Session settings
- 4 minutes to read
- Print
- DarkLight
- PDF
Session settings
- 4 minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
This document provides information about User Behavior’s Session settings which allows the administrator to configure session-related actions that will be considered suspicious and may trigger a request for user identity verification.
Pre-requisites
- Administrator permission.
Path to access
- On senhasegura, in the navigation bar, hover over the Products menu, and select User Behavior.
- In the side menu, select Management > Session settings.
General settings section
In this section, the administrator defines general session-related settings.
| Item | Type | Required | Description |
|---|---|---|---|
| Minimum suspicious score (1 to 15)* | Quantity input | Yes | Defines the score threshold at which a behavior will be considered suspicious. Default: 5 |
| User initial rating (0 to 10)* | Quantity input | Yes | Defines the initial score for the user in the system. 0 (zero) means that a new user is considered highly suspicious, and 10 (ten) indicates that new users are considered very trustworthy. Default: 5 |
Session settings section
In this section, the administrator defines the session-related settings.
| Item | Type | Required | Description |
|---|---|---|---|
| Number of days for history* | Quantity input | Yes | Defines the number of days considered to determine the user's standard behavior related to sessions. Default: 90 |
| Variation rate (%)* | Quantity input | Yes | Defines, in percentage, the deviation rate from the standard behavior that will be considered suspicious. Default: 10% |
| Submit high-risk sessions to audit?* | Toggle button | No | Enables or disables the submission of high-risk sessions to the audit queue. Default: disabled |
Attention
To submit high-risk sessions for auditing, you must select at least one default auditor. Configure default auditors in PAM Core > Management > Audit > Default Auditors.
Checking weight section
In this section, the administrator defines a score for each session in which some unusual action was performed. The results of these score sums can be accessed in the reports under User Behavior > Behavior Analysis > Session events. The Risk column of each report shows the total session score according to the values defined in the fields below.
| Item | Type | Required | Description |
|---|---|---|---|
| Access unusual target* | Quantity input | Yes | Defines the score for when the user accesses an unusual target device during the session. Maximum: 3 Default: 0 |
| Access unusual origin* | Quantity input | Yes | Defines the score for when the user starts the session from an unusual origin. Maximum: 3 Default: 0 |
| Access unusual credential* | Quantity input | Yes | Defines the score for when the user starts the session with an unusual credential. Maximum: 3 Default: 2 |
| Access unusual time* | Quantity input | Yes | Defines the score for when the user starts the session at an unusual time. Maximum: 3 Default: 3 |
| Access unusual duration* | Quantity input | Yes | Defines the score for when the user performs a session with an unusual duration. Maximum: 3 Default: 0 |
Actions for sessions with unusual length section
In this section, the administrator defines the consequences for sessions with unusual duration.
| Item | Type | Required | Description |
|---|---|---|---|
| Block session* | Dropdown menu | Yes | Defines the block for sessions with unusual duration. The options are Yes or No. Default: No |
| Block session and user* | Dropdown menu | Yes | Defines the block for both sessions with unusual duration and the user who conducted the session. The options are Yes or No. Default: No |
Actions for sessions held in unusual time section
In this section, the administrator defines the consequences for sessions conducted at unusual times.
| Item | Type | Required | Description |
|---|---|---|---|
| Block session* | Dropdown menu | Yes | Defines the block for sessions at unusual times. The options are Yes or No. Default: No |
| Block session and user* | Dropdown menu | Yes | Defines the block for sessions at unusual times and the user who conducted the session. The options are Yes or No. Default: No |
Actions for sessions of unusual origins section
In this section, the administrator defines the consequences for sessions conducted from unusual devices.
| Item | Type | Required | Description |
|---|---|---|---|
| Block session | Drop-down menu | Yes | Defines the block for sessions from unusual origins. The options are Yes or No. Default: No |
| Block session and user | Drop-down menu | Yes | Defines the block for sessions from unusual origins and the user who conducted the session. The options are Yes or No. Default: No |
Actions to sessions for unusual destinations section
In this section, the administrator defines the consequences for sessions conducted with unusual target devices.
| Item | Type | Required | Description |
|---|---|---|---|
| Block session* | Dropdown menu | Yes | Defines the block for sessions to unusual destinations. The options are Yes or No. Default: No |
| Block session and user* | Dropdown menu | Yes | Defines the block for sessions to unusual destinations and the user who conducted the session. The options are Yes or No. Default: No |
Actions for sessions with unusual credentials section
In this section, the administrator defines the consequences for sessions conducted with unusual credentials.
| Item | Type | Required | Description |
|---|---|---|---|
| Block session | Dropdown menu | Yes | Defines the block for sessions with unusual credentials. The options are Yes or No. Default: No |
| Block session and user | Dropdown menu | Yes | Defines the block for sessions with unusual credentials and the user who conducted the session. The options are Yes or No. Default: No |
Was this article helpful?
