予定されていた保守を実行中のため、サポートサイトでのフォームの送信が一時的に利用できません。 すぐにサポートが必要な場合は、テクニカルサポートまでお問い合わせください。 ご不便をおかけして申し訳ありません。
オンラインヘルプの参照
登録の完了
サインイン
価格設定をリクエスト
営業担当に連絡
製品バンドルが選択されました。 リクエストにより良く対応できるように、個別の製品を選択していただけますか? *
現在、テクニカル・サポート・エンジニアはお客様のチャットに対応できません。 迅速にサービスを受けられるよう、サービス・リクエスト・フォームを使用して
お客様の説明に基づいて、以下の記事が問題解決に役立つ可能性があります。
SMART alerts SMART (Significant Multidimensional Anomaly Reduction Technology) is a correlation technology that provides prioritized results for dynamic and frequently changing behaviors. The technology uses statistical and machine learning algorithms to identify unique connections between anomalies, thereby reducing false positives and helping to spot threats. SMART prioritizes and consolidates threats that reflect a meaningful deviation in user behavior. As a result, while millions of raw events might yield discovery of thousands of threat indicators, only patterns of truly suspicious behavior are scored. This means that fewer alerts are raised in the Threat Detection dashboard, and fewer false positives are identified. Like baselines, SMART alerts improve over time as more log data is processed, so they deliver increasingly accurate user threat detection.
SMART (Significant Multidimensional Anomaly Reduction Technology) is a correlation technology that provides prioritized results for dynamic and frequently changing behaviors. The technology uses statistical and machine learning algorithms to identify unique connections between anomalies, thereby reducing false positives and helping to spot threats.
SMART prioritizes and consolidates threats that reflect a meaningful deviation in user behavior. As a result, while millions of raw events might yield discovery of thousands of threat indicators, only patterns of truly suspicious behavior are scored. This means that fewer alerts are raised in the Threat Detection dashboard, and fewer false positives are identified. Like baselines, SMART alerts improve over time as more log data is processed, so they deliver increasingly accurate user threat detection.
Risk scoring Each alert is assigned a risk score based on the criticality of its threat indicators. All the alerts that have been identified for each user are combined to produce an overall user risk score that reflects how risky or suspicious that user is. To ensure that only highly suspicious patterns of activity are highlighted and more innocuous alerts are suppressed, risk scoring is applied at four different stages. Table 1. Event scoring stages Stage Description Stage 1: Event scoring Each raw event is given an initial risk score that rates the abnormality of its parameters, such as the computer, time or file location. Stage 2: Threat indicator scoring Similar events are grouped as threat indicators and scored again to identify abnormal patterns that extend over a period of time, such as an hour. Stage 3: Alert scoring SMART alerts correlate events and threat indicators into an aggregate alert, which is scored for a third time based on the uniqueness of its composition and the severity of the activities involved. Indicators that are not scored high enough, or that are not correlated with other indicators in the same time period, are eliminated as false positives so that they do not create excessive noise. Only the SMART alerts that are scored as most critical are shown in the dashboard. The final score ranges between 0 and 100, where 0 reflects an event/session/user which is completely adequate with the normal baseline, whereas 100 indicates a very unusual anomaly. Stage 4: User risk scoring The user risk score is an aggregate of the contribution to user scores for each alert related to the user. The contribution to the user score value for the alert is dependent on the alert severity. Critical alerts contribute 20, high contribute 15, medium contribute 10, and low contribute 1. The users with the highest risk scores are highlighted in the Threat Detection dashboard. Figure 1. Event scoring stages
Each alert is assigned a risk score based on the criticality of its threat indicators. All the alerts that have been identified for each user are combined to produce an overall user risk score that reflects how risky or suspicious that user is. To ensure that only highly suspicious patterns of activity are highlighted and more innocuous alerts are suppressed, risk scoring is applied at four different stages.
Table 1. Event scoring stages
Stage
Description
Stage 1: Event scoring
Each raw event is given an initial risk score that rates the abnormality of its parameters, such as the computer, time or file location.
Stage 2: Threat indicator scoring
Similar events are grouped as threat indicators and scored again to identify abnormal patterns that extend over a period of time, such as an hour.
Stage 3: Alert scoring
SMART alerts correlate events and threat indicators into an aggregate alert, which is scored for a third time based on the uniqueness of its composition and the severity of the activities involved.
Indicators that are not scored high enough, or that are not correlated with other indicators in the same time period, are eliminated as false positives so that they do not create excessive noise. Only the SMART alerts that are scored as most critical are shown in the dashboard.
The final score ranges between 0 and 100, where 0 reflects an event/session/user which is completely adequate with the normal baseline, whereas 100 indicates a very unusual anomaly.
Stage 4: User risk scoring
The user risk score is an aggregate of the contribution to user scores for each alert related to the user. The contribution to the user score value for the alert is dependent on the alert severity. Critical alerts contribute 20, high contribute 15, medium contribute 10, and low contribute 1. The users with the highest risk scores are highlighted in the Threat Detection dashboard.
Figure 1. Event scoring stages
Threat Detection process Threat Detection process includes the following steps: 1 Events are sent to the Threat Detection server to be processed and analyzed. 2 Machine learning and user behavior analytics analyze user actions in the stream of events and builds a multi-dimensional baseline of typical behavior for each user in the environment. 3 Once the baselines are established, predefined threat indicators are used to detect anomalous user activity in real time. 4 SMART technology provides prioritized alerts that reflect a meaningful deviation in user behavior. 5 A risk score is assigned to each alert to identify the level of threat they pose to your environment. 6 A risk score is assigned to each user. This score is a sum of the total alert points assigned to the user using the "contribution to user score'" points associated with each alert. Users with the highest user risk scores are highlighted in the Threat Detection dashboard, creating a dynamic watch list of emerging risky user threats sorted by severity.
Threat Detection process includes the following steps:
Using the Threat Detection Dashboard • Deployment and installation • Accessing the dashboard • Overview tab • Users tab • Alerts Tab • How to perform an alert investigation • Common functions
Quest *product*のオンラインサポートヘルプは、関連会社のサポートサイトで参照できます。「Continue(続行)」をクリックすると、*product*の適切なサポートコンテンツとアシスタンスへ移動します。
The document was helpful.
評価を選択
I easily found the information I needed.
Quest Softwareポータルでは、IE8、9、10のサポートを終了しました。ブラウザを最新バージョンのInternet ExplorerまたはChromeにアップグレードすることをお勧めします。
IE 11へのアップグレード: ここをクリック
Chromeへのアップグレード: ここをクリック
の優れたセルフサービス機能を最大限に活用していただけるよう、IE8、9、10以外のブラウザをぜひご利用ください。
