AdministrationGuide · 2020. 8. 12. · DownloadFiles 292 UploadFiles 294 RegisterConnectors 296...

SNYPR 6.3.1 On-Prem

Administration Guide

Date Published: 8/11/2020

Securonix Proprietary Statement

This material constitutes proprietary and trade secret information of Securonix, and shall not be disclosed to any

third party, nor used by the recipient except under the terms and conditions prescribed by Securonix.

The trademarks, service marks, and logos of Securonix and others used herein are the property of Securonix or their

respective owners.

Securonix Copyright Statement

This material is also protected by Federal Copyright Law and is not to be copied or reproduced in any form, using any

medium, without the prior written authorization of Securonix.

However, Securonix allows the printing of the Adobe Acrobat PDF files for the purposes of client training and

reference.

Information in this document is subject to change without notice. The software described in this document is

furnished under a license agreement or nondisclosure agreement. The software may be used or copied only in

accordance with the terms of those agreements. Nothing herein should be construed as constituting an additional

warranty. Securonix shall not be liable for technical or editorial errors or omissions contained herein. No part of this

publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or

mechanical, including photocopying and recording for any purpose other than the purchaser's internal use without

the written permission of Securonix.

Copyright © 2019 Securonix. All rights reserved.

Contact Information

Securonix

5080 Spectrum Drive, Suite 950W

Addison, TX 75001

(855) 732-6649

SNYPR Administration Guide 2

Table of ContentsIntroduction 5

SNYPR Overview 5Additional Resources 6

Data Flow in SNYPR 9

How Data Flows in SNYPR 9Spark Applications 12

Data Security 20

Configure SSL for Kafka Brokers 21Enable Kerberos Authentication for Cloudera Services 38Authenticate Kafka Consumer and Producer 63

Settings 67

Configure Hadoop 69Configure General Settings 170Enable/Configure Data Masking 180Masking Job Details 187Manage Ingesters 189Manage Installed Licenses and Products 194Enable LDAP Authentication 198Enable/Disable X509 Authentication 202Schedule Housekeeping Jobs 209Configure SAML Settings 216Configure SMTP Server Settings 221Configure Spotter Settings 230Configure UI Preferences 235Upload CRP/CFP Content 237

Access Control 245

Create Roles 247Create Users 254Create Groups 259Manage Users, Roles, and Groups 264Enable Granular Access Control 265Enable Password Control 272

Connection Types 275

Filter Components 275Add a New Connection 277Manage Connection Types 290


Download Files 292Upload Files 294Register Connectors 296

Email Templates 299

Create an Email Template 300Edit Email Templates 305

Workflows 308

Create a New Workflow 312Edit a Workflow 321

Spark Apps 322

Add Spark Jobs in Cloudera 333Stop Spark Jobs in Cloudera 339Administer Spark Jobs using Command Line 342View YARN Application Status 355

Appendix A: Access Privileges 356


Introduction

IntroductionThis Administration Guide is designed to help you configure, manage, and maintainSNYPR. It contains information about SNYPR components and how they work, variousfeatures and configuration settings, and how to configure and use SNYPR.

SNYPR OverviewSNYPR is a big data security analytics platform built on Hadoop that utilizes Securonixmachine-learning-based anomaly detection techniques and threat models to detectsophisticated cyber and insider attacks. SNYPR uses Hadoop both as its distributedsecurity analytics engine and long-term data retention engine. Hadoop nodes can beadded as needed, allowing the solution to scale horizontally to support hundreds ofthousands of events per second (EPS).

SNYPR features:

l Supports a rich variety of security data, including security event logs, user identity

data, access privileges, threat intelligence asset metadata, and netflow data.

l Normalizes, indexes, and correlates security event logs, network flows, and applic-ation transactions.

l Utilizes machine learning-based anomaly detection techniques, including behaviorprofiling, peer group analytics, pattern analysis, and event rarity to detect advancedthreats.

l Provides out-of-the-box threat and risk models for detection and prioritization ofinsider threat, cyber threat, and fraud.

l Risk-ranks entities involved in threats to enable an entity-centric (user or devices)approach to mitigating threats.

l Provides Spotter, a blazing-fast search feature with normalized search syntax thatenables investigators to investigate today’s threats and track advanced persistentthreats over long periods of time, with all data available at all times.


Introduction

Documentation ConventionsThere are different font styles used throughout the SNYPR documentation to indicatespecific information. The table below describes the common formatting conventionsused in the documentation:

Convention Description

Bold font

Words in bold can indicate the following:

l Buttons that you need to click

l Fields in the user interface (UI)

l Menu options in the UI

l Information you need to type or select

Indicates commands or code.

Menu navigationThe navigation path to reach a specific screen in the UI is separatedby a greater than symbol (>). For example, Menu > Administration.

UPPERCASE FONT All uppercase words are acronyms.

Folders and folderpaths

Quotation marks are used around a folder name or folder path. Forexample, “C:\Documents\UserGuide”.

Additional ResourcesIf you require additional information, the following guides are available:

Document Name Audience

Architecture Guide

System administrators, system integrators,

and deployment teams who need to

determine SNYPR deployment options in a

Hadoop cluster.

Installation Guide

System administrators, system integrators,

and deployment teams who need to install

the application.


Introduction


RIN Installation Guide

On-boarding team and deployment

engineers who need to install the RIN to

connect to the SNYPR application to ingest

data.

Data Integration Guide

Data integrators who need to import

activity and enrichment datasources to

support existing and custom use cases.

Content Guide

l Data Integrators and deployment

engineers who need to use existing

connectors to import data and deploy

available content.

l Content developers who need to use

the out-of-the-box content to detect

the threats to your

organization.

Analytics Guide

Content developers who need to use the

existing content and custom analytics

available in the SNYPR platform to

develop use cases to detect the threats to

your organization.

Security Analyst Guide

l Information security professionals and

security analysts who need to detect

and manage threats.

l Risk and compliance officers and IT

specialists who need to use SNYPR

reporting capabilities to monitor and

remediate compliance.


Introduction


Access Analytic Guide

l Information security professionals and

security analysts who need to detect

and remediate high-risk access due to

orphaned accounts, privilege creep, or

account compromise.

l Compliance officers and data owners

who need to review and remediate

access for privilege creep,

SOD violations, and orphaned

accounts.

Web Services GuideDevelopers who need to communicate to

SNYPR using the REST APIs.


Data Flow in SNYPR

Data Flow in SNYPRSNYPR is designed to ingest and analyze high volume of events in near real-time. Thisis possible because of the unique design of the SNYPR application. SNYPRencompasses a number of independent Spark Streaming applications that inter-operate with high precision to ensure extremely high speed processing of events.

Each Spark Streaming application performs a finite set of tasks on the micro-batch ofevents and moves them forward to the next stage. Internally, each Spark Steamingapplication may be running across multiple processors, which in turn may be runningacross multiple servers. This highly distributed processing framework enables SNYPRto be extremely elastic to meet the ingestion and analytics requirements oforganizations. When the events processed per second increases from hundreds tomillions, SNYPR can be scaled by adding more servers.

This document describes the data ingestion and analytics pipeline within SNYPR andthe components in the SNYPR and Hadoop ecosystem: Kafka, HDFS, Solr, SparkStreaming, MySQL, HBase, and Redis.

HowData Flows in SNYPRThe following diagram provides an overview of the data flow in SNYPR and how thedata is processed by various Spark applications.


Data Flow in SNYPR

a. Remote Ingester or SNYPR console ingests raw events. The raw events are thencompressed, encoded in Avro format (which makes it easier to read and interpretdata), then published in batches. Each batch includes information to uniquelyidentify the tenant, time zone, resource group, event count, media type, and col-lection method (e.g. Syslog, database, file, etc.) so the events can be routed in amulti-tenant deployment and parsed using the correct parser / parsing technique.

b. Enrichment Spark application (1) parses and normalizes data, performs identifyattribution, runs action filters, then enriches the events using data in Redis andpushes the "Enriched Event" to the Enriched Kafka Topic.

c. Event Ingestion Spark application (2) consumes the data in the Enriched Topic tostore the enriched events in HDFS.

d. Event Indexer Spark application (3) indexes the data in Solr.

e. Individual Event Evaluator (IEE) Spark application (5) consumes data in EnrichedTopic to analyze the event to determine if it meets conditions for a violation spe-cified in the policy. Events that meet conditions are sent to the Tier 2 or AEE-Tier2topic for further analysis.

f. Behavior Analytics application (4) consumes the filtered events in the Tier 2 topic

to summarize and store in HBase. This application also detects outliers frombaseline values and sends outliers to the Kafka Violations Staging topic.

g. Spark App 14 picks up violations from the Violation Staging Topic, stores them inHDFS and Solr, then sends the metadata about the violation to the Violation Topic.

h. The Behavior Profiling Spark application (9) reads the summarization from HBaseand generates behavior baseline values.

i. The Aggregated Event evaluator (AEE) (6) reads tables of aggregated events pop-ulated by IEE in AEE-Tier2 topic to determine if the events represent a pattern thatmeet the criteria for a violation. If events meet the criteria for a violation, they aresent to the Violation topic.

j. Traffic Analyzer application (8) consumes filtered events propagated to the Tier 2topic to perform automated whitelisting, detect rarity, and store data in HBase forRobotic Pattern Detection. If events meet the criteria for a violation, they are sentto the Violation topic.


Data Flow in SNYPR

k. Robotic Detection application (10) analyzes the data stored in HBase by TrafficAnalyzer to detect patterns in durations indicative of a beaconing activity. If eventsmeet the criteria for a violation, they are sent to the Violation topic.

l. The Risk Generation application (7) consumes Violations generated by the IEE,Behavior Analytics, AEE, and Traffic Analyzer apps and analyzes violations todetect threat chains. Additionally, the entities are assigned risk scores based on thetype of violation or threat. Optionally, violations requiring notifications and incid-ents are sent to the response topic.

New Data FlowSpark App 14 eliminates delay in risk scoring and reduce processing overhead forbehavior-based violation events.

The following diagram illustrates the new data flow for behavior-based violationevents with Spark Job 14:


Data Flow in SNYPR

Spark ApplicationsSpark applications process the data in SNYPR. The independent Spark Streamingapplications work together to allow SNYPR to ingest and analyze high volumes ofevents in real-time. Each application performs a set of tasks on the events coming intoSNYPR, then moves the tasks forward to the next stage.

Spark App 1: Event Enrichment Spark Application

The Event Enrichment Spark application consumes events from the Raw Topic andperforms parsing, normalization, user identity attribution, and enrichment prior topublishing the super enriched events to the Enriched Topic.

The Enrichment Spark application reads a number of compressed events from eachpartition in Kafka and performs the following sequence of tasks:

1. Uncompresses and decodes events in a batch.

2. Parses events (EventParser): Delimited / XML / JSON / WinEventFormat / KeyValue Pair / CEF / LEEF / Snare format, etc.

3. Performs Identity Attribution: Enrich events with user information. Match account-names to user attributes or IP Addresses to last user using ipaddress.

4. Runs Action Filters: Event Categorization, Derived attributes, Populate Active List,Enrich from lookup, watchlist, threat intelligence, geolocation, etc.

5. Compresses and encodes enriched events as Enriched Event Objects (EEO).

Spark App 2: Event Ingestion Spark Application

The Event Ingestion Spark application consumes events from the Enriched Topic andstores these events in a particular HDFS folder structure in Avro format. The IngestionSpark application reads a number of compressed events from each Enriched Topicpartition in Kafka and performs the following sequence of tasks:

1. Uncompresses and decodes events.

2. Aggregates events by Resourcegroupid / year / day of year.


Data Flow in SNYPR

3. Encodes data into Avro open event format and use HDFS API to store data in theresources-incoming folder in HDFS.

4. Sends counts of number of events stored in HDFS to the count topic for reportingpurposes.

A table metadata is pre-generated on the open event format to allow the use ofHive/Impala to run queries against the data. This means that third party applicationsand end users can directly interface with the data stored in HDFS using standardsimple query language syntax. Each resource group has a separate table inHive/Impala.

