Chatta subito con l'assistenza
Chat con il supporto

ControlPoint 8.9 - for Microsoft 365 User Guide

Getting Started with ControlPoint Using Discovery to Collect Information for the ControlPoint Database Cache The GDPR Dashboard Searching for SharePoint Sites Managing SharePoint Objects Managing Audit Settings Managing Metadata Managing SharePoint User Permissions Data Analysis and Reporting Scheduling a ControlPoint Operation Saving, Modifying and Executing Instructions for a ControlPoint Operation Provisioning SharePoint Site Collections and Sites Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity Default Menu Options for ControlPoint Online Users About Us

Defining Anomalous Activity Rules

After you have defined Business Hours and Activity Limits, the next step is to define Anomalous Activity Rules, or the action (if any) to take when a defined activity limit is exceeded, during both business hours and non-business hours.

To define Anomalous Activity Rules:

1.From the Sentinel Setup page, select the Anomalous Activity Rules tab.

Anomalous Activity RULES

2If you want to have an alert generated whenever a limit is exceeded for a particular combination of criteria (Business Hours/Non-Business Hours; Default Daily Activity/Personal Activity; Activity Limit):

§Select Alert from the Action drop-down.

§If you want to have an email generated when the limit is exceeded, enter an Email address.  (You can enter multiple email addresses, separated by commas (,).

NOTE:  Only limits to which an Alert is applied will be subject to Sentinel reporting.  Limits with No Action Required will not be reported.

Reporting Anomalous Activity

The ControlPoint Sentinel Report lets you view anomalous activity events for which an Alert has been specified on the Sentinel Setup - Anomalous Activity Rules page.  You can also filter results by user and/or date range.

To report anomalous activity:

1From the Manage ControlPoint tree choose ControlPoint Sentinel > Sentinel Report.

2If you want to narrow your results, enter one or more user(s) in the People Picker and/or enter a date range.

NOTE:  If you leave the From and To Dates blank, all available results will be returned.

Sentinel Report

The tiles at the top of the report highlight the following statistics:

·The Total Number of Anomalous Activities Detected

·The number of High Risk Events as characterized by ControlPoint Sentinel

·The Number of Users with anomalous activity

·The Security Risk Score (which is derived by the Severity of each activity within the date range covered by the report)

For each anomalous event detected, report detail displays:

·the Event Time (that is, the date and the time when the ControlPoint Anomalous Activity Detection Job captured the event)

·the User whose activity triggered the anomalous activity detection alert

·the Event Severity (as defined on the Sentinel Setup - Anomalous Activity Limits page)

·the Triggering Activity Level that resulted in the anomalous activity detection alert:

§for Default daily activity, activity above the specified limit for the Event Severity

§for Personal daily activity, the amount of activity for the Event Severity to which the specified deviations above from the user's "typical" usage pattern have been applied.

·the Expected Activity Level:

§for Default daily activity, the specified limit for the Event Severity

§for Personal daily activity, "typical" usage pattern as calculated by ControlPoint Sentinel

·the Delta Activity Level (that is, the difference between Triggering Activity Level and the Expected Activity Level).

To view detailed audit log data for a user:

Click the User link to generate a ControlPoint Audit Log analysis.

Default Menu Options for ControlPoint Online Users

The following tables identify ControlPoint default menu items at all levels of the SharePoint Hierarchy as well as the Manage ControlPoint panel.

The following terms are used to describe menu item behavior in a Multi-farm installation:

·Home Only - The operation can be performed on the home farm only.

·Home or Remote - The operation can be performed on a single farm; either home or remote

·Multiple - The operation can be performed on multiple farms.

·Farm-Independent - The operation is not farm-specific.

 

Tenant (Farm)-Level Default Menu Items

Tenant-Level Item

Type

Multi-Farm

Central Administration

(Tenant Admin Site)

SharePoint

Home only

Advanced Search

Search

Home or Remote

SharePoint Summary

Analysis

Home only

Farm Dashboard

Action

Home only

GDPR Dashboard

Action

Home only

Refresh SharePoint Hierarchy

Action

Home or Remote

Run Saved Instructions

Action

Home only

Farm Summary Dashboard

Action

Home only

GDPR Dashboard

Action

Home only

Activity folder:

Site Collection Activity

Analysis

Multiple

Audit and Alerts folder:

Create SharePoint Alerts

Action

Home only

Automation folder:

Set Metadata Value

Action

Home Only

Create Managed Metadata

Action

Home only

Compliance folder:

Available to members of the Compliance Administrators group

Analyze Content

Action

Home only

Compliance Summary

Analysis

Home only

Compliance Actions Audit

Analysis


Sensitive Content Activity

Analysis

Home only

Scanned files by Scope

Analysis

Home only

Scanned files by Search terms

Analysis

Home only

Configuration folder:

SharePoint Hierarchy

Analysis

Multiple

Content folder:

Managed Metadata Usage

Analysis

Multiple

Trend Analysis for Site Count

Analysis

Home only

Storage folder:

Site Collection Storage Analysis

Analysis

Multiple

Trend Analysis for Storage

Analysis

Home only

Storage by File Type

Analysis

Home only

Users and Security folder:

Set User Direct Permissions

Action

Multiple

Delete User Permissions

Action

Multiple

Duplicate User Permissions

Action

Multiple

Add User to SharePoint Group

Action

Home or Remote

Delete SharePoint Groups

Action

Home only

Backup Permissions

Action

Home only

Manage Permissions Backups

Action

Home only

Manage Permissions Inheritance

Action

Multiple

Orphaned Domain Users

Analysis

Multiple

Site Permission

Analysis

Multiple

Comprehensive Permissions

Analysis

Multiple

SharePoint Group Analysis

Analysis

Multiple

 

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione