Threat Analytics for PAM - Can any analytic be marked as suspicious that is not marked by default

book

Article ID: 131059

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction



Is it possible to make configuration changes in CA PAM Threat Analytics such as those below:
1. How we can disable a particular analytic in CA PAM altogether for all account ?
2. If we use "Expire Analytic" for any event, would it disable that event analytic altogether for any upcoming events ? When I click on the option, it shows me a dialog box stating that it couldn't be enabled back. Is there any way we can manage actions or enable/disable any analytic event in CA Threat Anaytics ?
3. Is there any configuration in CA PAM Threat Analytics that would allow us to mark any analytic as suspicious that is not marked by default ?

Environment

Release:
Component: CAPAMX

Resolution

There are a few things made available for tuning Threat Analytics for PAM.  Login to the TAP application(https://<TAP address>:3000) and click the the gear icon.  It is to the right of the search bar at the top of the screen.  Select "Settings" and a window will be displayed where the administrator can disable certain analytics for users or devices.

Under the "Advanced" tab in "Settings" there is a very broad setting to increase or decrease risk sensitivity. Generally it is not advised that this setting be modified.

If something beyond this is needed, an Enhancement Request should be created, as an Idea in the PAM community.