Chat now with support
Chat with Support

Metalogix ControlPoint 8.2 - User Guide

Preface Getting Started with ControlPoint Using Discovery to Collect Information for the ControlPoint Database Cache Searching for SharePoint Sites Managing SharePoint Objects
Accessing SharePoint Pages Viewing Properties of an Object within the SharePoint Hierarchy Creating Dashboards for Monitoring Statistics within Your SharePoint Farm Setting Object Properties Managing Site Collection and Site Features Managing Audit Settings Creating and Managing SharePoint Alerts Setting ControlPoint Alerts Managing Metadata Copying and Moving SharePoint Objects (Version 8.0 and Earlier) Moving a Site Collection to Another Content Database Deleting Sites Deleting Lists Archiving Audit Log Data Before Moving or Deleting a Site Collection Duplicating a Workflow Definition from one List or Site to Others Removing a Workflow from One or More Lists (or Sites)
Using ControlPoint Policies to Control Your SharePoint Environment Managing SharePoint User Permissions Data Analysis and Reporting
Specifying Parameters for Your Analysis Analysis Results Display Generating a SharePoint Summary Report Analyzing Activity Analyzing Object Properties Analyzing Storage Analyzing Content Generating a SharePoint Hierarchy Report Analyzing Trends Auditing Activities and Changes in Your SharePoint Environment Analyzing SharePoint Alerts Analyzing ControlPoint Policies Analyzing Users and Permissions The ControlPoint Task Audit Viewing Logged Errors
Scheduling a ControlPoint Operation Saving, Modifying and Executing Instructions for a ControlPoint Operation Using the ControlPoint Governance Policy Manager (SharePoint 2010 and Later) Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity Default Menu Options for ControlPoint Users About Us

Preparing Your Environment for Using ControlPoint Sentinel

Before ControlPoint Sentinel can begin collecting data for Anomalous Activity Detection:

A.SharePoint auditing must be enabled on all site collections for which Anomalous Activity detection will be performed.

B.Anomalous Activity Detection must be enabled to run:

§via the ControlPoint Anomalous Activity Detection job

OR

§as part of the ControlPoint Scheduled Job Review.

Enabling SharePoint Auditing

ControlPoint Sentinel analyzes the following SharePoint audit log events for Anomalous Activity Detection:

·Editing items

·Deleting or restoring items

You can enable these settings for individual site collections from within SharePoint or, for a larger scope, using the ControlPoint Manage Audit Settings action.

Manage Audit Settings for AAD

Enabling the Anomalous Activity Detection Job

1From SharePoint Central Administration, select Monitoring, then choose Timer Jobs > Review job definitions.

2Select ControlPoint Anomalous Activity Detection Job.

AAD Job ENABLE

By default, the job is scheduled to run daily, at 5:00 am (local server time).  You may however, change the schedule to run more frequently.  Note that, the more frequently the job is run, the sooner an alert may be generated when an Anomalous Activity Limit is reached.

3Click [Enable].

Enabling Anomalous Activity Detection via the ControlPoint Scheduled Job Review

As an alternative to using the Anomalous Activity Detection Job, you can choose to have anomalous activity detection performed as part of the ControlPoint Scheduled Job Review (which, by default, runs every 10 minutes).  ControlPoint Application Administrators can enable this option by changing the ControlPoint Configuration Setting Enable Options That Require Anomalous Activity Detection from False to True.

Config Setting ANOMALOUSACTIVITYENABLED

Refer to the ControlPoint Administration Guide for more detail on modifying ControlPoint Configuration Settings.

Reporting Anomalous Activity

The ControlPoint Sentinel Report lets you view anomalous activity events for which an Alert has been specified on the Sentinel Setup - Anomalous Activity Rules page.  You can also filter results by user and/or date range.

To report anomalous activity:

1From the Manage ControlPoint tree choose ControlPoint Sentinel > Sentinel Report.

2If you want to narrow your results, enter one or more user(s) in the People Picker and/or enter a date range.

NOTE:  If you leave the From and To Dates blank, all available results will be returned.

Sentinel Report

The tiles at the top of the report highlight the following statistics:

·The Total Number of Anomalous Activities Detected

·The number of High Risk Events as characterized by ControlPoint Sentinel

·The Number of Users with anomalous activity

·The Security Risk Score (which is derived by the Severity of each activity within the date range covered by the report)

For each anomalous event detected, report detail displays:

·the Event Time (that is, the date and the time when the ControlPoint Anomalous Activity Detection Job captured the event)

·the User whose activity triggered the anomalous activity detection alert

·the Event Severity (as defined on the Sentinel Setup - Anomalous Activity Limits page)

·the Triggering Activity Level that resulted in the anomalous activity detection alert:

§for Default daily activity, activity above the specified limit for the Event Severity

§for Personal daily activity, the amount of activity for the Event Severity to which the specified deviations above from the user's "typical" usage pattern have been applied.

·the Expected Activity Level:

§for Default daily activity, the specified limit for the Event Severity

§for Personal daily activity, "typical" usage pattern as calculated by ControlPoint Sentinel

·the Delta Activity Level (that is, the difference between Triggering Activity Level and the Expected Activity Level).

To view detailed audit log data for a user:

Click the User link to generate a ControlPoint Audit Log analysis.

