# Step 8. Behavior analysis
# Step 8. Behavior analysis
## Introduction
Using PAM you can configure **policies and rules** in the Soffid console to detect actions or behaviors that may put your organization at risk. With this information, you will be able to analyze the behavior of the critical accounts that you have defined in your systems and configure what actions you want to run in each case.
Once you create the PAM policy, you must assign it to the proper folder on the password vault.
# Step 8.1. PAM Rules
## Step-by-step
1. To create a new PAM Rule, you must access the PAM Rules page in the following path:
`Main Menu > Administration > Configure Soffid > Security settings > PAM rules`
2. To add a new PAM rule, you must click the add button (+) and Soffid will display a new window to fill in the data.
- The **Name** should be an identificative and unique rule name. That field will be mandatory.
- The **Description** should be a brief description of the rule.
- The **Type** allows you to select the rule will be a keyboard or a screen rule. That field will be mandatory.
- The **Content** should be what the rule will detect. For instance, a Linux command like *sudo* or *rm \*-r*. That field will be mandatory.
3. Then you need to click on the "Apply changes" button to save the new PAM rule.
3.1. If you click on the "Undo" button, no updates will be saved.
4. Finally you can create a PAM policy to apply the rules.
## Screen overview
# Step 8.2. PAM Policies
## Step-by-step
1. To create a new PAM Policy, you must access the PAM Rules page in the following path:
`Main Menu > Administration > Configure Soffid > Security settings > PAM policies`
2. To create a new PAM policy, you must click the add button (+) and Soffid will display a new window to fill in the data.
- The **Name** should be an identificative and unique policy name. That field will be mandatory.
- The **Description** should be a brief description of the rule.
- The **Rules list**: show a list of the PAM rules defined. You can check/uncheck the available options. You can choose zero, one, or several options:
- **Close session**: if you select this option when the rule is met, Soffid will close the session opened.
- **Lock account**: if you select this option when the rule is met, Soffid will lock the account.
- **Open issue**: if you select this option when the rule is met, Soffid will open an issue in the ticketing system.
- **Notify**: if you select this option when the rule is met, Soffid will send a notification about the action.
3. Then you need to click on the "Apply changes" button to save the new PAM policy.
3.1. If you click on the "Undo" button, no updates will be saved.
4. Finally you can assign the PAM policy to the proper Password vault folder.
## Screen overview
[](https://bookstack.soffid.com/uploads/images/gallery/2023-07/image-1688998468318.png)
# Step 8.3. Assign PAM policy
### Assign PAM policy
1. To assign the PAM policy to a Password Vault folder, you must access the Password vault page in the following path:
`Main Menu > Administration > Resources > Password vault`
2. Then you must select the folder by clicking on the record. Soffid will display a window with the folder data.
3. You can select the password policy selecting it on the drop-down list.
4. Finally you need to click on the "Apply changes" button to save the password policy,
4.1. If you click on the "Undo" button, no updates will be saved.
## Screen overview
[](https://bookstack.soffid.com/uploads/images/gallery/2023-07/image-1688998386905.png)