Privileged Behavior Analytics Administration
In Privileged Behavior Analytics, most administrative tasks will occur on the System Settings page, which is used to set basic configurations for alert notifications and other general settings.
You can navigate to System Settings by clicking on the cogwheel symbol at the top right of any Privileged Behavior Analytics page and choosing System Settings.
Responsive Actions Settings
The Responsive Actions section of System Settings is used to configure Privileged Behavior Analytics to take automated action based on user risk score.
Alert Threshold: The numerical value an alert needs to meet or exceed to send an email and log the event on the Alerts page.
Alert Action: Provides three different automated actions that Privileged Behavior Analytics can take in response to an Alert Event.
The Challenge response can be configured to automatically impose additional controls on a Secret Server user if their actions cause Privileged Behavior Analytics to generate an alert that meets or exceeds the Alert Threshold. The current version of Privileged Behavior Analytics can challenge a user by
logging them out of Secret Server
forcing them to do 2-factor authentication
locking a user out of Secret Server
forcing them to request access to any Secrets they access Challenges must be configured on Secret Server as well. More information on how to configure Challenges can be found in Getting Started.
The Webhook response can be configured to integrate with external systems by sending an HTTP post when Privileged Behavior Analytics has a user alert event. Additional information can be found in the Privileged Behavior AnalyticsPBA Responsive Actions article.
The Code Hook response can be configured to integrate with external systems by executing a user provided script when Privileged Behavior Analytics has a user alert event. Additional information can be found in the Privileged Behavior AnalyticsPBA Responsive Actions article.
Warn Threshold: The numerical value a warning needs to meet or exceed to send an email and log the event on the Alerts page.
Warn Action: Provides three different automated actions that Privileged Behavior Analytics can take in response to an Alert Event. See the above Alert Action list item for details on automated actions.
Test Actions: Provides an ability to test Responsive Actions to ensure your configuration is correct.
Secret Importance: A page that lists all Secrets and enables changing any of their importance settings for Privileged Behavior Analytics. More important Secrets are more likely to trigger alerts upon User access.
User Watch List: Configuration options to automatically populate the User Watch List with new users and/or users with active alerts and warnings.
Privileged Behavior Analytics Integration Settings
The Privileged Behavior Analytics integrations settings section is used to configure secure communications between your Secret Server and Privileged Behavior Analytics.
Privileged Behavior Analytics integration key: A key that provides your Privileged Behavior Analytics with credentials and configuration information to upload log data to Privileged Behavior Analytics.
Privileged Behavior Analytics public key: A one-time RSA public key is entered here to establish communication between Secret Server and Privileged Behavior Analytics.
The Time Settings section is used to configure the Timezone and time display format.
Local Timezone: The display of all timestamps can be adjusted to your local time zone. The default time zone is UTC.
Hour Display: 12-hour (AM/PM) or 24-hour (international or “military”) time display.
The User Settings section has password and alert preferences settings.
Account Settings: The link enables changing the password for the account used to access Privileged Behavior Analytics.
Alert Notification Settings: Enables setting the email address for receiving alerts and whether you want to receive alerts or warnings as they occur.