Starling Identity Analytics & Risk Intelligence Hosted - User Guide

Starling Identity Analytics & Risk Intelligence Getting started Settings Collaborators Collector agents Licensing Rules Risk Verification Reports

Adding a new rule

From the Rules page, you can add new rules for the configured data sources.

NOTE: Adding a new rule will override any existing default rule of that type. The default rule will then be hidden until the overriding custom rule is deleted. Once the custom rule is deleted, the default rule (including any previous edits) will reappear on the Rules table.

Adding a new rule

  1. From the Rules page, click New Rule to open the New Rule page.
  2. Use the configuration options to identify and add a new rule. The new rule must have a unique name, a description, and at least one data source must be selected.

    NOTE: To edit the name or description of a rule, click the button to the right of the field. Once you finish editing the rule name or description, you must click the button to save your edits. This will only save the changes made in that field. To remove any edits made in those fields, use the button.

    NOTE: There are specific configuration options for the Account Best Practices, Highly Privileged Group Members, and Highly Privileged Role Members rules. For more information, see Account Best Practices rulesHighly Privileged Group Members rule and Highly Privileged Role Members rule.

    NOTE: Once you have finished configuring the rule, clicking Preview shows what happens if the new rule is applied.

  3. Click Save to add the rule. The rule will now be available for use.

Rule Details page

Once an entitlement classification rule has been added to Starling Identity Analytics & Risk Intelligence it appears in the table on the Rules page. Clicking one of the rules (or the button associated with it) will open the Rule Details page from which the following actions can be taken:

NOTE: There are specific configuration options for the Account Best Practices, Highly Privileged Group Members, and Highly Privileged Role Members rules. For more information, see Account Best Practices rulesHighly Privileged Group Members rule and Highly Privileged Role Members rule.

When rules are added, removed, or modified, an evaluation will automatically occur in order to update Starling Identity Analytics & Risk Intelligence with the latest information. A blue alert bar will appear across the top of the possibly impacted pages alerting you that an evaluation is in progress as well as how many are pending. A green alert bar will appear to inform you that the evaluation was successfully completed. Once the evaluations have completed, the Starling Identity Analytics & Risk Intelligence pages automatically update to take into account the impact of those configuration changes.

Viewing information about a matched account

From the Rule Details page, you can access additional information on the matched accounts that are impacted by the selected entitlement classification rule.

To view information about a matched account

  1. From the Rules page, click a rule (or the button associated with it) that has at least one matched account. This opens the Rule Details page.

  2. On the Rule Details page, click Matched Accounts.
  3. From the expanded Matched Accounts list, select the account for which you want to view additional information. This opens the Risk Profile page which contains the following information:

    • User information pane: This displays the name of the user and the time at which the account was last evaluated.
    • # of Entitlements over time: This graph shows the number of matches over time for the user based on entitlements.
    • Percent of entitlements via group access: This graph shows the percentage of grants based on group versus direct access.
    • Matched Rules table: This table displays the matched rules for the account. Selecting a rule from the list opens the Account Evaluation Details page.

Cloning a rule

From the Rule Details page, you can clone an entitlement classification rule listed in the table at the bottom of the page.

To clone a rule

  1. From the Rules page, click the rule (or the button associated with it) that you want to clone. This opens the Rule Details page.
  2. On the Rule Details page, click Clone.
  3. Use the configuration options to make any changes to the cloned entitlement rule. The cloned rule must have a unique name, a description, and at least one data source must be selected.

    NOTE: To edit the name or description of a rule, click the button to the right of the field. Once you finish editing the rule name or description, you must click the button to save your edits. This will only save the changes made in that field. To remove any edits made in those fields, use the button.

    NOTE: There are specific configuration options for the Account Best Practices, Highly Privileged Group Members, and Highly Privileged Role Members rules. For more information, see Account Best Practices rulesHighly Privileged Group Members rule and Highly Privileged Role Members rule.

    NOTE: Once you have finished configuring the rule, clicking Preview shows what happens if the new rule is applied.

  4. Click Save to add the cloned rule. The rule is now available for use.
Related Documents