Configure User Behavior
To configure user behavior according to metrics and options, access the menu Settings ➔ System parameters ➔ System parameters ➔ User Behavior:
The suspected minimum score (1 to 15)*: from which score will be considered suspicious.
Session settings
Number of days of history*: for how many days the history of user behavior will be kept.
Variation rate (%)*: Variation of session settings.
Submit high-risk sessions for audit?*: Submit sessions to be audited if marked as Yes
It is mandatory to select at least one auditor to send sessions for auditing and will also be necessary to create a register of standard auditors.
To do so, access the PAM Core ➔ Settings ➔ Access ➔ Default Auditors menu.
To configure which commands will be audited and the criticality level go to PAM Core ➔ Settings ➔ Access ➔ Audited Commands.
Weight check
Access on Unusual Destination: Define how many accesses are considered unusual made from an unknown destination.
Unusual source access: Define how many accesses come from an unusual source.
Unusual credential access: Define how many accesses were made using an unusual credential.
Access at unusual times: Define how many accesses were made at unusual times.
Access with unusual duration: Define how many accesses were made having an unusual duration.
Password view settings
Number of days of history*: for how many days the history of user behavior will be kept.
Change rate (%)*: Change in password views.
Weight check
Unusual Source Preview*: Set how many unusual source views are unexpected behavior.
Unusual credential preview*: Set the number of unusual credential previews that are considered as unexpected behavior.
View at unusual times*: Set the number of views at unusual times is unexpected behavior.
Unusual password change*: Set how many unusual password views are unexpected behavior.
To Block Sessions and Block Sessions and User, through the settings listed below, they can be marked with the Yes flag, which will make these options set as active, and if it is with the No flag will be inactive:
- Actions for sessions with unusual time
- Actions for sessions held at unusual times
- Actions for sessions with an unusual origin
- Actions for sessions held for unusual destinations
- Actions for sessions with unusual credentials
Behavior Notifications
You can create notifications from the following parameters in Settings ➔ Notifications ➔ Settings in the action menu add a new notification and filter by Behavior category:
- Access at unusual hours
- Access with unusual duration
- Unusual source access
- Unusual password change
- Unusual destination access
- Unusual credential access
- Unusual origin view
- View unusual credential