User Behavior
Configure the User Behavior
To configure user behavior according to metrics and options, access the menu Settings ➔ System parameters ➔ System parameters ➔ User Behavior:
The suspected minimum score (1 to 15)*: from which score will be considered suspicious.
Session settings
Number of days of history*: for how many days, senhasegura will keep the record of user behavior.
Variation rate (%)*: Variation of session settings.
Submit high-risk sessions for audit?: Will audit sessions if marked as Yes.
It is mandatory to select at least one auditor to send sessions for auditing and will also be necessary to create a register of standard auditors.
To do so, access the PAM ➔ Settings ➔ Access ➔ Default Auditors menu.
To configure which commands will be audited and the criticality level, go to PAM ➔ Settings ➔ Access ➔ Audited Commands.
Session Weight check
| Action | Description |
|---|---|
| Access on Unusual Destination: | Define how many accesses are considered unusual made from an unknown destination. |
| Unusual source access: | Define how many accesses come from an unusual source. |
| Unusual credential access: | Define how many accesses were made using an unusual credential. |
| Access at unusual times: | Define how many accesses were made at unusual times. |
| Access with unusual duration: | Define how many accesses were made having an unusual duration. |
Password view settings
Number of days of history*: for how many days senhasegura will keep the history of user behavior.
Change rate (%)*: Change in password views.
Password view Weight check
| Action | Description |
|---|---|
| Unusual Source Preview: | Set how many unusual source views are unexpected behavior. |
| Unusual credential preview: | Set the number of unusual credential previews considered unexpected behavior. |
| View at unusual times: | Set the number of views at unusual times is unexpected behavior. |
| Unusual password change: | Set how many unusual password views are unexpected behavior. |
Actions for sessions
To Block Sessions and Block Sessions and User, through the settings listed below, they can be marked with the Yes flag, which will make these options set as active, and if it is with the No flag will be inactive:
- Actions for sessions with unusual time
- Actions for sessions held at unusual times
- Actions for sessions with an unusual origin
- Actions for sessions held for unusual destinations
- Actions for sessions with unusual credentials