A high number of Avro files are generated because each executor write a separateAvro file for each batch processed. A nightly job called AvroParquetMigrationJob isrun to merge these Avro files into a super-compressed parquet file. Parquet file formatis a flat columnar data structure within Hadoop, which is more compressed andefficient.

Spark App 3: Event Indexer Spark Application

The Event Indexer Spark application consumes events from the Enriched Topic andindexes these events in Solr collections to enable lightning fast searching capabilityfrom the SNYPR console. The Event Indexer Spark application reads a number ofcompressed events from each Enriched Topic partition in Kafka and performs thefollowing sequence of tasks:

1. Uncompresses and decodes events.

2. Uses the Solr API to index event attributes that are marked for indexing.

3. Updates the controlcore collection with information about the date range for eachresource group.

4. Sends count of events indexed to the indexercount topic.

5. Generates new collections once the threshold value is reached for the maximumcount of documents in that collection.


Data Flow in SNYPR

The controlcore collection is used by SNYPR as an index of indexes. It storesinformation about the contents of each collection. For each data source, it stores thedate range that is available in that collection.

Spark App 4: Behavior Analytics Spark Application

The filtered events in the Tier 2 topic are consumed by the Behavior Analyticsapplication. The Behavior Analytics app counts the number of events for the checkwindow (daily, weekly, etc.), then stores the count in HBase to be consumed andsummarized by Behavior Profiling Spark. It reads the baseline for the entity generatedby Behavior Profiling based on the counts to detect outliers from baseline values andsends outliers to the Kafka Violations topic. It performs the following:

1. Consumes events from Tier-2.

2. Loads policy configurations depending on the type of check.

3. Maintains the counts associated with each event in HBase on first run.

4. Stores each key with a column family with data stored at a monthly level for each

occurrence of a month.

5. Stores entries for each month within the column families.

6. Check the count for each occurrence when processing each event to determine ifthe count exceeds the baseline.

7. Publishes the event as a violation to the Violation topic if the count exceeds the

baseline.

Spark App 5: Individual Event Evaluator (IEE) Spark Application

SNYPR provides advanced tiered analytical capabilities. The tiered approach toanalytics operates like a funnel where each step in the analytics operates on thefindings from the previous step. This tiered approach to analytics ensure that falsepositives are filtered out and the violations that are truly suspicious are passed alongto the SNYPR console as Threats.


Data Flow in SNYPR

The Individual Event Evaluator (IEE) Spark application is the first step for the real-timeanalytics engine within SNYPR. As the name suggests, Individual Event Evaluatoroperates on singular events to analyze its candidacy for subsequent analyticaltechniques. The IEE Spark App consumes events from the Enriched Topic and iscapable of the following analytical techniques:

1. Apply conditions: Example: <Event.Attribute Value>

2. Apply Special Operators

3. Check Against Lookup: Import list of items into a lookup table and reference it toidentify events that match the keys of the lookup table. Example: List of Admin-istrative accounts or List of Compliance critical assets can be added to a lookuptable. Events matching specific criteria and belonging to the lookup table can beflagged as violations.

4. Check Against Active List: Check sequences of events with common attributes.Example: Critical File Downloaded from SharePoint and the same file emailed to apersonal email account by the same user. An Active List is a temporary storage ofattribute value(s) extracted from an event and can then be referenced in an IEEpolicy to find violations like visits to malicious websites or malicious files detected

on servers.

5. Check Against TPI (Threat Intelligence): Check threat intel from third partiesingested into SNYPR such as suspicious domains, IP Addresses, file hashes etc. tofind violations of IEE policies like visits to malicious websites or malicious filesdetected on servers.

6. Check Against WatchList: Add malicious actors or entities deserving closer scru-tiny to watchlists for use in IEE policies.

7. Match String: Match two strings using string comparators like Jaro-wrinkler,advanced bi-gram comparator and condensed string comparators. Strings similareach other return a value closer to one, and strings uncommon to each other returna value of 0.5. This is useful for detecting violations like Account adding personalaccount to critical security group.

8. Email Sent to Self: Detect user exfiltrating data to their personal email address.This technique uses user personal information and forms email addresses thatcould be the personal email address and checks for these being used as recipientaddress.


Data Flow in SNYPR

Spark App 6: Aggregated Event Evaluator (AEE) Spark Application

The AEE Spark app evaluates multiple events passed from the IEE to detect relatedbehavior that indicates a threat.

1. Performs post processing on aggregated events send from the IEE App when eventrequires further analysis.

2. Evaluates tables of aggregated events.

3. Runs on scheduled intervals so it only runs when events are waiting to be analyzed.

4. Evaluates all the data in the aggregated events to recognize patterns and identifyoutliers.

5. Sends violations to the Violations topic.

Spark App 7: Risk Generation and Threat Model Spark Application

The Risk Generation and Threat Model Spark app consumes violations data generated

by the IEE, Analytics and Profiling, AEE, and Traffic Analyzer Spark apps to determinethe risk scores for violation entities.

1. Analyzes risk scores and stores them per entity in the risk score card core in Solr.

2. Records actions taken by analysts during threat management in the riskscorecardSOLR core.

3. Consolidates risk scores on a daily basis to provide trends in scores.

4. Stores risk scorecard history in the history collection.

5. Generates threat models.

6. Generates violation information and stores violations in the violations core in Solr.

7. Generates count of the violations to display on the Security Command Center andin Spotter.

Spark App 8: Traffic Analyzer Spark Application

Traffic Analyzer provides purpose-built analytics to detect behaviors exhibited by


Data Flow in SNYPR

malware. This Spark App performs checks against web proxy traffic using the followingprocess:

1. Consumes data from Tier 2 Kafka Topic published by IEE.

2. Processes events for the following checks:

l Algorithmically generated domains

l Beaconing patterns

l Access to rare domains

l Use of user agents

3. Publishes violations to Violations Topic which is then consumed by the Risk Gen-eration app.

See Network Traffic Analyzer in the SNYPR Data Integration Guide for more details.

Spark App 9: Behavior Profiling Spark Application

The Behavior Profiling Spark app establishes the behavior baselines used to detectoutlier behavior that indicates a threat.

1. Tracks the frequency or volume of parameters (for example, bytes in, bytes out) forthe configured parameters for each account, IP address, and resource

2. Maintains a summary of behavior within these parameters for the following timeframes:

l Hourly

l Daily

l Monthly

l Weekly

l Each day of the week (Sunday to Saturday)

3. Establishes a behavior baseline to generate the behavior profile for the account, IPAddresses, and resource


Data Flow in SNYPR

4. Checks the current frequency or volume count during import against the estab-lished baseline and marks the entity as a violation if the count exceeds the baselineplus the configured Sigma value.

5. Performs first time behavior checks

Spark App 10: Robotic Pattern Detector Spark Application

The Robotic Pattern Detector Spark app is used to detect beaconing behavior thatindicates a compromise from malware.

1. Reads data processed by Spark App 8: Traffic Analyzer Spark Application fromHBase.

2. Applies Beaconing algorithm to detect violations.

3. Publishes violations to Violations Topic to be processed by Risk Scoring Spark app.

Spark App 13: Action Prediction Learner

The Action Prediction Learner app is used to learn response actions from ThreatManagement or Incident Management for the Response Bot. Securonix SmartResponse framework uses the power of machine learning to understand the actions ofTier 2 Security Analysts and perform predictive analysis on new alerts to Tier-1Analysts. The goal is to enable Tier 1 Analysts with smart suggestions for dispositionsthat they need to make prior to escalating alerts to Tier 2 Analysts.

1. Learns actions based on historic actions taken on threats or incidents.

2. Stores the Forest (Group of trees) into HBase so the Risk Scoring app can use themto predict actions to take.

Spark App 14:

When the Behavior Analytics job captures a violation, it sends the violation entity, thepolicy violated, and metadata about the events to the Violation Staging Topic. SparkApp 14 runs at scheduled intervals to read the new events from the Violation Staging


Data Flow in SNYPR

topic. When it finds new events, it copies the events from the Tier2 topic into theviolation collection in Solr and writes them into HDFS for long term storage.

It also sends the violation entity, the policy violated, and metadata about the eventsto the Violation Topic to be read by the Risk Scoring job. The Risk scoring job sendsthe risk score information to the riskscorecard collection in Solr and to HBase.


Data Security

Data SecuritySNYPR includes several enhanced data security features. Choose an option below toensure the security of data stored from the Remote Ingester to a Hadoop cluster.

l Configure SSL from the Remote Ingester to the Hadoop Cluster

l Enable Kerberos Authentication for Cloudera Services

l Authenticate Kafka Consumer and Producer


Data Security

Configure SSL for Kafka BrokersThe Secure Sockets Layer (SSL) configuration process for Kafka Brokers consists offour parts, including:

1. Create SSL Certificates

2. Create keystores

3. Create truststores

4. Enable SSL keystore and truststore

Step 1: Create SSL Certificate1. (Optional) Create a master keystore to store all the certificates centrally. You may

already have a master keystore in which you can store your certificate authority(CA) signed SSL certificate.

2. Create a CA-signed SSL certificate to sign all server certificates with a trust chain.You can create a self-signed certificate or use certificates that are signed by a CA,such as Verisign.

1.Note: The CA is required for signing all server certificates with a trust chain.

3. Create a server certificate for each server.

Tip: For easier identification of the server, use the subject equal to the fully

qualified domain name (FQDN).

4. Create a server keystore for each server.

5. Import the server certificate into the server keystore.

6. Create a truststore.

Note: The same truststore can be used for all servers.

7. Import the SSL certificate trust chain into the truststore.


Data Security

Step 2: Create a KeystoreOnce you have created and saved an SSL certificate, you will create a keystore on yourKafka brokers in the Hadoop Cluster.

Note: The naming conventions used in this section are for reference only. You may

use your own naming conventions, but ensure you are copying the correct server

certificate to each server in your cluster.

8. Open your master keystore using a tool of your choice if you have stored your SSL

Certificate in the master keystore.

The KeyStore Explorer is an open source utility to open the master keystore (usedin the image below).

Tip: You can download the KeyStore Explorer at: http://keystore-explorer.org.

9. Select the signed certificate.

Example: securonix ca.


Data Security

10. Right click and select Sign > Sign New Key Pairfor each server.

Enter the key password for the certificate.

11. Accept the defaults, and click OK.

12. Accept the defaults, and enter the Name details.


Data Security

The certificate name include the following details:

l CN=<server FQDN>

l OU=saas

l O=Securonix

l L=Addison


Data Security

l ST=TX

l C=US

13. Click OK, then click OK again.

14. Accept the alias.

15. Enter the password, then click OK.

16. Select file as New.

17. Select JKS as the keystore type, then click OK. The server keystore is a Java key

store.


Data Security

18. Enter the keystore password and click Ok to save.

19. Enter the name of the keystore. Ensure that you use the same name for all the

server certificates.

20. Create a new folder with the server FQDN as the name, and save the keystore

inside the folder. Keep the keystore open to import the correct server certificate

into the keystore for the next step.


Data Security

21. Select the master keystore, and select the server certificate to export to a file.

22. Right click, select Export > Export Key Pair.

23. Enter the password for the certificate file, then click Export.

24. Import the server certificate into the server keystore, then click OK.


Data Security

25. Select the correct server keystore.

26. Select Tools > Import Key Pair.

27. Select PKCS #12.

28. Enter the decryption password associated with the certificate file. Select the server

certificate file, and click Import.

29. Accept the default alias, then click OK.

30. Enter the Key Pair entry password, then click OK.

31. Save the keystore.

The keystore is ready to be moved to the server.

32. Create a keystore for each server in your cluster with the same keystore name, thecorrect server certificate, and the same password for the keystore and key pair.

Step 3: Create a truststoreThe truststore contains an SSL certificate chain you are willing to trust when a remoteparty presents its certificate. Essentially, a certificate chain is an ordered list ofcertificates that contains a CA-signed SSL certificate (root SSL certificate) and anintermediate SSL certificate. This combination enables the receiver to verify that thesender and its intermediate SSL certificate are trustworthy. The chain or path beginswith the CA-signed SSL certificate, and each certificate in the chain is signed by theentity identified by the next certificate in the chain. The chain terminates with the rootSSL certificate.


Data Security

33. Select file as New.

34. Select JKS as the keystore type, then click OK.

35. Save the keystore.

36. Select File > Save.

37. Enter the keystore password, then select OK.

38. Enter the name of the keystore. This truststore will be shared with all the servers.

Keep the truststore open to import the correct server certificate in the next step.


Data Security

39. Open the master keystore from the Keystore Explorer and use your master

keystore password.

40. Select the securonix ca certificate.

41. Right click and select, Export > Export Certificate Chain.

42. Enter the key password for the securonix ca.


Data Security

43. Select a file name for the certificate chain to export, then click Export.

44. Select the truststore (truststore.jks) that was created earlier.


Data Security

45. Select, Tools > Import Trusted Certificate.

46. Select the file that was exported, and click Import.

47. Select OK.

48. Save the truststore.

This truststore is ready to move to all servers so that servers can autenticate signedkeys under the root.

Step 4: Enable SSL Keystore and Truststore49. Complete the following actions on each server:

# sudo mkdir /opt/certs

50. Copy the keystore (different for each server), and the truststore (the same for all


Data Security

servers) to:

/opt/certs/server.jks

/opt/certs/truststore.jks

chown root:root /opt/certs/truststore.jks

chmod 0440 /opt/certs/truststore.jks

chown root:root /opt/certs/server.jks

chmod 0440 /opt/certs/server.jks

51. Log in to Cloudera Manager.

52. From the home page, select Kafka on the left.

53. Click the Configuration tab to set the values in the Kafka service.

On the Configuration screen, search for the property that you want to set.


Data Security

Example: ssl.client.auth.

Similarly, set the values for the remaining Kafka properties as shown in the table

below:

Kafka Properties Value

SSL Client Authentication(ssl.client.auth)

required

Inter Broker Protocol(security.inter.broker.protocol)

Inferred


Data Security

Kafka Properties Value

Kafka Broker AdvancedConfiguration Snippet (SafetyValve) for kafka.properties

num.network.threads=16socket.send.buffer.bytes=1048576socket.receive.buffer.bytes=1048576socket.request.max.bytes=104857600replica.fetch.wait.max.ms=500replica.socket.timeout.ms=30000replica.socket.receive.buffer.bytes=65536replica.high.watermark.checkpoint.interval.ms=5000 controller.socket.timeout.ms=30000controller.message.queue.size=10zookeeper.sync.time.ms=2000socket.request.max.bytes=104857600queued.max.requests=16fetch.purgatory.purge.interval.requests=100producer.purgatory.purge.interval.requests=100

Enable TLS/SSL for KafkaBroker (ssl_enabled)

checked

Kafka Broker TLS/SSL ServerJKS Keystore File Location(ssl.keystore.location)

/opt/certs/server.jks

Kafka Broker TLS/SSL ServerJKS Keystore File Password(ssl.keystore.password.generator)

keystore password

Kafka Broker TLS/SSL ServerJKS Keystore Key Password(ssl.key.password.generator)

key password

Kafka Broker TLS/SSLCertificate Trust Store File(ssl.truststore.location)

/opt/certs/saastruststore.jks

Kafka Broker TLS/SSLCertificate Trust StorePassword(ssl.truststore.password.generator)

truststore password


Data Security

54. Stop the Kafka brokers by going to Instances.

55. Select a Kafka broker, and click the Actions for Selected drop-down. From this

drop-down, click Stop.

56. Deploy the client configuration.


Data Security

57. Start the Kafka brokers.


Data Security

Enable Kerberos Authentication for ClouderaServicesThis section explains how to configure and enable Kerberos authentication forCloudera Services with SNYPR. The Kerberos protocol provides user authenticationwhen a user tries to connect to a Cloudera Services.

This section covers the following topics:

1. Step 1: Host Configuration

2. Step 2: Integrate SNYPR with Kerberized Hadoop Service

3. Step 3: Connect to the Kerberized Hadoop Services

4. Step 4: Extend HDFS Access Control Lists

5. Step 5: Sentry Deployment

6. Step 6: Enable Sentry for Hive

7. Step 7: CDH SSL

Before You BeginThis section lists the minimum requirements necessary to enable KerberosAuthentication for Cloudera Services:

l Establish a working Kerberos Key Distribution Center (KDC). The configurationassumes Microsoft Kerberos Services. For detailed information about Microsoft

Kerberos Services, see the References section.

l Enable Kerberos Authentication in CDH. Use the Cloudera documentation avail-able at the following link to enable Kerboros authentication: https://www.clouder-a.com/documentation/enterprise/5-8-x/topics/cm_sg_intro_kerb.html

l Obtain an AD functional ID with access to Kerberized services (Hadoop servicesfor SNYPR).

l Ensure Kerberos principals are enabled for the user and services.

l Ensure Kerberos Keytab files are configured at the following link:https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cdh_sg_kadmin_kerberos_keytab.html


https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cm_sg_intro_kerb.html

https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cm_sg_intro_kerb.html

https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cdh_sg_kadmin_kerberos_keytab.html

https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cdh_sg_kadmin_kerberos_keytab.html

Data Security

Step 1: Host Configuration1. Ensure Kerberos clients (krb5-workstation, krb5-libs) are installed on all the nodes,

including the master and worker. If a shared cluster is being accessed, install theKerberos client on the node where the SNYPR application resides.

2. Configure Kerberos configuration files on all the nodes that use the Hadoop

services: vi /etdc/krb.conf

3. Configure JAAS configuration files on all the nodes that use Hadoop services:

vi/home/securonix/jaas.conf.

Client {

com.sun.security.auth.module.Krb5LoginModule required

useKeyTab=true

useTicketCache=True

[email protected]


Data Security

keytab=/home/securonuix/securonix_krb5d.keytab;

};

Tip: Copy the Keytab file in the securonix user home directory.

4. Modify the securonix user .bash_profile and append the following entry. This allows

the Keytab file to automatically load from the users profile to authenticate against

AD/KDC and run Hadoop commands:

kinit –kt ${HOME}/securonix_krb5d.keytab

[email protected]

Schedule a cron entry so you can log in to all nodes daily to refresh your Kerberos

ticket. This is assuming SSH key exchanges are configured from master to all nodes.

5. Check if you have a valid Kerberos ticket by using this command:

#klist -a.

Text similar to the following sample is shown:

6. Ensure YARN/Spark Gateways, and Hadoop librarries are installed in SNYPR

master mode if you are in a shared environment. This step is not required if the


Data Security

SNYPR application is co-located with SNYPR services.

7. Run the Hadoop commands to validate if you can access the Kerberized services.

Step 2: Integrate SNYPR with Kerberized Hadoop ServiceFrom the SNYPR user interface, navigate to Menu > Settings > Hadoop Integration.Follow the directions for configuring Kerberos on Solr, Impala, HBase, HDFS, andSPARK in Configure SNYPR Hadoop Settings.

Step 3: Connect to the Kerberized Hadoop ServicesMake the suggested changes to all the Spark job shell scripts to add Kerberos specificconfigurations:

spark-submit \

--name "$1" \

--driver-memory $2 \

--num-executors $3 \

--executor-memory $4 \

--driver-cores $5 \

--executor-cores $6 \

--queue ${12} \

--conf spark.yarn.driver.memoryOverhead=${10} \

--conf spark.yarn.executor.memoryOverhead=${11} \

--driver-java-options "-Djute.maxbuffer=50000000" \

--jars ./jars/snyper-common-6.1.1.jar,./jars/hadoop-util-

6.1.1.jar,./jars/hbase-util-6.1.1.jar,./jars/kafka-client-

6.1.1.jar,./jars/event-parser-6.1.1.jar,./jars/securonixlib-

6.1.1.jar,./jars/profiler-6.1.1.jar,./jars/hibernate-core-

3.3.2.GA.jar,./jars/hibernate-c3p0-3.6.3.Final.jar,./jars/c3p0-

0.9.1.2.jar,./jars/quartz-all-1.8.5.jar,./jars/hibernate-commons-

annotations-3.3.0.ga.jar,./jars/hibernate-annotations-

3.4.0.GA.jar,./jars/dom4j-

1.6.1.jar,./jars/jbpm.jar,./jars/persistence-api-


Data Security

1.0.jar,./jars/mysql-connector-java-5.1.25.jar,./jars/javassist-

3.4.GA.jar,./jars/freemarker-2.3.8.jar,./jars/solr-solrj-

6.6.0.jar,./jars/noggit-0.5.jar,./jars/httpmime-

4.2.5.jar,./jars/log4j-api-2.5.jar,./jars/log4j-core-

2.5.jar,./jars/solr6-util-6.1.1.jar,./jars/kafka-clients-

0.9.0.0.jar,./jars/javax.json-1.0.4.jar,./jars/jackson-module-

afterburner-1.9.4.jar,./jars/snypr-core-16-

6.1.1.jar,./jars/guava-14.0.1.jar,./jars/kafka_2.10-0.9.0-kafka-

2.0.2.jar,./jars/httpclient-4.5.2.jar \

--conf "spark.executor.extraClassPath=guava-14.0.1.jar:solrj-

6.6.0.jar" \

--conf "spark.driver.extraClassPath=guava-14.0.1.jar:solrj-

6.6.0.jar" \

--class com.securonix.eventindexer.runner.Indexer \

--master yarn-cluster \

--conf "spark.executor.extraJavaOptions=-XX:+UseConcMarkSweepGC -

Djute.maxbuffer=50000000" \

--files

./conf/hibernate.cfg.xml,./conf/log4j.properties,./conf/log4j2.xm

l

–conf spark.hadoop.fs.hdfs.impl.disable.cache=true

–conf mapreduce.job.complete.cancel.delegation.tokens=false

--principal user/hostname@domain

--keytab /path/to/foo.keytab

8. Run the Spark jobs and validate they are running.

Example of Cloudera Cluster Authentication, Authorization, and Security withKerberos

Before you begin this section, ensure that the following prerequisites are fulfilled:


Data Security

l Linux packages and Active Directory prerequisites are satisfied.

l The Transport Layer Security (TLS) protocol is configured to ensure that the cre-dentials are secured while being transferred.

Once you have fulfilled the prerequisites for this section, follow the steps below:

1. Launch Cloudera Manager and login with LDAP Administrative account.

2. Click the drop-down button, to the right of the cluster name, and select Enable

Kerberos.


Data Security

3. Review the prerequisites for enabling Kerberos. If all steps have been performed,

check them and continue.


Data Security

4. Update the following configuration items:

Field Value

KDC Type Active Directory

KDC Server Host TEST.SECURONIX.COM

Kerberos Security Realm TEST.SECURONIX.COM

Kerberos Encryption Types

rc4-hmac

aes128-cts

aes256-cts

Active Directory Suffix<PATH TO DEDICATED OU IN ACTIVEDIRECTORY>

Active Directory Account Prefix snypr <ENVIRONMENT>

5. Click Continue.

6. CheckManage krb5.confthrough Cloudera Manager and DNS Lookup KDC when

prompted for the KRB5 Configuration.


