Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
라이브 도움말 보기
등록 완료
로그인
가격 산정 요청
영업 담당자에게 문의
제품 번들을 선택했습니다. 귀하의 요청에 더 적합한 서비스를 제공해 드릴 수 있도록 개별 제품을 선택해 주십시오. *
지금은 채팅에 회신할 수 있는 기술 지원 엔지니어가 없습니다. 즉각적인 서비스를 받으려면 당사의 서비스 요청 양식을 사용하여 요청을 제출하십시오.
다음 문서의 설명에 따라 문제를 해결할 수 있습니다.
Threat Detection server events Threat Detection server activity is also monitored. Events are generated when: • A risky user is identified. • Risky user severity is increased or decreased. • An alert is generated. • An alert is marked as a risk. • An alert is marked as not a risk. To view Threat Detection events in the Change Auditor client: • Open the Audit Events page on the Administration Tasks tab | Auditing The events are listed under the Threat Detection - Risky User" facility and the "Threat Detection - Alert" facility. The event details pane contains information to help gain a better understanding of the activities taking place on the Threat Detection server including: ▪ The number of alerts and their name, severity, score. ▪ User risk score, severity, old and new severity. ▪ When the Threat Detection server started processing the alert. ▪ Indicator s associated with the alert. ▪ Contribution to user score . For more information on the details displayed for these events, see the Change Auditor Event Reference guide.
Threat Detection server activity is also monitored. Events are generated when:
The events are listed under the Threat Detection - Risky User" facility and the "Threat Detection - Alert" facility.
The event details pane contains information to help gain a better understanding of the activities taking place on the Threat Detection server including:
For more information on the details displayed for these events, see the Change Auditor Event Reference guide.
Threat detection concepts The following section describes the terms and concepts used within Change Auditor Threat Detection to help you understand how risk is assessed and alerts are determined. • Baselines • Threat indicators • SMART alerts • Risk scoring
The following section describes the terms and concepts used within Change Auditor Threat Detection to help you understand how risk is assessed and alerts are determined.
Baselines Change Auditor Threat Detection applies machine learning to build behavioral features and a multi-dimensional baseline of typical behavior for each user in your environment. The baseline comprises a unique set of identifiers to ensure that only abnormal behaviors are flagged. For example, the baseline can include information about when a user typically logs on, which workstation they use, whether they tend to log on from remote locations, which files they typically access and so on. As the baselines are refined over time, the Threat Detection server makes logical assumptions around what to expect, which minimizes the chances for any alarms around normal changes in activity. Change Auditor Threat Detection requires 30 days of audit history to establish the initial user behavior baselines.
Change Auditor Threat Detection applies machine learning to build behavioral features and a multi-dimensional baseline of typical behavior for each user in your environment. The baseline comprises a unique set of identifiers to ensure that only abnormal behaviors are flagged. For example, the baseline can include information about when a user typically logs on, which workstation they use, whether they tend to log on from remote locations, which files they typically access and so on.
As the baselines are refined over time, the Threat Detection server makes logical assumptions around what to expect, which minimizes the chances for any alarms around normal changes in activity. Change Auditor Threat Detection requires 30 days of audit history to establish the initial user behavior baselines.
Threat indicators Indicators define risky activity, such as suspicious user logons, brute-force password attacks, unusual Active Directory changes, and abnormal file access. However, threat indicators are not constrained to a specific raw event — they use machine learning to identify patterns of events that together could indicate a threat. Specifically, as raw events stream in, the Threat Detection server analyzes human actors, accounts, locations and operations to identify behavior that deviates from established baselines. Abnormal and risky behaviors are evaluated to produce threat indicators. These indicators are based on present and historical patterns, as well as specifically defined risky object attributes. An indicator consolidates all activities that are detected as abnormal. Anomalous behavior that corresponds with a threat indicator is identified based on the event’s rarity and criticality. This strategy ensures that only behavioral changes that are important and potentially indicative of a suspicious activity are highlighted out of the raw events. Threat indicators are the basis for the formation of alerts. Sorted by severity to reflect the security importance, alerts are managed by the analyst providing investigation and feedback.
Indicators define risky activity, such as suspicious user logons, brute-force password attacks, unusual Active Directory changes, and abnormal file access. However, threat indicators are not constrained to a specific raw event — they use machine learning to identify patterns of events that together could indicate a threat.
Specifically, as raw events stream in, the Threat Detection server analyzes human actors, accounts, locations and operations to identify behavior that deviates from established baselines.
Abnormal and risky behaviors are evaluated to produce threat indicators. These indicators are based on present and historical patterns, as well as specifically defined risky object attributes. An indicator consolidates all activities that are detected as abnormal.
Anomalous behavior that corresponds with a threat indicator is identified based on the event’s rarity and criticality. This strategy ensures that only behavioral changes that are important and potentially indicative of a suspicious activity are highlighted out of the raw events.
Threat indicators are the basis for the formation of alerts. Sorted by severity to reflect the security importance, alerts are managed by the analyst providing investigation and feedback.
계열사 지원 사이트에서 Quest *제품*에 대한 온라인 지원 도움말을 볼 수 있습니다. 올바른 *제품* 지원 콘텐츠 및 지원에 연결하려면 계속을 클릭하십시오.
The document was helpful.
평가 결과 선택
I easily found the information I needed.
Quest Software 포털은 더 이상 IE 8, 9, 10을 지원하지 않습니다. 브라우저를 최신 버전의 Internet Explorer나 Chrome으로 업그레이드하는 것이 좋습니다.
IE 11로 업그레이드 여기를 클릭
Chrome으로 업그레이드 여기를 클릭
IE 8, 9 또는 10을 계속 사용할 경우 당사가 제공하는 뛰어난 셀프서비스 기능 모두를 최대한으로 활용하실 수 없습니다.
