Information Centric Analytics 6.7 introduced a handful of enhancements and improvements to the Analyzer. These include:

• Modifying and Saving Risk Vector Definitions with Zero Results Returned

  • A new Show Empty Data option forces Analyzer to display all records, not just those with data. This results in:
    • Analyzer contains significantly more fields.
    • Allows a user to create Risk Vectors off of fields that might not have data reporting for the time period selected.
      
      

• Add Member Functionality

  • The purpose of the Add Member feature is to enable you to create a view in advance of having any data that correspond to its measures and dimensions - for example, an anticipated risk vector. You can add a member that doesn't exist today but will exist in the future and, once data corresponding to the definition are processed into ICA, they will match the view and the correct measures for that member will be displayed.

    To delete a member you've added by mistake, or no longer need, simply delete the Analyzer view in which you created it.

• Filtering on User Direction

  • Where user is a member of an entity collection created from a flat file:
    
    Added support for the UserDirection filter (by Source or Destination) when performing an Analyzer drill-through action on a User Entity Collection dimension. Other Entity Collection types do not support the Direction attribute on drill-through.
    
    

• Access DLP custom attributes

  • Improvement to use all Symantec Custom Attributes as dimensions in Analyzer views and in saved searches. Enhance the understanding of potential flight risks and persistent insider threats.
    • Build more effective scenarios around these risks.
    • Add layers of protection and insight.
    • Monitor high-risk web categories that users might navigate to when attempting to transfer sensitive data.
    • Generate more accurate reports on the web usage and data loss trends, which enhances the incident response remediation strategies.

You would like additional information about these changes beyond that provided in the 6.7 release notes.

Release : 6.7

Component : Analyzer

Modifying and Saving Risk Vector Definitions with Zero Results Returned

The purpose of this functionality is to enable an administrator to configure a risk vector in advance of activity occurring that matches its definition; however, the functionality is equally applicable to any type of view you might want to create in the Analyzer, such as event scenario sets, entity collections, etc.

Add Member Functionality

The purpose of the Add Member feature is to enable you to create a view in advance of having any data that correspond to its measures and dimensions - for example, an anticipated risk vector. You can add a member that doesn't exist today but will exist in the future and, once data corresponding to the definition are processed into ICA, they will match the view and the correct measures for that member will be displayed.

To delete a member you've added by mistake or no longer need, simply delete the Analyzer view in which you created it.

Filtering on User Direction

The user direction filter operates agnostic of data sources. Its functionality is based on the relationship between dimensions in the cube and not the data sources from which the cube is populated.

Access DLP custom attributes

If the custom attributes of a Symantec Data Loss Prevention (DLP) data source have not been mapped in ICA, ICA will not incorporate them. ICA will always pull the default set of attributes on incidents from DLP, and it will include custom attributes if those have been properly mapped for the data source connection.