Data Security

7. When prompted for the KDC Account Manager Credentials, provide the username

and password for the account that has read, update, and delete access to the

dedicated OU specified in the Active Directory Suffix entry.

8. Click Continue.

Cloudera Manager runs a series of tests to confirm the account has the correct

level of access. If successful, the credentials are successfully imported.

9. When prompted for the Kerberos Principal names, accept the defaults and click

Continue.

10. When prompted to Configure Ports, accept the defaults.

11. Check Yes, I am ready to restart the cluster now, then select Continue.


Data Security

Cloudera Manager starts the Kerberos configuration process. As services are

configured, the status screen is updated.

12. Once Kerberos authentication is successfully configured for all the services, click

Continue.

13. When prompted with the Congratulations screen, click Finish. The Kerberos

Credentials screen appears.

14. Confirm that all services, including the load balancer DNS entries are listed.

15. Return to the Cloudera Manager Home.

16. Click HDFS > Configuration.

17. Locate the Additional Rules to Map Kerberos Principals to Short Names field, and

enter the following information:


Data Security

18. Click Save Changes.

19. Restart any Stale Services.

20. Log in to one of the Management Nodes and request a Kerberos ticket. kinit

[email protected]

21. Verify that a ticket has been returned. klist.

22. Execute the pi test.

Hadoop jar /opt/cloudera/parcels/CDH/lib/hadoop-

mapreduce/hadoop- mapreduce-examples.jar pi 10 100

You should see output similar to the following:


Data Security

23. Confirm that the job has completed successfully.

24. Remove the Kerberos ticket from the cache.


Data Security

Step 4: Extend HDFS Access Control Lists9. Launch Cloudera Manager and log in with the LDAP administrative account.

10. Click HDFS.

11. Click Configuration.

12. Enable the Enable Access Control List configuration option.

13. Save the changes and restart the stale services.

Step 5: Sentry DeploymentGenerate Kerberos credentials as part of the Sentry deployment process. Ensure thatthe functional ID specified during Kerberos configuration has read, update and delete

access to the dedicated OU.

14. Launch Cloudera Manager and log in with LDAP administrative account.

15. Click the drop-down to the right of the cluster name and select Add a Service.

16. Select Sentry when you are prompted for the type of service to add.

17. Click Continue.


Data Security

18. Select the Sentry Server Host, and click Continue.

19. Enter the connection information for the Sentry database.

20. Click the Test Connection button to confirm successful connectivity.

21. Click Continue. Cloudera Manager proceeds to deploys Sentry in the cluster. The

status page updates as each step is completed.

22. Once the deployment is completed, click Continue.


Data Security

23. Click Finish. You are returned to the Sentry status page.


25. Update the following log locations:

l Audit Log Directory: /var/cdhlog/sentry/audit

l Sentry Server Log Directory: /var/chdlog/sentry


27. Locate the Admin Groups configuration item, and click Add edhadmin.


29. Click the Actions button, and select Restart.

Step 6: Enable Sentry for Hive30. Log in to the Edge Node.

31. Retrieve a Kerberos ticket for a user who is a member of the HDFS SuperuserGroup. kinit [email protected]

32. Change the permissions of the /user/hive/warehouse/directory to reflect

the new Superuser group name.


Data Security

$ hdfs dfs -chmod -R 771 /user/hive/warehouse

33. Confirm the permissions are changed.

$ hdfs dfs -ls /user/hive

You should see the following output:

34. Launch Cloudera Manager and log in with an LDAP administrative account.

35. Click Hive, then click Configuration.

36. Uncheck the HiveServer2 Enable Impersonation configuration item.


38. Restart any stale services.

39. Return to Cloudera Manager Home, and click Yarn.

40. Locate the Allowed System Users configuration option and confirm that Hive is

listed. If not, add Hive, and click Save Changes.

41. Return to Cloudera Manager Home, and click Hive.


43. Locate the Sentry Service configuration option and set the property to Sentry.


Data Security

44. Locate the Server Name for Sentry Authorization configuration option and enter

hivesentryserver in the field.



Data Security

Enable Sentry for Impala

To enable Sentry for Impala, follow these steps:


2. Select Impala.

3. Select Configuration.

4. Locate the Sentry Service configuration item and set the property to Sentry.


6. Restart any stale services.

Setup Global Sentry Policy

To set up privileges within Sentry, refer to Authorization Privilege Model for Hive andImpala and Hive SQL Syntax at www.cloudera.com.

1. Log in to the one of Management Nodes.

2. Retrieve a Kerberos ticket for a user that is a member of the HDFS Superuser

Group.

kinit [email protected]

3. Launch beeline.

beeline

4. Connect to the Hive Server using the Load Balanced address.


Data Security

!connect jdbc:hive2://<LB_HIVE>:10005/;principal=_

[email protected]

5. Verify that you have successfully connected to Hive.

show databases;

6. Create a new Sentry called admin_all_role using the following command:

CREATE ROLE admin_all_role;

7. Confirm the role is created using the following command:

show roles;


Data Security

8. Grant the newly created role to the HDFS Superuser group.

GRANT ROLE admin_all_role TO GROUP edhadmin;

9. Confirm the group is added to the role.

SHOW ROLE GRANT GROUP edhadmin;


Data Security

10. Grant full Sentry access to the admin_all_role.

GRANT ALL ON SERVER hivesentryserver TO ROLE admin_all_role;

11. Confirm the access was granted to the role.

SHOW GRANT ROLE admin_all_role;

Step 7: CDH SSLCloudera provides a utility that simplifies the SSL configuration process. The stepsdescribed in this section assume that you have configured this utility, and requestedand received signed SSL. For detailed instructions on how to configure this utility, referto Cloudera documentation.


Data Security

1. Log in to the Cloudera Manager Host as root.

2. Change directories to cert-toolkit home.

3. Open defaults.yaml for editing. Edit the following fields to edit the following

fields:

l HDFS_SSL: Yes

l YARN_SSL: Yes

l HIVE_SSL: No

l HBASE_SSL: Yes

l NAVIGATOR_METADATA_SSL: Yes

l HUE_SSL: Yes

l IMPALA_SSL: Yes

l OOZIE_SSL: Yes

l SOLR_SSL: Yes

l KTS_SSL: No

l KMS_SSL: No

l ENABLE_WEB_CONSOLE_AUTH: Yes

4. Enable TLS for Cloudera Manager and its agents.

# python certtoolkit.py enable_tls

Provide the keystore and truststore password when prompted. Provide the samepasswords that you used for the Cloudera Manager SSL configuration.

The script imports the signed certificates, builds a truststore and deploys the

certificates to each node in the cluster. When finished, the Cloudera Manager, its

agents and all CDH services are restarted.


Data Security


Data Security

LDAP Authentication in Impala

To perform LDAP authentication in Impala, follow these steps:


2. Click Impala, then click Configuration.

3. From the Category menu, select Security to update the following fields.

l LDAP URL: ldaps://cbmcc-d3-host2.test.securonix.com :3269ldaps://cbmcc-d3-host1.test.securonix.com :3269 ldaps://cbmcc-

d3-host3.test.securonix.com :3269.

l Enable LDAP Authentication: Enabled.

l Active Directory Domain: TEST.SECURONIX.COM.

l LDAP Server CA Certificate: "/opt/cloudera/security/ca-certs/ldap-ca.pem".

4. Click Save Changes and restart all stale services.

Static Pools

To allocate memory and I/O per service, follow these steps:


2. Click Clusters, and select Static Service Pools.

3. Click Configuration and enter the following allocation percentages:

l HDFS: 10%

l Impala: 30%

l YARN: 60%

Cloudera Manager calculates the CPU, memory, and I/O allocations per service.

4. Click Continue.


Data Security

5. Restart the cluster, and verify that all services have started correctly.

6. Click Finished.

7. Return to Cloudera Manager Home.

8. Click, Yarn > Configuration.

9. Confirm Use cGroups for Resource Management and Always Use Linux Con-tainer Executor are checked. If not, restart the wizard.

Related Referencesl https://www.cloudera.com/documentation/enterprise/5-7-x/topics/cm_sg_using_cm_sec_config.html

l HDP-Kerberos: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configuring_amb_hdp_for_kerberos.html

l Microsoft Kerberos Survival Guide: https://so-cial.technet.microsoft.com/wiki/contents/articles/4209.kerberos-survival-guide.aspx

l Microsoft Kerberos Services:

l MSFT KDC REF: https://b-logs.technet.microsoft.com/askds/2008/03/06/kerberos-for-the-busy-admin/

l MSFT KDC REF: https://technet.microsoft.com/en-us/library/cc772815(v=ws.10).aspx


https://www.cloudera.com/documentation/enterprise/5-7-x/topics/cm_sg_using_cm_sec_config.html

https://www.cloudera.com/documentation/enterprise/5-7-x/topics/cm_sg_using_cm_sec_config.html

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configuring_amb_hdp_for_kerberos.html

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configuring_amb_hdp_for_kerberos.html

https://social.technet.microsoft.com/wiki/contents/articles/4209.kerberos-survival-guide.aspx



https://blogs.technet.microsoft.com/askds/2008/03/06/kerberos-for-the-busy-admin/

https://blogs.technet.microsoft.com/askds/2008/03/06/kerberos-for-the-busy-admin/

https://technet.microsoft.com/en-us/library/cc772815(v=ws.10).aspx

https://technet.microsoft.com/en-us/library/cc772815(v=ws.10).aspx

Data Security

Authenticate Kafka Consumer and ProducerSNYPR 6.2 CU4 extends the Secure Sockets Layer (SSL) Kafka communication withKerberos authentication and includes the following protocol types:

l SASL Plaintext Kerberos: Simple Authentication and Security Layer (SASL) is usedover a plaintext channel. Once the SASL authentication is established between theclient and server, the session will have the client’s principal as the authenticateduser. There won’t be any wire encryption in this case, as all the channel com-munication will be over plain text.

l SASL SSL Kerberos: SSL will be established initially and SASL authentication willbe done over SSL. Once SASL authentication is established, the users principal willbe used as the authenticated user. This option is useful if users want to use SASLauthentication (such as Kerberos) with wire encryption.

When you have Kafka configured in your cluster, you need to have additionalconfigurations to enable the Kafka consumer and producer to successfullyauthenticate them in the Kerberos Hadoop cluster.

Follow the steps below to ensure the consumer and producer function properly in thesecure Hadoop environment:

1. Create a jass.conf file with the following content in #cd /opt/keytabs/system:

[root@10-0-77-18 keytabs]# more jaas.conf

Client {


doNotPrompt=true

useKeyTab=true

storeKey=true

useTicketCache=false

refreshKrb5Config=true

isInitiator=true

principal="[email protected]"

keyTab="/opt/keytabs/securonix.keytab";


Data Security

};

[root@10-0-77-18 keytabs]#

2. Create a kafka-jaas.conf file with the following content:

[root@10-0-77-18 certs]# cd /opt/keytabs/

[root@10-0-77-18 keytabs]# ll

total 16

-rwxr-xr-x. 1 securonix securonix 285 Apr 27 15:53 jaas.conf

-rw-r--r--. 1 root root 92 May 1 15:56 kafka-jaas.conf

-rw-------. 1 root root 722 May 1 14:44 kafka.keytab

-rwxr-xr-x. 1 securonix securonix 546 Apr 27 15:16

securonix.keytab

[root@10-0-77-18 keytabs]# less kafka-jaas.conf

[root@10-0-77-18 keytabs]# more kafka-jaas.conf

KafkaClient {


useTicketCache=true;

};

Note: With the approach above, you will need to do kinit first to retrieve the

Kerberos ticket stored in the cache.

