Threat Analytics
Single Connect includes a Threat Analytics feature to alert admins of critical actions that can occur in the environment. Threat Analytics can be configured for both users and devices, by managing the threshold values assigned to them. Alerts are created when the average number of connections for a user/device exceeds a defined threshold rate. The average number of daily connection counts for a user or device is recorded in the database as statistics logs. To activate the calculation of average daily connections:
- Navigate to Administration > Jobs Scheduler.
- Open the Trigger List tab.
- Select ScSessionStatisticsJob as the Job.
- Fill in the Trigger Name field.
- Define the Cron Expression to run every day.
- To enable the job, select Enabled on the Active field and click Save.
The Session Alerts Threshold should be defined based on the user group and device group.
- Navigate to Policy Control > Session Alert Threshold.
- Define the threshold type as user or device.
- Define the threshold value as “1, 1.5, 2, 3, 4.75…”.
The alert point is calculated by multiplying the threshold value and the average value of the user/device. To activate alert logs:
- Navigate to Administration > Jobs Scheduler.
- Open the Trigger List tab.
- Select ScSessionAlertsJob as the Job.
- Fill in the Trigger Name and Cron Expression fields.
- To enable the job, select Enabled in the Active field and click Save.
Now alert logs are listed in the Activity Logs.