Change Auditor Threat Detection 7.0.2 - Deployment Guide

Reviewing configuration status

The status of the Threat Detection configuration is displayed on the configuration page.

1
Select Administration Tasks | Configuration | Threat Detection.
2
Click Refresh.

Configured

The Threat Detection server is properly configured.

Not configured

The Threat Detection server is not configured. See Creating a Threat Detection configuration.

Update is required

An update is required on the Threat Detection server. See Upgrading the Threat Detection server.

License required

A valid Threat Detection license has not been applied.

License expired

The Threat Detection license has expired.

Configured server deployment details

For a configured server, the following deployment details are displayed:

Removing a configuration

Deleting the configuration only removes configuration information from Change Auditor. It does not remove data or configuration on the Threat Detection server.

If you are removing the configuration as a part of a clean up process, you can delete the Threat Detection server after removing configuration.

If you are removing the configuration and plan to start over, you can either revert to a snapshot from a previously deployed (but not configured) Threat Detection server or deploy a new Threat Detection server.

 

1
Select Administration Tasks | Configuration | Threat Detection.
2
Click Remove Configuration.

Historical events and your baseline calculations

Before the Threat Detection server can generate alerts, it needs to establish user behavior baseline. The baseline is built by processing 30 days of historical or real time events. Refer to the Change Auditor Threat Detection User Guide for information about baseline modeling.

When you create the Threat Detection configuration, you can specify how many days of historical events should be sent to the Threat Detection server to create the baseline.

Real-time events (0 days)

Historical events (more than 0 days)

Use the following as guidance on the number of days to specify when you create your Threat Detection configuration:

相关文档