false.
8
Click the Show Policy Evaluation button to view the risk policy information. This displays information about the risk score associated with the authentication event.

Downloading audit events information

1
(Optional) Use the From, To, and Application(s) filtering options to download audit events from a particular time period. No other filtering options are available.
3
Click the link of your desired file type (Csv, Excel, Word or Pdf) to download the audit events report. Follow any further instructions that may appear as a result of your selection and environment.

Adding and managing overrides on the Auditing page

Adding a policy override

1
From the Home page, click Reports to open the Reports page.
2
From the Reports page, click Auditing to open the Auditing page. By default, the audit events for the current date are displayed.
3
Select a risk score event from the list that is associated with the user (see Filtering the audit events for information on locating a specific event and/or an event from a previous date).
4
Click the Override button to open the Add Override dialog.
5
The name of the user appears in the User Name field. Verify that this is the correct user for the override.
6
For Browser ID, select the browser ID that corresponds to the selected audit event or select Any to allow any browser.
7
In the User Address field, select the IP address that corresponds to the selected audit event or select Any to allow any IP address.
8
In the Expires in field, use the following drop-down menus to specify the length of time the override will apply. The override must last a minimum of 30 minutes.
Days - Select the number of days the override will be in effect (0-31). By default, this is set to 1.
Hours - Select the number of hours the override will be in effect (0-23). By default, this is set to 0.
Minutes - Select the number of minutes the override will be in effect (0-59). By default, this is set to 0.
9
Click the Save button to save the override and close the dialog. The override is now in effect and alerting has been stopped for the user until the specified expiration time.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating