Adjusting session risk scoring & threat analytics parameters
Sectona Security Platform uses a combination of users access events (user behavior) and activity events (threat levels) to determine a session risk score. Platform leverages composite risk scoring to determine the overall session risk score used for scoring threat levels for every session.
Risk score are determined basis risk libraries activated & configured and calculated once user session is completed. By default all rules are set with a default risk levels and all events are analyzed using default risk levels.
This section covers:
Understanding Risk Scoring Mechanism
Risk score is calculated by determining the registered events that passes validity criteria set out in risk libraries. To determine a final risk score for a session, system analyzes total events generated during the session and correlates with number of behavioral events (Total Events). Further, system categories events as per then defined criticality level scoring defined in the system & aggregates events &to arrive Criticality level scoring ( Total Events * Criticality Level Weight). Finally, system further determines final risk score by Total Score of Criticality Levels / number of events.
Criticality Level | Risk Score | Weight | Color Assigned |
|---|---|---|---|
Low | 0 to 25 | 25 | |
Medium | 26 to 50 | 50 | |
High | 51 to 75 | 75 | |
Critical | 76 to 100 | 100 |
Configuring Risk Level
To define a risk level in Sectona PAM, follow below recommended steps:
Login to Sectona and select PAM from the product navigator.
As the PAM product user, navigate to the Policies → General → Risk Scoring → select the action button next to Activity you want to configure.
From the Risk Scoring tab you change the risk level by clicking selecting the desired risk level within the Configured Risk Level drop-down menu and click on Update.