3. Add the following command to /etc/profile:

export KAFKA_OPTS=-Djava.security.auth.login.config={Path to

clientjaas.conf}

4. Load the /etc/profile and reinitialize the ticket for securonix.keytab on all

nodes.


Data Security

5. Create a file client.properties file using the following content:

[root@10-0-77-18 certs]# pwd

/opt/certs

[root@10-0-77-18 certs]# ls -lrt

total 16

-rw-r--r--. 1 root root 1011 May 1 12:55 truststore.jks

-rw-r--r--. 1 root root 2332 May 1 13:03 server.jks

-rw-r--r--. 1 root root 302 May 1 15:29 kafka-

saslssl.properties

cd /opt/certs

vi kafka-saslssl.properties

security.protocol=SASL_SSL

sasl.kerberos.service.name=kafka

ssl.truststore.location=/opt/certs/truststore.jks

ssl.truststore.password=securonix24K

ssl.keystore.location=/opt/certs/server.jks

ssl.keystore.password=securonix24K

ssl.key.password=securonix24K

ssl.keystore.type=jks

ssl.truststore.type=jks

6. Obtain the ticket cache with the following content:

kinit -kt /opt/keytabs/securonix.keytab [email protected]

7. Use the following content to test and verify the consumer and producer:

klist

kinit -kt /opt/keytabs/securonix.keytab


Data Security

[email protected]:

klist

8. Launch the Kafka console consumer as follows:

cd /opt/cloudera/parcels/KAFKA/bin/

./kafka-console-consumer --bootstrap-server

10.0.77.18:9093,10.0.77.19:9093,10.0.77.20:9093 --topic

sasltest --from-beginning --

consumer.config /opt/certs/kafka-saslssl.properties

9. Launch the Kafka console producer as follows:

cd /opt/cloudera/parcels/KAFKA/bin/

./kafka-console-producer --broker-list

10.0.77.18:9093,10.0.77.19:9093,10.0.77.20:9093 --

topic sasltest --producer.config /opt/certs/kafka-

saslssl.properties

Related ResourcesThis section provides additional information and links related to this topic:

l How To Guide: http://www.irfanelahi.com/data-science/kafka-console-consumer-producer-kerberos-hadoop/

l Kafka SASL/Kerberos and SSL Implementation: https://cwiki.a-pache.org/confluence/pages/viewpage.action?pageId=51809888

l Cloudera Terminology: https://www.cloudera.com/documentation/kafka/2-0-x/topics/kafka.html


http://www.irfanelahi.com/data-science/kafka-console-consumer-producer-kerberos-hadoop/

http://www.irfanelahi.com/data-science/kafka-console-consumer-producer-kerberos-hadoop/

https://www.cloudera.com/documentation/kafka/2-0-x/topics/kafka.html

https://www.cloudera.com/documentation/kafka/2-0-x/topics/kafka.html

Settings

SettingsThe Settings module enables you to control settings such as general settings, Hadoopcluster settings, UI preferences and more. To access the Settings module, navigate toMenu > Administration > Settings .

From here, you can select which setting you'd like to configure from the left pane. Theleft pane includes the following settings:

l Application Settings

l Archival Settings

l Data Masking

l Hadoop

l Manage Ingesters

l Housekeeping Jobs

l X509 Authentication

l Log Settings

l Manage License


Settings

l SAML Settings

l SMTP Server Settings

l UI Preferences

l CRP/CFP Content Upload

l Spotter Settings

l Control Flag Tracker

l Thread Trends

Click a setting to learn more about what each setting does.


Settings

Configure HadoopSNYPR uses Hadoop technologies including, HDFS, Impala, Kafka, HBase, Solr, andYarn. Once you integrate Hadoop, you must configure your Hadoop settings withinthe SNYPR application.

This section will guide you through the configuration options that are available to you.

To configure Hadoop settings within SNYPR, do the following:

1. Navigate to Menu > Administration > Settings.

2. Click Hadoop from the left pane.

Tip:

l Hide left pane: Click the green X to hide the left pane.

l Show left pane: Click the three green lines to show the left pane.

3. Select one of the following Hadoop distributions for your environment:


Settings

a. Cloudera: Cloudera provides a platform that makes it easy to manage rapidlyincreasing volumes and varieties of data in your enterprise. Cloudera productsand solutions enable you to deploy and manage Apache Hadoop and relatedprojects, manipulate and analyze your data, and keep data secure and pro-tected.

b. Hortonworks: Hortonworks data platform uses Apache Hadoop to managelarge data sets across computer clusters.

4. Click the component you want to configure:


Settings

a. Tenant-Config: Select the tenant provided by Securonix.

b. Kafka: Horizontally scalable message-bus used to manage the delivery of incom-ing security events.

c. Solr: Solr is a popular search platform that provides distributed indexes ofevents for streaming fast, interactive access of security events and violations.Solr can run on HDFS or on disk, so it can be scaled up as needed. Solr is used inSpotter to create complex queries and interactive visualization.

d. Impala / Hive: Impala is massively parallel processing (MPP) SQL query enginefor data stored in a computer cluster running Apache Hadoop. Impala bringsscalable parallel database technology to Hadoop, enabling users to issue low-latency SQL queries to data stored in HDFS and Apache HBase withoutrequiring data movement or transformation.


Settings

Apache Hive is a data warehouse software project built on top of ApacheHadoop for providing data summaries, queries, and analysis. Hive gives an SQL-like interface to query data stored in various databases and file systems thatintegrate with Hadoop.

e. HBase: Hbase is a non-relational (NoSQL) database that runs on top of HDFS.It is an open source NoSQL database that provides real-time read/write accessto large data sets. It can also handle large data sets with billions of rows and mil-lions of columns, and easily combines data sources that use a wide variety of dif-ferent structures and schemas.

f. HDFS: The Hadoop Distributed File System (HDFS) is designed to store verylarge data sets distributed on different data nodes reliably and stream thosedata sets at a high bandwidth to user applications. HDFS stores file systemsmetadata and application data separately. HDFS stores metadata on a ded-icated server, called the NameNode. Application data are stored on other serv-ers called DataNodes.

g. Redis: Redis is a data structures server that supports different kinds of values.In traditional key-value stores, you associate string keys to string values.

Whereas, in Redis you can hold more complex data structures.

h. Spark: The main feature of Spark is the in-memory cluster computing thatincreases the processing speed of an application. Spark is designed to cover awide range of workloads such as batch applications, iterative algorithms, inter-active queries, and streaming. In SNYPR, Spark is used in ingestion, indexing,and analytics algorithms.

5. Do the following, depending on the component you selected in the previous step:

Tenant-Config

The Tenant-Config component is where you will select and configure your tenant.


Settings

a. Complete the following information in the Tenant section:

l Select the available Tenant name: Click the drop-down and select a tenantname.

l Customer Identifier: A unique identifier for a tenant used during Security

Assertion Markup Language (SAML) authentication. It can be passed as anadditional attribute in SAML assertion for tenant mapping. This is usuallyneeded only if the tenant name is expected to change on the provider side.

l Tenant Shortcode:Enter a short code that will help you identify the tenant.

l Tenant Color: Select a color that will help you identify the tenant.

l Tenant-Timezone: Click the drop-down and select a timezone for the ten-ant.

b. Click Save & Next to save your configurations.

c. (Optional) Click to expand the Kafka section below to learn how to configurethe Kafka component.

Kafka

Kafka is a distributed publish-subscribe messaging system that is capable of


Settings

handling trillions of events a day. In SNYPR, Kafka plays very important role inpublishing and consuming activity data/notifications.

Follow the instructions below to configure Kafka

a. Click the Authentication Type drop-down and select one of the following

authentication types:

l NoAuth

l SSL

l Kerberos_With_Truststore

l Kerberos

b. Do the following, depending on what you selected in the previous step:

NoAuth

1. Enter the URL for the Kafka Brokers.

2. Complete the following information in the Topic Details section:


Settings

a. Zookeeper Quorum:The Zookepeer quorum used for kafka.

Example: 10.0.3.185:2181,10.0.3.186:2181,10.0.3.189:2181

b. Preview Topic:Preview Topic used while configuring the ingester datasource.

c. Access Topic: Access Topic Used for Ingesting Access Data.

d. Users Topic: Users are Ingested to User topic.

Example: Securonix-User.


Settings

e. Enriched Topic: The topic name for the Enriched Events. Make sure thatthis topic is created on Kafka.

Example: Securonix-EnrichedEvents

f. External Raw Topic: The topic name for the External Raw Events. Makesure that this topic is created on Kafka.

g. Internal Raw Topic: The topic name for the Internal Raw Events. Makesure that this topic is created on Kafka.

h. Sandbox Raw Topic: The topic name for the Sandbox Raw Events. Makesure that this topic is created on Kafka.

i. Configuration Messages Topic: Configuration changes (such as policychanges) from the user interface are communicated to Spark applicationsusing this topic.

Example: Securonix-UIControlFlags.

j. Indexer Counts Topic: The Indexer SPARK application publishes eventcounts per Resource Group.

Example: Securonix-IndexedEventCounts.

k. Job Tracker Topic: SPARK applications publish the count of eventsprocessed per job for tracking from user interface.

Example: Securonix-JobCountTracker.

l. Log Message Topic: Debug and Information level log messages


Settings

generated by SPARK applications are published to this topic in CEFFormat.

Example: Securonix-OperationalLogs.

m. Violations Topic: Violations are published to this topic for Risk Scorecalculation.

Example: Securonix-Violations.

n. Violations Queue Topic: Violations are published to this topic for Risk

Score calculation.

o. GateWay-Control Topic: Sends requests to and receives responses from

the Gateway.

p. Software Update Topic: This topic is for pushing or downloading

artifacts to or from gateway.

q. Tier2 Topic: Summary and the behavior analytics is done on the events

that get published to the Tier2 topic.

Example: Securonix-tiertwo.

r. AEE Tier2 Topic: Provides a topic where events filtered from IEE arechanneled to the AEE spark processor.

s. Metadata Topic: Allows non-activity imports from RIN. The name of the

topic should always start with snypr-metadata.

t. TPI Topic: Used for third-party integration (TPI) RIN import.

3. Complete the following information in the Kafka Message Settings section:


Settings


Settings

a. Max Message Size: Maximum size in bytes for a single message sent tothe Kafka topics.

b. Batch Size: Upper limit in bytes of how many messages Kafka producerwill attempt to batch before sending. (Default is 16K bytes – 16 mes-sages if each message is 1K in size).

c. Linger: Time in milliseconds to wait prior to publishing events. If fewermessages are collected than batch size, the producer will wait for this spe-cified time.

d. Compression Type: Messages are compressed prior to publishing.Choose the compression technique to use.

e. Failed Events Folder: If kafka producer fails to publish events then theseevents will be moved to a local folder.

f. Failed Events Folder Size in Bytes: Maximum storage space in bytes forstoring failed events.

g. Interval to check failed events: Retry interval in milliseconds to waitprior to checking Failed Events Folder.

h. Enrichment Compression Batch Size: Number of Events that should be

compressed into a single message to send to the Enrichment Topic.

Note: The recommendation is 10,000.

i. Raw Compression Batch Size: Number of Events that should be com-pressed into a single message to send to the Raw Topic.

1.Note: The recommendation is 10,000.

4. Click Save & Next.

SSL

1. Enter the URL for the Kafka Brokers in the Broker field.


Settings

2. Complete the following information in the next 4 sections, including ClientSSL Configuration for Console, Client SSL Configuration for Cluster,Broker SSL Configuration for Console, and Broker SSL Configuration forCluster:

a. Key Password: Provide the SSL password.

b. Key Store Location: Provide the Key store Location.

c. Key Store Password: Provide the Key Store password.

d. Trust Store Location: Provide the trust store location.

e. Trust Store Password: Provide the trust store Password.


