Skip to main content

Step 8. Behavior analysis

 

Using PAM you can configure policies and rules in the Soffid console to detect actions or behaviors that may put your organization at risk. With this information, you will be able to analyze the behavior of the critical accounts that you have defined in your systems and configure what actions you want to run in each case.

Step-by-step

xxxxxxxxxxxxxxxxx

PAM Rules

1.  First of all, the agent must be created on Soffid. That agent could be a SQL Server agent, or an Oracle agent. To create ana agentenew youPAM can visit the next page... &&TODO&&

2. Then,Rule, you must access the networkPAM discoveryRules page in hethe following path:

Main Menu > Administration > ResourcesConfigure Soffid > NetworkSecurity discoverysettings > PAM rules

3.2. OnceTo add a new PAM rule, you havemust accessedclick the networkadd discoverybutton page,(+) and Soffid will display alla new window to fill in the networks.data.

  • The Name should be an identificative and unique rule name. That field will be mandatory.
  • The Description  should be a brief description of the rule.
  • The Type allows you to select the rull will be a keyboard or a screen rule. That field will be mandatory.
  • The Content should be what the rule will detect. For instance, 

     a Linux command like sudo or rm *-r. That field will be mandatory.

3.1. HereThen you canneed to click on the plus"Apply iconchanges" button to save the new PAM rule.

3.1. If you click on the "Undo" button, no updates will be saved.

4.  Finally you can create a PAM policy to apply the rules.

PAM Policies

1.  To create a new PAM Policy, you must access the PAM Rules page in the following path:

Main Menu > Administration > Configure Soffid > Security settings > PAM policies

2. To create a new PAM policy, you must click the add button (+) toand Soffid will display a new window to fill in the hostdata.

  • The Name should be an identificative and unique policy name. That field will be mandatory.
  • The Description  should be a brief description of the network.rule.
  • The Rules list: : show a list of the PAM rules defined. You can check/uncheck the available options. You can choose zero, one or several options:
    • Close session: if you select this option, when the rule is met, Soffid will close the session opened.
    • Lock account: if you select this option, when the rule is met, Soffid will lock the account.
    • Open issue: if you select this option, when the rule is met, Soffid will open an issue in the ticketing system.
    • Notify: if you select this option, when the rule is met, Soffid will send a notification about the action.

3. Then you need to click on the "Apply changes" button to save the new PAM policy.

3.1. If you click on the "Undo" button, no updates will be saved.

4.  Finally you can assign the PAM policy on the proper Password vault folder.

Assign PAM policy

 

Back to top