Chat now with support
Chat with Support

Starling Identity Analytics & Risk Intelligence Hosted - User Guide

Starling Identity Analytics & Risk Intelligence Getting started Settings Collaborators Collector agents Licensing Rules Risk Verification Reports

Introduction to Account Evaluation Details

The Account Evaluation Details page is used for displaying information regarding individual rules and entitlements assigned to an account in your data source. This page is displayed by clicking any of the matched rules or entitlements listed for an account on the Risk Profile page.

Account Evaluation Details page

To display the Account Evaluation Details page, click any of the matched rules or entitlements listed for an account on the Risk Profile page. The Account Evaluation Details page is used for displaying information regarding the rules and entitlements assigned to an account in your data source.

The following information appears on this page:

(Account name)

This pane displays the name and information regarding the account. Increased high risk accounts are indicated by a icon. New high risk accounts are indicated by a icon.

Matched Rules

This displays the number of entitlement classification rules that are currently triggered by the account’s entitlements.

Entitlements

This displays the total number of entitlement matches within the entitlement classification rule.

This toggle is used to alter the list below based on whether you are interested in information regarding the rules or entitlements for the listed user. For more information, see Rules view and Entitlements view.

Rules view

The Account Evaluation Details list is displayed at the bottom of the Account Evaluation Details page. When Rules is selected, via the toggle located above the list, the following information appears:

(Rule name)

This is the name of the rule. A rule that resulted in an increased risk level for an existing high risk account is indicated by a icon. A new high risk rule that is associated with the account is indicated by a icon.

To locate a specific rule, hover over the icon above the list to display the Filter Rules field. Begin typing the name of the rule you want to locate and the Rules view will update accordingly.

Entitlements

This displays the total number of entitlement matches within the entitlement classification rule. Depending on the data collected, there may be multiple permissions listed that are related to a single entitlement. For example, a permission may be assigned to both a local and built-in account; however, it is still related to the same entitlement and so is only counted once. In some cases there may be multiple entitlements that when combined will match the entitlement classification rule. When this occurs, a Multiple Entitlements drop-down menu can be expanded to show the entitlements which were combined.

(Verification)

This displays the current verification status for the associated rule. The following statuses may appear:

  • Request verification: This link is available for requesting verification that the listed user should in fact match this rule. For more information, see Requesting verification.
  • Pending verification: This status shows that a request for verification has occurred but has not yet been completed. Click the icon for additional information on the status. A pending verification request may be canceled by an administrator manually on the Verification page, or may be canceled automatically by Starling Identity Analytics & Risk Intelligence if the configuration or data is changed which causes the rule to no longer be matched for the account. This can occur when the rule is disabled or deleted, a default rule is replaced with a cloned rule, the data source instance is unlicensed, or the matched entitlements are removed from the data source instance for the account.
  • Risk verified: This status shows that the user has been confirmed as needing to match the listed rule. Click the icon to open the Verification Details page for additional information on the status.
  • Requires mitigation: This status shows that although the data source currently has the user matching this rule, this should not be the case. Any rules marked as Requires mitigation should be removed for the user within the data source.

Expanding a rule in the list displays a table with the following information:

Permissions

This is the type of permission assigned to the entitlement classification rule. A rule that resulted in an increased risk level for an existing high risk account is indicated by a icon. A new high risk rule that is associated with the account is indicated by a icon. Clicking the permission will switch to the Entitlements view for the permission.

Trustee Type

This is the type of trustee associated with the rule. The following types may appear:

  • Direct: Indicates a direct membership.
  • Group: Indicates a direct member of a group that gives them rights to the trustee.
  • Group (Member & Nested): Indicates both a direct member and a member of a nested group that gives them rights to the trustee.
  • Group (Nested): Indicates a member of a nested group that gives them rights to the trustee.
Trustee

This is the trustee associated with the rule. If the permission is granted due to a nested membership, indicated by a Trustee Type of either Group (Member & Nested) or Group (Nested), the name of the trustee can be clicked to open the Group Membership Details dialog. This dialog displays the name of the account, the trustee, whether it is a direct (true) or indirect (false) group membership, and lists the nested groups that allowed for rights to the trustee.

Data Source

This is the type of data source associated with the rule.

Instance

This is the instance associated with the rule.

Granted Target

This column displays the name of the target or, in cases where multiple targets apply, the type of target. It also displays the number of targets that have been granted the permission when there are multiple targets. Clicking a link in this column opens the associated Target Details page.

Affected (object type)

When applicable, this column will be displayed to show the number of objects affected by the permission. Clicking on the value opens the Affected Object page which lists the affected and unaffected objects associated with the rule. If the affected objects are the same as the granted targets then nothing will be listed in this column. If there are no affected objects then the Affected Objects page will not be available for the permission.

Entitlements view

The Account Evaluation Details list is displayed at the bottom of the Account Evaluation Details page. When Entitlements is selected, via the toggle located above the list, the following information appears:

(Entitlement name)

This is the name of the entitlement. An entitlement that resulted in an increased risk level for an existing high risk account is indicated by a icon. A new high risk entitlement that is associated with the account is indicated by a icon.

To locate a specific entitlement, hover over the icon above the list to display the Filter Entitlements field. Begin typing the name of the entitlement you want to locate and the Entitlements view will update accordingly.

(Trustee name)

This is the trustee that has been granted the entitlement.

(Data source type)

This is the type of data source associated with the entitlement.

(Instance name)

This is the name of the data source instance.

(Target)

This is the name of the target or, in cases where multiple targets apply, the type of target.

Rules

This is the number of matched rules for the entitlement

Expanding an entitlement in the list displays a table with the following information:

Matched Rules

This is the name of the matched rule. Clicking the rule name will switch to the Rules view. A rule that resulted in an increased risk level for an existing high risk account is indicated by a icon. A new high risk rule that is associated with the account is indicated by a icon. Clicking the name of the rule switches to the Rules view for the rule.

Granted Target

When applicable, this column will be displayed to show the number of targets granted by the permission. Clicking on the value opens the Target Details page

Affected Objects

When applicable, this column will be displayed to show the number of objects affected by the permission. Clicking on the value opens the Affected Object page which lists the affected and unaffected objects associated with the rule. If the affected objects are the same as the granted targets then nothing will be listed in this column. If there are no affected objects then the Affected Objects page will not be available for the permission.

Verification

This column displays the current verification status for the associated rule. The following statuses may appear:

  • Pending: This status shows that a request for verification has occurred but has not yet been completed. A pending verification request may be canceled by an administrator manually on the Verification page, or may be canceled automatically by Starling Identity Analytics & Risk Intelligence if the configuration or data is changed which causes the rule to no longer be matched for the account. This can occur when the rule is disabled or deleted, a default rule is replaced with a cloned rule, the data source instance is unlicensed, or the matched entitlements are removed from the data source instance for the account.
  • Approved: This status shows that the user has been confirmed as needing to match the listed rule.
  • Rejected: This status shows that although the data source currently has the user matching this rule, this should not be the case. Any rules marked Rejected should be removed for the user within the data source.
Related Documents