Settings


a. Zookeeper Quorum: Zookepeer quorum used for kafka.

b. Preview Topic: Preview topic used while configuring the ingester datasource.


Settings

c. Access Topic: Access topic used for ingesting access data.

d. Users Topic: Users are ingested to the user topic.

e. Enriched Topic: The topic name for the enriched events. This topic needsto be created on Kafka.

f. External Raw Topic: The topic name for the external raw events.

g. Internal Raw Topic: The topic name for the Internal raw events.

h. Sandbox Raw Topic: The topic name for the Sandbox Raw Events. Make

sure that this topic is created on Kafka.

i. Configuration Messages Topic: Configuration changes from user inter-face are communicated to Spark applications using this topic.

j. Indexer Counts Topic: The Indexer Spark application publishes eventcounts per resource group.

k. Job Tracker Topic: SPARK applications publish the count of events pro-cessed per job for tracking from user interface.

l. Log Message Topic: Debug and Information level log messages gen-erated by SPARK applications are published to this topic in CEF Format.

m. Violations Topic: Violations are published to this topic for risk score cal-culation.

n. Violation Queue Topic:Violations are published to this topic for riskscore calculation, for example Securonix-violationqueue.

o. Gateway-Control Topic:For sending and receiving request and responsefrom gateway.

p. Software Update Topic: Used for pushing or downloading artifacts to orfrom the Gateway.

q. Tier2 Topic: Summary and the behavior analytics is done on the eventsthat get published to the Tier2 topic.


Settings

r. AEE Tier2 Topic: Provides a topic where events filtered from IndividualEvent Evaluator (IEE) is channeled to Aggregated Event Evaluator (AEE)spark processor.

s. Metadata Topic: Allows non-activity imports from the RIN. The name of

the topic should always start with snypr-metadata.

t. TPI Topic: Used for the TPI RIN Import.

4. Complete the following information in the Kafka Message Settings section:


Settings


Settings



c. Linger: Time in milliseconds to wait prior to publishing events. If fewermessages are collected than batch size, the producer will linger for thisspecified time.







Tip: The recommendation is 10,000.

i. Raw Compression Batch Size: Number of Events that should becompressed into a single message to send to the Raw Topic.




Settings

Kerberos_With_Truststore

1. Complete the following information in the Authentication Type section:

a. Host FDQN: The fully qualified domain name of the host.

b. Key Tab Path: A file containing pairs of Kerberos principals and encryp-ted keys, which are derived from the Kerberos password.

c. Principal: An identity that Kerberos is able to authenticate. Principalsmay represent users, network hosts, or network services.

d. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers.

e. Service Name: The service name of the server.

f. Jaas Conf File Path: Enter the Java Authentication and Authorization

Service (JAAS) Conf file path.


Settings

g. Authentication Mechanism: Type the authentication mechanism.

h. Broker: The URL for the Kafka Brokers.

2. Complete the following information in the next 4 sections, including ClientSSL Configuration for Cluster, Broker SSL Configuration for Console,Broker SSL Configuration for Cluster, and Broker SSL Configuration forCluster:

a. Key Password: Provide the SSL password.

b. Key Store Location: Provide the Key store Location.

c. Key Store Password: Provide the Key Store password.

d. Trust Store Location: Provide the trust store location.

e. Trust Store Password: Provide the trust store Password.



Settings






Settings

e. Enriched Topic: The topic name for the enriched events. Make sure thatthis topic is created on Kafka.




i. Configuration Messages Topic: Configuration changes from user inter-face are communicated to SPARK applications using this topic.

j. Indexer Counts Topic: The Indexer SPARK application publishes eventcounts per resource group.





o. Gateway-Control Topic: For sending and receiving request and responsefrom gateway.

p. Software Update Topic: Used for pushing or downloading artifacts toor from the Gateway.



Settings




t. TPI Topic: Used for the TPI RIN import.

4. Complete the following in the Kafka Message Settings section:


Settings


Settings











i. Raw Compression Batch Size: Number of Events that should be

compressed into a single message to send to the Raw Topic.




Settings

Kerberos


a. Host FDQN: The fully qualified domain name of the host.

b. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers.

c. Key Tab Path: A file containing pairs of Kerberos principals and encryp-ted keys, which are derived from the Kerberos password.

d. Principal: An identity that Kerberos is able to authenticate. Principalsmay represent users, network hosts, or network services.

e. Jaas Conf File Path: Enter the Java Authentication and Authorization Ser-vice (JAAS) Conf file path.

f. Service Name: The service name of the server.



Settings

h. Broker: The URL for the Kafka Brokers.



Settings





e. Enriched Topic: The topic name for the enriched events. Make sure thatthis topic is created on Kafka.




i. Configuration Messages Topic: Configuration changes from user inter-

face are communicated to Spark applications using this topic.

j. Indexer Counts Topic: The Indexer Spark application publishes eventcounts per resource group.





o. Gateway-Control Topic: For sending and receiving request and responsefrom gateway.


Settings

p. Software Update Topic: Used for pushing or downloading artifacts toor from the Gateway.





t. TPI Topic: Used for the TPI RIN import.

3. Complete the following in the Kafka Message Settings section:


Settings


Settings











i. Raw Compression Batch Size: Number of Events that should be

compressed into a single message to send to the Raw Topic.



Solr

a. Click the Authentication Type drop-down and select one of the following


Settings

authentication types:

l NoAuth

l Kerberos

l LDAP


l SSL

l Basic

l Basic_With_SSL


NoAuth



Settings

a. ZK Quorum: Enter the Zookeeper quorum used for Solr.

b. Solr Zookeeper Connection Timeout: Enter the Solr Zookeeper con-nection timeout.

c. Solr Zookeeper Session Timeout: Enter the Solr Zookeeper sessiontimeout.

a. Solr Version: Click the drop-down and select a Solr version.

Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be

disabled.

b. Solr Storage: Click the drop-down and select a Solr version.


Settings


disabled.

c. Enable Replica Creation Mode: Set to YES to enable this setting.

d. Replica Creation Mode: The replica type created on primary and

secondary servers when High Availability is enabled.

l DEFAULT: Supports active searching and indexing on all replicas. Theprimary and secondary replica type is NRT.

Note: This option is only available for SOLR6 or lower.

l TLOG_TLOG: Supports active searching and indexing on all replicas.The replica type is TLOG.

l TLOG_PULL: Allows searches to be directed only to secondary serv-ers, however, indexing stops when the primary server goes down. The

primary replica type is TLOG, and secondary replica type is PULL.

2. Complete the following information in the Collection Details section:


Settings

a. Type: The type of collection.

b. Name: The name of the collection.

c. No Of Shards: Enter the number of shards.

d. Replication Factor: Enter the replication factor.

3. Do the following in the Solr Additional Settings section:

a. Batch Size: Number of events indexed during single commit to Solr whileindexing

b. Inter Batch Sleep: Duration in millisecond to wait before retrying indexfor a failed batch.

c. Collection Soft Threshold: Size of the document each collection shouldhave if multiple collections are enabled. This is only a soft threshold andeach collection will have documents near to the configured value.

d. Create Force Collection: This allows you to create collection forcefullyfrom the UI whenever new cores get added to Solr.



Settings

Kerberos


a. Host FQDN: The fully qualified domain name of the host.

b. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers (similar to acluster).


Settings

c. Key Tab Path: A file containing pairs of Kerberos principals and encryp-ted keys (which are derived from the Kerberos password).


e. Jaas Conf File Path: Enter the Java Authentication and Authorization Ser-vice (JAAS) Conf file path.

f. Service Name: Enter the service name.


h. ZK Quorum: Zookeeper quorum used for Solr. e.g :[snyper-10-0-3-150.securonix.com,snyper-10-0-3-151.securonix.com,snyper-10-0-3-152.securonix.com:2181/solr]

i. Solr Zookeeper Connection Timeout: Solr Zookeeper connectiontimeout.

j. Solr Zookeeper Session Timeout: Solr Zookeeper session timeout.

k. Solr Version: Click the drop-down and select a Solr version.


disabled.

l. Solr Storage: Click the drop-down and select the Solr storage.


disabled.

m. Enable Replica Creation Mode: Set to YES to enable this setting.

n. Replica Creation Mode: The replica type created on primary and



Settings




l TLOG_PULL: Allows searches to be directed only to secondary serv-ers, however, indexing stops when the primary server goes down. Theprimary replica type is TLOG, and secondary replica type is PULL.

2. Complete the following information in the Collection Details:





3. Complete the following information in the Solr Additional Settings section:


Settings






LDAP



Settings

a. Username: Enter the username.

b. Password: Enter a password.

c. ZK Quorum: Zookeeper quorum used for Solr. e.g :[snyper-10-0-3-150.securonix.com,snyper-10-0-3-151.securonix.com,snyper-10-0-3-152.securonix.com:2181/solr]

d. Solr Zookeeper Connection Timeout: Solr Zookeeper connectiontimeout.

e. Solr Zookeeper Session Timeout: Solr Zookeeper session timeout.


Settings

f. Solr Version: Click the drop-down and select a Solr version.


disabled.

g. Solr Storage: Click the drop-down and select the Solr storage.


disabled.

h. Enable Replica Creation Mode: Set to YES to enable this setting.

i. Replica Creation Mode: The replica type created on primary and






2. Complete the following information in the Collection Details:


Settings





3. Do the following in the Solr Additional Settings section:


Settings









Settings

d. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers (similar to acluster).


f. Trust Store Path: The Trust Store path.

g. Trust Store Password: The Trust Store password.

a. Jaas Conf File Path: Enter the Jaas Conf file path.

b. SSL Value: Enter the SSL value.

c. Authentication Mechanism: Enter the authentication mechanism.

d. ZK Quorum: Zookeeper quorum used for Solr. e.g :[snyper-10-0-3-150.securonix.com,snyper-10-0-3-151.securonix.com,snyper-10-0-3-152.securonix.com:2181/solr]

e. Solr Zookeeper Connection Timeout: Solr Zookeeper connectiontimeout.

f. Solr Zookeeper Session Timeout: Solr Zookeeper session timeout.

g. Solr Version: Click the drop-down and select a Solr version.


disabled.

h. Solr Storage: Click the drop-down and select the Solr storage.


disabled.

i. Enable Replica Creation Mode: Set to YES to enable this setting.

j. Replica Creation Mode: The replica type created on primary and



Settings





2. Provide the following information in the Collection Details section:







Settings






SSL



Settings

a. Trust Store Location: Enter the trust store location.

b. Trust Store Password: Enter the trust store password.

c. ZK Quorum: Zookeeper quorum used for Solr. e.g :[snyper-10-0-3-150.securonix.com,snyper-10-0-3-151.securonix.com,snyper-10-0-3-

152.securonix.com:2181/solr]

d. Solr Zookeeper Connection Timeout: Solr Zookeeper connectiontimeout.

e. Solr Zookeeper Session Timeout: Solr Zookeeper session timeout.



disabled.



Settings


disabled.







l TLOG_PULL: Allows searches to be directed only to secondary serv-ers, however, indexing stops when the primary server goes down. The

primary replica type is TLOG, and secondary replica type is PULL.



Settings












Settings

Basic


a. Username: Enter the username for basic authentication.

b. Password: Enter the password for basic authentication.

c. Zookeeper Quorum: Enter the Zookepeer quorum used for Kafka.

d. Solr Zookeeper Connection Timeout: Enter the Solr Zookeeper

connection timeout.

e. Solr Zookeeper Session Timeout: Enter the Solr Zookeeper session

timeout.



disabled.


Settings



disabled.










