Administration Web Site Overview
Auditing
Introduction
Auditing page
Filtering the audit events
Displaying details for an individual audit event
Downloading audit events information
Adding and managing overrides on the Auditing page
Issued Alerts
Policy Overrides
Managing a policy override
|
NOTE: Once created, policy overrides can also be managed from the Policy Overrides page which lists all active policy overrides. |
|
1 |
From the Home page, click Reports to open the Reports page. |
|
2 |
From the Reports page, click Auditing to open the Auditing page. |
|
3 |
Select a risk score event from the list that is associated with a current override. See Filtering the audit events for information on locating a specific event and/or an event from a previous date. |
|
4 |
Click the Override button to open the Modify Override dialog. |
|
• |
Last Updated By: <nn> - The username of the administrator or help desk operator that last created or modified the override. |
|
• |
User Name - The name of the user to whom the override applies. |
|
• |
Browser ID - The browser ID to which the override applies. |
|
• |
User Address - The IP address to which the override applies. |
|
• |
Expires In - The time left before the override expires. The override must last a minimum of 30 minutes. |
|
6 |
Click the Save button to save the changes to the override and close the dialog. The changes to the override are now in effect and alerting is still stopped for the user the specified expiration time. |
|
1 |
From the Home page, click Reports to open the Reports page. |
|
2 |
From the Reports page, click Auditing to open the Auditing page. |
|
3 |
Select a risk score event from the list that is associated with a current override. See Filtering the audit events for information on locating a specific event. |
|
4 |
Click the Override button to open the Modify Override dialog. |
|
5 |
Click the Delete button to delete the policy override. |
|
6 |
A confirmation dialog will appear. Click the Delete button. Risk scores will now be reported and alerting will be enabled for the user. |
Issued Alerts
Introduction
From the Home page of the Security Analytics Engine Administration web site, click on the Reports link to open the Reports page. From the Reports page, click on the Issued Alerts link to open the Issued Alerts page where you can view information on the alerts sent by the Security Analytics Engine. If multiple, identical alerts for the same risk policy occurred within a 5 minute period, the Security Analytics Engine will only display (and send) a single alert.
|
IMPORTANT: In order for alerts to be sent, additional configuration may be required. See the Security Analytics Engine User Guide for more information. |
Issued Alerts page
The Issued Alerts page is displayed when Issued Alerts is clicked on the Reports page of the Security Analytics Engine Administration web site.
