Alerts in BeyondInsight Clarity Analytics
There are two types of alerts:
- Pattern: Determined by correlation of all characteristics of an event.
- Explicit: Determined by selected specific characteristics.
Alert | Type | Description |
a1 | pattern |
Maps all characteristics of an event into a single internal cluster using self-organizing maps clustering. Similar event characteristics lead to the same cluster. Thus, clusters with high share of mapped events represent typical behavior, while clusters with small number of events indicate outliers. Each user, host, or asset's characteristics are tracked independently with independent sets of clusters. Clusters are hidden and are used only for analysis. They do not behave the same as asset clusters. Used characteristics:
|
a2 | explicit |
Untrusted Application Default value: 0.33
|
a5 | explicit |
Event Timing Event time within working hours and weekday Default value: 0.33
|
a6 | explicit |
Untrusted User Default value: 0.33
|
a7 | explicit |
First App Launch The alert is flagged when a user launches an application they have never launched before. |
a8 | explicit |
First request for given managed account and system (Password Safe). The alert is flagged when a user request password for account and system have never requested before. |
a9 | explicit |
Unusual password releases (Password Safe) The alert is flagged when a user does not retrieve the password for approved request or the password is retrieved more than once. |
a10 | explicit |
Concurrent password requests (Password Safe). The alert is flagged when a user tries to acquire more than one password at a time. |