Analytics Risk Rules

Edit online

Detailed information about how to enable, disable and configure the analytics risk rules.

Overview

You can view all the currently available rule sets that identify risk incidents. Each rule set provides multiple condition for a risk incident. When the defined condition in the risk rule is met, a corresponding risk incident with a severity is generated and displayed on the Analytics Risk Dashboard.

Accessing the risk rules

  1. Log in to Administrator Console.
  2. In the main menu, go to Configure SystemAnalytics Risk Rules.
    The page displays currently available rule sets:
    • Account is dormant
    • Account is non-compliant
    • Account is orphan
    • Recertification was approved by someone that no longer exists
    • Recertification is overdue
    • User has sensitive access
    • Recertification was approved by self
    • Separation of duty
    • Person is suspended but one or more of their accounts are not suspended

    You can search for a particular rule set using the search box.

Enabling or disabling the risk rules

  1. Log in to Administrator Console.
  2. In the main menu, go to Configure SystemAnalytics Risk Rules.
    The page displays currently available rule sets and the risk rules. By default, all rule sets are enabled. Administrators have the flexibility to disable or enable any of the rule sets and also enable or disable particular rule definition under a rule name. You can specify the severity of the risk rule as low, medium, and high for individual rule definition under a rule name.
    Note: You cannot modify the Separation of Duty (SoD) and Sensitive Access rule sets in this page as they are configured in the Manage Access Risk Controls section.
  3. To enable a rule set, move the toggle switch against its name.
  4. To enable a specific rule under a rule set, select its check box under the Enabled column. To disable the rule, clear its check box.

Configuring the rule sets

  1. Log in to Administrator Console.
  2. In the main menu, go to Configure SystemAnalytics Risk Rules.
  3. Enable the required rule set by moving its toggle switch.
  4. To edit a rule under the rule set, click the edit icon next to it. You can update the parameters such as the time range ( for example, the number of days since the account was last used).
  5. In the Severity column, select the appropriate option, such as High, Medium, or Low.
  6. Enable the rule by selecting its check box under the Enabled column.

Example: In the "Account is dormant" rule set, you can create a rule with Medium severity if the number of days since the account was last accessed is between 90 days and 100 days. When you select the Enabled check box, the risk rule is defined.

When the specified condition for the rule is fulfilled, a risk incident is displayed on the Analytics Risk Dashboard.

Reset the rule sets

You have the option to reset all the rule sets and rules to their factory settings. To do so, click the Reset to default link, and confirm your choice.
Attention: Be informed that clicking this option will remove all the customizations in all the rule sets and the rules. You cannot revert this action.