Default Menu Options for ControlPoint Users

The following tables identify ControlPoint default menu items at all levels of the SharePoint Hierarchy as well as the Manage ControlPoint panel.

The following terms are used to describe menu item behavior in a Multi-farm  installation:

·Home Only - The operation can be performed on the home farm only.

·Home or Remote - The operation can be performed on a single farm; either home or remote

·Multiple - The operation can be performed on multiple farms.

·Farm-Independent - The operation is not farm-specific.

 

Farm-Level Default Menu Items

Farm-Level Item

Type

Multi-Farm

Central Administration

Not available to members of the Business Administrators group.

SharePoint

Home or Remote

Advanced Search

Search

Home or Remote

Search Hierarchy

Search

Home only

SharePoint Summary

Not available to members of the Business Administrators group.

Analysis

Home only

Refresh SharePoint Hierarchy

Action

Home or Remote

Properties

Action

Home or Remote

Execute Saved Instructions

Not available to members of the Business Administrators group.

Action

Home only

Refresh with Ribbon On/Off

Available for single-farm installations only.

Action

Farm-Independent

Activity folder:

Most/Least Activity

Not available for WSS-only farms.

Analysis

Home only

Site Collection Activity Analysis

Analysis

Multiple

Site Activity Analysis

Not available for WSS-only farms.

Analysis

Multiple

Trend Analysis for Activity

Not available for WSS-only farms.

Analysis

Home only

Activity by Profile Property

Available for SharePoint 2010 and later Server farms.

Analysis

Home only

Activity by User

Not available for WSS-only farms.

Analysis

Multiple

Activity by Document

Not available for WSS-only farms.

Analysis

Multiple

Checked Out Documents

Analysis

Multiple

Blog Post Activity

Available for SharePoint 2010 and later farms.

Analysis

Home only

Inactive Users

Not available for WSS-only farms.

Analysis

Home only

Social Activity Analysis

Available for SharePoint Server 2010 farms.

Analysis

Home only

Audits and Alerts folder:

Manage Audit Settings

Action

Multiple

ControlPoint Alerts

Action

Home only

Create SharePoint Alerts

Action

Home only

Manage SharePoint Alerts

Action

Home only

Audit Log Analysis

Analysis

Multiple

Change Log Analysis

Analysis

Multiple

SharePoint Alerts by Site

Analysis

Multiple

SharePoint Alerts by User

Analysis

Multiple

Automation folder:

Create ControlPoint Policy

Action

Home only

Manage ControlPoint Policies

Action

Home only

Governance Policy Manager

Available for SharePoint 2010 and later farms.  Not available to members of the Business Administrators group.

Action

Home only

Set Metadata Value

Available for SharePoint Server 2010 and later farms.

Action

Home only

Create Managed Metadata

Available for SharePoint Server 2010 and later farms.

Action

Home only

Manage SharePoint Groups

Action

Home or Remote

ControlPoint Policies

Analysis

Home only

Change Management folder:

Content Types

Analysis

Multiple

Web Parts by Part

Analysis

Multiple

Web Parts by Site

Analysis

Multiple

Workflow Analysis

Analysis

Multiple

Compliance folder:

Available for SharePoint 2010 and later farms, and not available to members of the Business Administrators group.

Analyze Content

Action

Home only

Managing Quarantine Documents

Action

Home only

Compliance Summary

Analysis

Home only

Sensitive Content Activity

Analysis

Home only

Scanned files by Scope

Analysis

Home only

Scanned files by Search terms

Analysis

Home only

Configuration folder:

Set Site Collection Properties

Action

Multiple

Set Site Properties

Action

Multiple

Set List Properties

Action

Multiple

Manage Site Collection Features

Action

Multiple

Manage Site Features

Action

Multiple

SharePoint Hierarchy

Analysis

Multiple

Site Collection Properties

Analysis

Home Only

Site Properties

Analysis

Home Only

List Properties

Analysis

Multiple

Content folder:

Managed Metadata Usage

Available for SharePoint Server 2010 and later farms.

Analysis

Multiple

Trend Analysis for Site Count

Analysis

Home only

Broken Links

Analysis

Multiple

Solution Summary

Not available to members of the Business Administrators group.

Analysis

Multiple

Storage folder:

Most/Least Storage

Not available for WSS-only farms.

Analysis

Home Only

Site Collection Storage Analysis

Analysis

Multiple

Site Storage Analysis

Analysis

Multiple

Content Database Storage

Analysis

Multiple

Trend Analysis for Storage

Analysis

Home only

Duplicate Files

Analysis

Home only

Storage by File Type

Analysis

Home only

Recycle Bins

Analysis

Multiple

Users and Security folder:

Set User Direct Permissions

Action

Multiple

Delete User Permissions

Action

Multiple

Duplicate User Permissions

Action

Multiple

Add User to SharePoint Group

Action

Home or Remote

Delete SharePoint Groups

Action

Home only

Backup Permissions

Action

Home only

Manage Permissions Backups

Action

Home only

Manage Permissions Inheritance

Action

Multiple

Migrate Users

Action

Home or Remote

Orphaned Domain Users

Analysis

Multiple

Site Permission

Analysis

Multiple

Comprehensive Permissions

Analysis

Multiple

Comprehensive User Analysis

Analysis

Home only

SharePoint Group Analysis

Analysis

Multiple

 

Related Documents