Security Analytics Engine 1.2 - Help Desk User Guide

Filtering data on the Administration web site

In order to aid users in locating specific information quickly and efficiently, the Security Analytics Engine provides column level filtering throughout the Administration web site. This column level filtering is often helpful when used alongside the other search capabilities provided on some of the Security Analytics Engine pages.

To filter data

Throughout the main pages of the Security Analytics Engine Administration web site, a button appears to the right of each column heading. This button is used to filter the data within the column in order to locate specific items.

1. Click the button to the right of a column heading.
2. An empty field replaces the column heading. In the field, enter a word or string of characters to use to filter the column data. The table updates automatically as you type to display items that contain that word or string of characters anywhere within the column.
3. Additional columns can be filtered using the same method in order to further narrow down the items appearing in the table. All filtering applied to the table remains in effect until removed.
4. To remove filtering, click the button to the right of the column heading to which filtering has been applied or refresh the page to reset the table to its default display settings.
5. The items in a column can also be sorted to help you locate a specific event. To sort the data:
   • Click the button to the left of the column heading to be used for the sort criteria.
   • The sort order is now in ascending order (), but can be changed to descending order by clicking the button a second time ().
   • To remove the sort order from a column, click the button to remove the column sorting ().

Auditing

Topics:

Introduction to auditing

When a user is unable to log in to an application due to a high risk score, the help desk operator is able to create an override to allow them access. This is done by locating the audit event and creating an override for the user that allows them to access Security Analytics Engine protected applications for a specified time period.

Auditing page

The Auditing page is displayed when Auditing is clicked on the Reports page or in the left pane (the page link is available after using the expand properties button to the left of Reports). The Auditing page displays a list of the events for the applications currently utilizing the Security Analytics Engine. These results are filtered using the fields located at the top of the page.