Settings












Settings

Basic_With_SSL


a. Truststore Location: Enter the truststore location for basic SSL

authentication.

b. Truststore Password: Enter the truststore password for basic SSL

authentication.

c. Username: Enter the username for SSL authentication.

d. Password: Enter the password for SSL authentication.

e. Zookeeper Quorum: Enter the Zookepeer quorum used for Kafka.



disabled.


Settings



disabled.










Settings












Settings

Impala/Hive

a. Click the Authentication Type drop-down and select one of the followingauthentication types:

l NoAuth

l Kerberos

l LDAP


l SSL


NoAuth

1. Complete the following information in the Authentication and ConnectionDetails section:


Settings

a. Connection URL: Enter the Connection URL of Impala in the followingformat: sobdin244.securonix.com:21050.

b. Hive Username: Enter the Hive username. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.

c. Hive Password: Enter the Hive password. Leave this field blank if Secure

Hive User is not setup or if the cluster is not secure.

d. Database: Enter the database name to use.

e. Table Prefix: Table prefix name to use for resources.

f. JDBC Driver: JDBC Driver name.

g. (Optional) JDBC Extra parameters: The string specified in this field willbe appended to the connection string.

h. Partitions Per Page: Enter the number of partitions per page. Hive organ-izes tables into partitions distributed to multiple hosts. Partition makesit easy to query relevant portions of data.

2. Enter the Hive URL that you want to be used for running Hive reports.

3. Complete the following information in the section:


Settings

a. Hive On Sparks Properties: Enter the Hive on Sparks properties.

b. Connection Pool Properties: Enter the connection pool properties.


Kerberos



Settings





e. Jaas Conf File Path: Enter the Jaas Conf file path.


Settings


g. Authentication Mechanism: Enter the authentication mechanism.

h. Connection URL: Enter the Connection URL of Impala in the followingformat: sobdin244.securonix.com:21050.

i. Hive Password: Enter the Hive password. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.

j. Hive Username: Enter the Hive username. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.

k. Database: Enter the database name to use.

l. Table Prefix: Table prefix name to use for resources.

m. JDBC Driver: JDBC driver name.

n. (Optional) JDBC Extra parameters: The string specified in this field willbe appended to the connection string .

o. Partitions Per Page: Enter the partitions per page.



Settings





LDAP



Settings


Settings

a. Username: Enter the username for LDAP authentication.

b. Password: Enter the password for LDAP authentication.

c. Connection URL: Enter the Connection URL of Impala in the followingformat: sobdin244.securonix.com:21050.

d. Hive Username: Enter the Hive username. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.

e. Hive Password: Enter the Hive password. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.

a. Database: Enter the database name to use.

b. Table Prefix: Table prefix name to use for resources.

c. JDBC Driver: JDBC Driver name.

d. JDBC Extra parameters: The string specified in this field will be appen-ded to the connection string. JDBC extra parameters are not mandatory.

e. Partitions per page: Enter the number of partitions per page.



Settings








Settings




d. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers (similar to a


Settings

cluster).


f. Trust Store Path: @Trust Store Path.

g. Trust Store Password: @Trust Store Password.

h. Jaas Conf File Path: Enter the Jaas Conf file path.

i. SSL Value: Enter the SSL value.

j. Authentication Mechanism: Enter the authentication mechanism.

k. Connection URL: Enter the connection URL of Impala in the followingformat: sobdin244.securonix.com:21050.

l. Hive Username: Enter the Hive username. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.

m. Hive Password: Enter the Hive password. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.

n. Database: Enter the database name to use.

o. Table Prefix: Table prefix name to use for resources.

p. JDBC Driver: JDBC driver name.

q. (Optional) JDBC Extra parameters: The string specified in this field willbe appended to the connection string.

r. Partitions Per Page: Enter the partitions per page.



Settings





SSL



Settings

a. Trust Store Location: Enter the key store location.

b. Trust Store Password: Enter the key store password.

c. Connection URL: Enter the Connection URL of Impala in the followingformat: sobdin244.securonix.com:21050.

d. Hive Username: Enter the Hive username. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.

e. Hive Password: Enter the Hive password. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.

a. Database: Enter the database name to use.

b. Table Prefix: Table prefix name to use for resources.

c. JDBC Driver: JDBC Driver name.

d. (Optional) JDBC Extra parameters: The string specified in this field will


Settings

be appended to the connection string.

e. Partitions Per Page: Enter the partitions per page.







Settings

HBase

a. Click the Authentication Type drop-down and select one of the followingoptions:

l NoAuth

l Kerberos

l LDAP



NoAuth



Settings

a. Name Space: Enter the name space name for HBase.

b. Split Tables: Select one of the following options:


Settings

l YES: Enables you to split tables.

l NO: This option does not let you split tables.

HBase stores rows of data in tables. Tables are split into chunks of rowscalled “regions”. Those regions are distributed across the cluster, hostedby RegionServers.

c. (Optional) Regions: This field only displays if you set Split Tables to YES.Enter the number of regions.

d. Resources: Resources required to connect to HBase. The core-site.xml

file contains basic Hadoop configuration settings for Hadoop Core such

as I/O settings that are common to HDFS. The hbase-site.xml file

contains the configuration settings for HBase daemons.

Example: file:///etc/hbase/conf/hbase-site.xml


Kerberos



Settings



c. Key Tab Path: a file containing pairs of Kerberos principals and encryp-ted keys, which are derived from the Kerberos password.


Settings





h. Name Space: Enter name space name for HBase.

i. Split Tables: This toggle has two options:

l YES: Set to YES to split tables.

l NO: Set to NO if you don't want to split tables.


j. Regions: This field only displays if you set Split Tables to YES. Enter thenumber of regions.

k. Resources: Resources required to connect to HBase.

The core-site.xml file contains basic Hadoop configuration settings for

Hadoop Core such as I/O settings that are common to HDFS. The hbase-

site.xml file contains the configuration settings for HBase daemons.



LDAP



Settings


Settings

a. Username: Enter the username for LDAP authentication.

b. Password: Enter the password for LDAP authentication.

c. Name Space: Enter name space name for HBase.

d. Split Tables: This toggle has two options:



e. Regions: This field only displays if you set Split Tables to YES. Enter thenumber of regions.

f. Resources: Resources required to connect to HBase. The core-site.xml

file contains basic Hadoop configuration settings for Hadoop Core such

as I/O settings that are common to HDFS. The hbase-site.xml file

contains the configuration settings for HBase daemons.





Settings




d. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers (similar to a


Settings

cluster).




h. Jaas Conf File Path: Enter the Jaas Conf file path.

i. SSL Value: Enter the SSL value.

j. Authentication Mechanism: Enter the authentication mechanism.

k. Name Space: Enter name space name for HBase.

l. Split Tables: This toggle has two options:




m. Regions: This field only displays if you set Split Tables to YES. Enter thenumber of regions.

n. Resources: Resources required to connect to HBase.



HDFS

a. Click the Authentication Type drop-down and select one of the followingoptions:


Settings

l NoAuth

l Kerberos

l LDAP



NoAuth



Settings

a. HDFS Site: Enter the HDFS site required to connect to HDFS.

Example: file:///etc/hadoop/conf/hdfs-site.xml

b. Core Site: Enter the HDFS core site required to connect to HDFS.


Settings

c. Cluster HDFS Site: Enter the HDFS core site required to connect to theHDFS cluster.

d. Cluster Core Site: Enter the HDFS core site required to connect to theHDFS cluster.

2. Complete the following information in the HDFS Connection Detailssection:


Settings


Settings

a. Username: Enter the user name of HDFS.

b. Working Directory: Enter the working directory.

c. Product Directory: Enter the product directory.

d. HDFS Directory for storing UnParsed Events: Enter the path to the dir-ectory in HDFS where all unparsed events are stored.

e. HDFS Directory for storing whitelists/temporary files for analyzingProxy Events: Enter the root path of directory in HDFS for all Proxydata storage.

f. HDFS Directory for storing Violations: Enter the path to the directoryin HDFS where all violations are stored.


Kerberos



Settings





Settings





h. HDFS Site: Enter the HDFS site required to connect to HDFS.

i. Core Site: Enter the HDFS Core site required to connect to HDFS.

j. Cluster HDFS Site: Enter the HDFS Cluster site required to connect toHDFS Cluster.

k. Cluster Core Site: Enter the HDFS Cluster Core site required to connectto HDFS Cluster.

2. Complete the following information in the HDFS Connection Details

section:


Settings


Settings

a. Username: Specify the user name of HDFS.

b. Working Directory: Specify the working directory.

c. Product Directory: Specify the product directory.

d. HDFS Directory for storing UnParsed Events: The path to the directory

in HDFS where all unparsed events are stored.

Example: /user/securonix/unparsed

e. HDFS Directory for storing whitelists/temporary files for analyzingProxy Events: The root path of directory in HDFS for all proxy data stor-age.

f. HDFS Directory for storing Violations: The path to the directory inHDFS where all violations are stored.


LDAP



Settings


Settings

a. Username: The username for LDAP authentication.

b. Password: The password for LDAP authentication.

c. HDFS Site: The HDFS site required to connect to HDFS.

d. Core Site: The HDFS Core site required to connect to HDFS.

e. Cluster HDFS Site: The HDFS Cluster site required to connect to HDFScluster.

f. Cluster Core Site: The HDFS Cluster Core site required to connect toHDFS cluster.



Settings


Settings










Kerberos_With_Tuststore



Settings


Settings




d. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers (similar to acluster).





Settings

h. Jaas Conf File Path: Specify the Jaas Conf file path.

i. SSL Value: Specify the SSL value.


Settings

j. Authentication Mechanism: Specify the authentication mechanism.

k. HDFS Site: The HDFS site required to connect to HDFS.

l. Core Site: The HDFS core site required to connect to HDFS.

m. Cluster HDFS Site: The HDFS Cluster site required to connect to HDFScluster.

n. Cluster Core Site: The HDFS Cluster Core site required to connect toHDFS cluster.



Settings


Settings










Redis

a. Enter the IP address or host name in the Enter the Node for Redis field.

b. (Optional) If you want to add a node, click + Add Node then enter the IPaddress or host name in the Enter the Node for Redis field that displays.


Settings

To remove the node, click the red - icon to the right of the field.

c. Complete the following information in the Redis Connection Details section:


Settings

1. Password: Specify the password.

2. Connection Pool Size: Specify the pool size for the Redis connection. Con-nection pools create a set of ready-made connections that you can use asneeded. When done, the connection is returned to the connection pool forfurther reuse.

d. Click Save & Next.

Spark

a. Complete the following information in the Spark Details section:


Settings

1. Spark Defaults: Specify the spark defaults required to run Spark.

2. Enable Kerberos: Set to YES to enable Kerberos.

l Key Tab Path for connecting to Yarn Master server: This option onlydisplays when you set Enable Kerberos to YES. Specify the path of thekey tab file.


Settings

l Principal for connecting to Yarn Master server: Principal forauthentication.

3. Yarn Master IP: Specify the Yarn master IP.

4. Yarn Site: Specify the Yarn site.

b. Click Finish.


Settings

Configure General SettingsFrom this screen, configure SNYPR general application settings such as time zone, webservices, SSO, and quick links.

To configure the application settings, do the following:


Settings

1. Navigate to Menu > Administration > Settings. By default, you will be directed tothe Application Settings page.

2. Complete the following in the General Settings section:


Settings

a. Application Time zone: Select time zone of the application server.

b. Database Time zone: The time zone for the database server.

c. Date Format: Select from multiple date/time formats from the drop-down box.

d. Session Timeout: Enter a timeout period for sessions in seconds.

e. Web Service Session Timeout: Enter period in seconds after which the sessionexpires for webservices request.

f. Web Services: Set to YES to enable the application to use web services.

g. Web Service Session Timeout: Enter the time period in seconds after whichthe session expires.

h. IP Validation during Token authentication: Set to YES to enable IP Validationduring token authentication during token authentication.

