立即与支持人员聊天
与支持团队交流

ControlPoint 8.7 - User Guide

Preface Getting Started with ControlPoint Using Discovery to Collect Information for the ControlPoint Database Cache Searching for SharePoint Sites Managing SharePoint Objects Using ControlPoint Policies to Control Your SharePoint Environment Managing SharePoint User Permissions Data Analysis and Reporting
Specifying Parameters for Your Analysis Analysis Results Display Generating a SharePoint Summary Report Analyzing Activity Analyzing Object Properties Analyzing Storage Analyzing Content Generating a SharePoint Hierarchy Report Analyzing Trends Auditing Activities and Changes in Your SharePoint Environment Analyzing SharePoint Alerts Analyzing ControlPoint Policies Analyzing Users and Permissions The ControlPoint Task Audit Viewing Logged Errors
Scheduling a ControlPoint Operation Saving, Modifying and Running Instructions for a ControlPoint Operation Using the ControlPoint Governance Policy Manager Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity Provisioning SharePoint Site Collections and Sites Default Menu Options for ControlPoint Users About Us

Preparing Your Environment for Using ControlPoint Sentinel

Before ControlPoint Sentinel can begin collecting data for Anomalous Activity Detection:

A.SharePoint auditing must be enabled on all site collections for which Anomalous Activity detection will be performed.

B.Anomalous Activity Detection must be enabled to run:

§via the ControlPoint Anomalous Activity Detection job

OR

§as part of the ControlPoint Scheduled Job Review.

Enabling SharePoint Auditing

ControlPoint Sentinel analyzes the following SharePoint audit log events for Anomalous Activity Detection:

·Editing items

·Deleting or restoring items

You can enable these settings for individual site collections from within SharePoint or, for a larger scope, using the ControlPoint Manage Audit Settings action.

Manage Audit Settings for AAD

Enabling the Anomalous Activity Detection Job

1From SharePoint Central Administration, select Monitoring, then choose Timer Jobs > Review job definitions.

2Select ControlPoint Anomalous Activity Detection Job.

AAD Job ENABLE

By default, the job is scheduled to run daily, at 5:00 am (local server time).  You may however, change the schedule to run more frequently.  Note that, the more frequently the job is run, the sooner an alert may be generated when an Anomalous Activity Limit is reached.

3Click [Enable].

Enabling Anomalous Activity Detection via the ControlPoint Scheduled Job Review

As an alternative to using the Anomalous Activity Detection Job, you can choose to have anomalous activity detection performed as part of the ControlPoint Scheduled Job Review (which, by default, runs every 10 minutes).  ControlPoint Application Administrators can enable this option by changing the ControlPoint Configuration Setting Enable Options That Require Anomalous Activity Detection from False to True.

Config Setting ANOMALOUSACTIVITYENABLED

Refer to the ControlPoint Administration Guide for more detail on modifying ControlPoint Configuration Settings.

Reporting Anomalous Activity

The ControlPoint Sentinel Report lets you view anomalous activity events for which an Alert has been specified on the Sentinel Setup - Anomalous Activity Rules page.  You can also filter results by user and/or date range.

To report anomalous activity:

1From the Manage ControlPoint tree choose ControlPoint Sentinel > Sentinel Report.

2If you want to narrow your results, enter one or more user(s) in the People Picker and/or enter a date range.

NOTE:  If you leave the From and To Dates blank, all available results will be returned.

Sentinel Report

The tiles at the top of the report highlight the following statistics:

·The Total Number of Anomalous Activities Detected

·The number of High Risk Events as characterized by ControlPoint Sentinel

·The Number of Users with anomalous activity

·The Security Risk Score (which is derived by the Severity of each activity within the date range covered by the report)

For each anomalous event detected, report detail displays:

·the Event Time (that is, the date and the time when the ControlPoint Anomalous Activity Detection Job captured the event)

·the User whose activity triggered the anomalous activity detection alert

·the Event Severity (as defined on the Sentinel Setup - Anomalous Activity Limits page)

·the Triggering Activity Level that resulted in the anomalous activity detection alert:

§for Default daily activity, activity above the specified limit for the Event Severity

§for Personal daily activity, the amount of activity for the Event Severity to which the specified deviations above from the user's "typical" usage pattern have been applied.

·the Expected Activity Level:

§for Default daily activity, the specified limit for the Event Severity

§for Personal daily activity, "typical" usage pattern as calculated by ControlPoint Sentinel

·the Delta Activity Level (that is, the difference between Triggering Activity Level and the Expected Activity Level).

To view detailed audit log data for a user:

Click the User link to generate a ControlPoint Audit Log analysis.

Provisioning SharePoint Site Collections and Sites

ControlPoint Site Provisioning functionality automates the management of end user requests for new site collections and sites, which are based on "Provisioning Profiles" that you define.  You can use ControlPoint's built-in functionality to associate specific site collection-, site-, and list-level properties with a particular Profile, and enforce their usage within the site collections or sites that use it.  You can even attach one or more ControlPoint Governance Policies to a Profile.

NOTE:  This feature is not available for Non-Standard installations.

Managing Site Provisioning Profiles

Before an end user can request a new site collection or site, at least one Provisioning Profile must have been created.  Once created, the Provisioning Profile becomes available to end users when a request for a new site collection or site is initiated.

Provisioning Profile Tiles

To launch the ControlPoint Provisioning Profile Manager:

From the Manager ControlPoint panel, choose Governance Policy Manager and Provisioning > Provisioning Profile Manager.

Provisioning Profiles

To create a Provisioning Profile:

1From the Provisioning Profile Manager main page, choose [Create].

2Complete the fields on the Build New Provision Profile page as follows:

§Enter the Profile Name as you want it to display in the Provisioning Profile Manager list.

§Enter the End User Description as you want it to display in the Request a Site or Site Collection page.

§Enter the Profile Description as you want it to display in the Provisioning Profile Manager list.

§Select a Profile Type (Site Collection or Sub Site)

§Select a Base SharePoint Template.

Provisioning Proviles BUILD NEW

NOTE: If you want to be able to select a template based on a site definition (such as a Publishing site or a custom site definition that has been deployed to the farm), the feature for that site definition must be activated on the ControlPoint Configuration Site collection.

3If you want to Attach Additional Profile Settings:, you can

§Click the appropriate link—Set Site Collection Properties (if available), Set Site Properties, or Set List Properties—and complete the applicable window.

NOTE:  If you select Enforce Policy and schedule the operation to run on a recurring basis, it will be enforced for any site collection or site created using that Profile.

§If you want to attach one or more existing ControlPoint Governance Policies to the Provisioning Profile, select from the available Governance Polices

Provisioning Profiles ADDITIONAL SETTINGS

NOTE:  If the Governance Policy that you want to attach to the Profile does not appear in the list, click [Governance Policy Manager], and create a new Governance Policy.  When you return to the Build New Provision Profile page , click [Create], then edit the Profile see the new Governance Policy in the list.

NOTE:  To access instructions for completing the applicable ControlPoint operation, click the Help icon () at the top right corner of the window or refer to the relevant section of the ControlPoint User Guide.

4Click [Create].

To edit a Provisioning Profile:

1From the Provisioning Profile Manager main page, check the box to the left of the Profile that you want to edit.

2Click [Edit].

3Edit the fields on the Edit Provision Profile page as appropriate.

4Click [Update].

To delete one or more Provisioning Profiles:

1From the Provisioning Profile Manager main page, check the box to the left of the Profile(s) that you want to delete.

2Click [Delete]

You will be prompted to confirm your action before continuing.

 

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级