Customizing Behavioral Analytics
This feature is currently in private preview. At this time, we are no longer accepting new customers into the private preview. Stay tuned for updates on future availability.
After you have set up Behavioral Analytics, you can customize its behavior. Most analytics customizations and administrative tasks can be accomplished from the Behavioral Analytics page (Settings > Behavioral Analytics), including adjusting the alert thresholds and reconfiguring the integration with Secret Server as needed.
Configuring Alert Settings
Events generate Warning or Critical alerts according to the severity thresholds you set. Events that fall outside these thresholds are considered Normal.
Thresholds are represented as sensitivity levels ranging from least to most sensitive. For instance, setting the Warning alert threshold to Least Sensitive sets a numerical value stored in the platform tenant. Those values are used to determine what alert, if any, should be issued.
If the risk score exceeds the Warning threshold value, a warning alert is issued. If it exceeds the Critical threshold value, a Critical alert is issued.
For Behavioral Analytics on the Delinea Platform, the threshold values for sensitivity levels are devised so that a customer can edit those thresholds, either in the PBA console or in the Delinea Platform, and the values will be consistent.
In the PBA console, customers are allowed to set either threshold to a value between 2 and 50. The Alert (Critical) threshold must be larger than the Warning threshold. The same rules apply in the Behavioral Analytics for Platform API and the Delinea Platform.
The API code uses settings from the table below to set the threshold values and to read what may be a numeric value entered from the Standalone console, then map it to the least-to-most sensitive levels.
| Sensitivity | Warning | Critical |
|---|---|---|
| Most Sensitive | 2 | 7 |
| More | 6 | 13 |
| Balanced | 10 | 20 |
| Less | 14 | 28 |
| Least Sensitive | 18 | 38 |
To adjust the thresholds for generating Warning or Critical alerts:
-
Click Settings on the left navigation menu, then select Behavioral Analytics.
-
Click the Alert Settings tab.
-
Click Edit.
-
Click and drag the indicator to the desired sensitivity. By default, both Warning and Critical alert thresholds are set to Balanced.
| Severity | Description |
|---|---|
| Warning | An alert raised based on the risk score compared to the threshold. A Warning alert is raised if Risk Score >= Warning < Critical. |
| Critical | An alert raised based on the risk score compared to the threshold. A critical alert is raised if Risk Score >= Critical. |
No alert is raised if Risk Score < Warning.
Configuring Secret Server Integration Settings
To configure secure communications between Secret Server and Behavioral Analytics:
-
Click Settings from the left navigation menu, then select Behavioral Analytics.
-
Click the Secret Server Integration tab.
The next few sections describe how to use each section of this tab.
Integration Key Section
In the Integration Key section of the Secret Server Integration tab, you can make the following settings:
-
Regenerate Key button: To regenerate the integration key, click Regenerate Key.
A key rotation process is initiated in which both Secret Server and Privileged Behavioral Analytics generate a new key pair and use the previous public key to exchange the new pair with each other. After you regenerate the integration key, you must copy it to your Secret Server instance again to start the initial key exchange.
-
Integration Key: To view and copy the integration key, click View Key. The integration key is copied to Secret Server to provide the credentials and configuration information required to enable the uploading of log data from Secret Server to Behavioral Analytics. See Generating and Copying the Integration Key.
-
Last Generated: Displays a timestamp indicating the last time the key was generated.
-
Status: Displays one of two states:
Status Description Not configured Not Connected. Behavioral Analytics has not been configured yet. Connected Behavioral Analytics has been configured and connection has been established. -
Last Data Upload: Displays a timestamp indicating the last time data was transferred from Secret Server to Behavioral Analytics.
Analytics and Secret Server Key Pair Sections
The Analytics Key Pair and Secret Server Key Pair sections use the same fields in the same ways.
-
Key Pair ID: Used by Privileged Behavioral Analytics during Single Sign On to verify Secret Server's user claims as an identity provider. In the opposite direction, Secret Server uses the key pair ID as an added layer of security to verify that access challenges were signed by the authorized Privileged Behavioral Analytics instance.
-
Status: Displays one of three states:
Status Description Not available Key pair has not yet been generated. Pending Key pair has been generated, but is awaiting confirmation by Secret Server. Confirmed Secret Server has confirmed the key pair. -
Last Generated: A timestamp indicating the last time the key pair was generated.
Configuring Roles Settings
Behavioral Analytics offers a set of permissions that can be used through the existing built-in roles of Platform Administrator or Platform Auditor. You can also create custom roles to use specific permissions based on your requirements. The table below describes the built-in roles and associated permissions for each.
To manage roles, click Access from the left navigation menu, then select Roles.
For more information, see User Roles and Permissions.
Platform Administrator
| Role Permission | Description |
|---|---|
| delinea.platform/analytics/settings/manage | Can view and manage Behavioral Analytics settings |
| delinea.platform/analytics/settings/create | Can create all Behavioral Analytics settings |
| delinea.platform/analytics/settings/delete | Can delete all Behavioral Analytics settings |
| delinea.platform/analytics/settings/read | Can view all Behavioral Analytics settings |
| delinea.platform/analytics/settings/update | Can update all Behavioral Analytics settings |
Platform Auditor
| Role Permission | Description |
|---|---|
| delinea.platform/analytics/read | Can view Behavioral Analytics |
| delinea.platform/analytics/events/read | Can view event details |
| delinea.platform/analytics/notes/create | Can create a note |
| delinea.platform/analytics/notes/delete | Can delete a note |
| delinea.platform/analytics/notes/read | Can read a note |
| delinea.platform/analytics/notes/update | Can update a note |
| elinea.platform/analytics/alerts/update | Can dismiss and archive alerts |
| delinea.platform/analytics/alerts/read | Can view alert details |
For information about how to use Behavioral Analytics to increase security in your organization, see Using Behavioral Analytics.