3. Complete following information in the Data Import Settings section:

Note: These settings are for advanced users only.


Settings

The application is multi-threaded to perform parallel processing. Each event file isprocessed by spawning multiple threads. Each thread simultaneously parses theevent log file, performs correlation, and inserts the processed log into the database.You can configure the settings for various data import activities in this section.


Settings

a. Multi threading: Do the following, depending on what you select in this field:

YES

1. Provide the following information for Activity Import:

a. Maximum Threads: The number of threads that are spawned during theimport of activities and events. (The default is 30.)

b. Maximum Lines Per Thread: The number of lines provided that are

processed by each thread. (The default value is 20000.) Each user file is

processed by spawning multiple threads. Each thread simultaneously

parses the user file, checks for identity lifecycle changes, and inserts the

processed data into the database.

2. Provide the following information for User Import:

a. Maximum Threads: The number of threads that are spawned during theimport of users. (The default value is 20.)

b. Maximum Lines Per Thread: The number of lines provided that are


Settings

processed by each thread. (The default value is 10000.)

3. Continue to step 3.b.

NO

1. Skip to the step 3.b.

b. Preview data refresh interval: Specify the number of minutes for which thepreview data is cached. During this period, if the Preview button is clickedagain, the application retrieves preview data from cache, otherwise refreshesfrom the data source. (The default value is 30.)

c. Do you want to set Invalid Events Threshold: Do the following, depending onwhat you select in this field:


Settings

YES

1. Set an invalid threshold and invalid events count threshold to skip eventparsing for further events.

2. Continue to step 3.d.

NO

1. Skip to step 3.d.

d. Save events after each file imported: Pick one of the following options:

l YES: Set to YES if you wish to save the events after each file is processed.

l NO: Set to NO if you want all the files with same file pattern to beprocessed before saving files to the database.

e. Split input event file into smaller files: Set to YES if you want to split the input

file to smaller chunks for processing.

Note: If an extremely large file is encountered (greater than 1 GB), you can

split the file to increase the processing speed.

f. Lines per file: Enter the number of lines to be present in each file.

g. Clear correlation: Set to YES if you want the disabled access account to be anorphan and remove the past correlation (disabled during access import).

h. Clear attributes: Set to YES to remove all access attributes from the disabledaccess account (disabled during access import).

i. Ignore account name case: Set to YES to import all access accounts as all uppercase. If the same access account name is encountered with lower case and uppercase, this setting prevents duplicate account names.

4. Complete the following information in the Single Sign-On section:


Settings

This section enables the application for user authentication and Single Sign-on

(SSO).

a. Enable Single Sign On: Set to YES to enable Single Sign-On.

b. Hostname: Enter the URL for the host.

Example: Company.com.

c. Logout URL: Enter the logout URL.

Example: http://www.google.com.

Once you are logged out, you will be redirected the Logout URL above.

d. Login URL: Enter the single sign-on (SSO) login URL.


Settings

5. Complete the following in the Quick Links section:

This section allows you to add menu items to the main menu:

a. Menu Title: This field determines the label that appears on the Menu Bar.

b. Name: This determines the link name under the main Menu Bar name.

c. Protocol: Select either http or https.

d. Url: Enter the URL that you want to link to when users click the item under theMenu Bar.

e. Order: This determines the order that in which the links appear under theMenu Bar.

f. +/-: Click the plus sign to add another Quick Link item. Click the minus sign to

remove an existing item.

6. Complete the following information in the Startup Jobs section:


Settings

a. Name: Name of the job.

b. Enable: Select YES to initialize a job that does not exist yet. Select NO todisable an existing job.

c. Force re-schedule: Select YES if the configuration is changed. On the nextstartup, the existing job will be disabled, a new job will be created with a newconfiguration, and the flag will be reset to NO.

d. Frequency: This determines the frequency of the job. Valid values are once,seconds, minutes, hourly, daily, weekly, monthly, or yearly.

e. Time: Time at which job should be rerun. Format is HH:MM:SS.

f. Interval: This specifies the interval after which the job should be rerun. Thisfield uses the value set in Frequency; for example, if you want a job to run everyminute, you could set the Frequency to minutes and the Interval to 1, or

Frequency to seconds and Interval to 60.

7. Click Save at the bottom of the screen when you have finished making changes tothe Application Settings.


Settings

Enable/Configure Data MaskingData masking allows you to hide original data to protect sensitive information forusers and entities, including activity and access accounts, resource names, IPAddresses, and other event attributes that could contain personally identifiableinformation (PII).

To mask data, do the following;


2. Click Data Masking from the left pane, then clickMasking Summary.


Settings

3. By default, data masking is disabled. To enable and configure data masking, click

Edit.

4. Complete the following information in the Select Entities section:


Settings

a. Mask Users Attributes: Set to YES to masks attributes for all users.

The left panel lists the available user attributes that can be masked. To mask auser attribute, click the attribute name, then click the right arrow (>) to movethe selected attribute to the right panel.


Settings

The example above masked lastname and employeeid. When you save and runthe job, those user attributes will be masked as seen in the following image:

b. Do you want to enable conditional masking?: Set to YES to mask all users datawith conditional masking. When you set this field to YES, the following tablewill display:


Settings

The previous image is configured to mask all users whose Department =Engineering. When you run the job after enabling conditional masking ondepartment= "engineering", all users who belong to the engineering departmentare masked as shown below:

c. Mask Activity Account: Set to YES to mask all the activity account names

globally.

d. Mask IP Address: Set to YES to masks the IP address for all the datasources.

e. Mask Resource Name: Masks all the resource names globally. The followingfigures shows an example a masked resourcename.

5. Click Next at the top of the screen.


Settings

6. (Optional) Click Add Datasource Attributes to add the datasource attributes.

a. Complete the following information in the Add Datasource Attributes pop-up:

l Select Datasource: Click the drop-down and select a datasource.

l Datasource attributes to mask event data: Click the datasource attribute(s)you want to mask from the left panel, and move them to the right panel byclicking the right arrow (>).

b. Click Add.

7. Click Next.

8. (Optional) Click Add Datasource Attributes to add the datasource attributes.


Settings

a. Complete the following information in the Add Datasource Attributes pop-up:

l Select Datasource: Click the drop-down and select a datasource.

l Datasource attributes to mask event data: Click the datasource attribute(s)you want to mask from the left panel, and move them to the right panel byclicking the right arrow (>).

b. Click Add.

Note: The Global Mode settings for masking event attributes override the

Datasource Mode settings.

9. Click Save and Run to enable masking in the user interface.


Settings

Masking Job DetailsFrom this screen, you can view or delete details about masking or unmasking jobs,including the type of activity (masking/unmasking), the user who performed theactivity, and the time of the activity.

Note: When masking jobs are deleted, the activity is recorded in the Audit Log.

To view or delete the masking job details, do the following:


2. Click Data Masking from the left pane, then clickMasking Job Details.

TheMasking Job Details screen will display:


Settings

On this screen you can find masking job details, such as the Job Name, CreationDate, Start Date, and Job Status.

3. (Optional) To delete a job from this screen, click Delete Job.


Settings

Manage IngestersThe Remote Ingester is a lightweight Java program that is used to forward logs in realtime from remote servers to the SNYPR Kafka brokers. This real-time log forwardingto Kafka brokers provides the ability to ingest and analyze events as soon as they aregenerated.

From theManage Ingesters screen, you can enable and disable the remote ingestersconfigured in your environment. See Deploy the Remote Ingester for more detailsabout configuring the remote ingester.

Action IconsThe action icons on theManage Ingesters screen are used to perform specificactivities. The table below lists the action icons along with a brief description of itspurpose:

Icon Name Description

Stop

Stops the

individual

ingester.

Start

Starts the

individual

ingester.

RestartRestarts the

ingester.

Download

Downloads the

logs for individual

ingester.


Settings

Icon Name Description

Additional options

l Create new

syslog source

()

l View syslogconfiguration

Refresh all

Refreshes

content for all the

ingesters on the

screen.

To manage ingesters, do the following:


2. ClickManage Ingesters from the left pane.


Settings

You can manage the status of one or multiple RINs from theManage Ingestersscreen. This screen shows individual ingester details, ingester status, and availableactions per ingester.

Each individual ingester has either a green, yellow, or red color to reflect the statusof the ingester connection:

l Green: The application is successfully connected to the ingester and is running.

l Yellow: The ingester status is refreshing.

l Red: The application failed to connect to the Ingester and has stopped.

3. (Optional) To add a new syslog source for a specific ingester, click AdditionalOptions > Create/Edit Source.

A list of existing sources display in a pop-up for the ingester. Click + Create new toadd a new source.


Settings

Specify the Source name and Source expression. The Source Name is used as anidentifier in the source statement of the syslog-ng configuration file to receive logmessages. The Source expression is used to build the source statement.


Settings

Click Create.

Note: Any changes that are made are written to a specific section in the

"syslogng.conf" file that have been reserved for sources() and syslog filters()

configured from the UI.

Warning: Do not make changes to this section of the "syslogng.conf" file from the

back-end. Any change made from the UI will override the changes made from the

back-end.


Settings

Manage Installed Licenses and ProductsThe Manage License settings allows you to review your licenses installed with theapplication and view details about your current licenses, including:

l Number of users and resources licensed

l License issue and expiration date

l Issuer details

To manage installed licenses and products, do the following:


2. ClickManage License from the left pane.


Settings

3. Do the following, depending on what action you want to take:

I want to uninstall my license

1. Click Uninstall in the Installed License & Products section.

A pop-up will display confirming that you want to uninstall the license.


Settings

2. Click Yes, Uninstall License.

I want to install/upgrade a license

1. Complete the following information in the Install/Upgrade License section:

a. (Optional) Select existing license file: Click the drop-down to select anexisting license file.


Settings

b. (Optional) Upload new license file: Click to upload a new license file.

c. Enter Activation Key: Enter the activation key that has been provided.

2. Click Install.


Settings

Enable LDAP AuthenticationLDAP user authentication validates a username and password combination with adirectory server such MS Active Directory. By default, the application authenticatesagainst the local MySQL data store. However, this can be changed to authenticate theusers against Active Directory.

This section describes the steps required to enable LDAP authentication in SNYPR.

Before You BeginThis section lists the minimum requirements you must complete before you enableLDAP Authentication:

1. The LDAP account should have read permissions for the organizational unit againstwhich the application authenticates.

2. Identify the DN (Distinguished Name) for the account. For example: cn=svc_[DN];OU=ServiceAccounts;DC=[DN];DC=com.

3. Identify the following additional parameters that are required for AD authen-

tication:

l The IP address/hostname of the domain controller.

l The OU (organizational units) containing the different users that should beauthenticated.

4. Install root / intermediate certificates in java cacerts (used by the application) to

establish secure ldap connection.

5. Identify if the authorization will happen using Active Directory roles or SNYPRroles. Create an appropriate role in SNYPR with same name as the Active Directorygroup name of the authenticated user. For example, if group name in ActiveDirectory is Template1 then role in SNYPR should be Role_Template1.

Enable LDAP AuthenticationTo enable LDAP Authentication, do the following:


Settings


2. Click LDAP Authentication from the left pane.

3. Set Enable LDAP Authentication to YES.

4. Complete the following information in the LDAP Authentication section:


Settings

a. Server: Enter the IP address for Active Directory (ldap://[ip]:[port]/).

b. Base: Enter the base directory to start the search. For example, dc=m-mycompany,dc=com].

c. Actions: Click + to add an action or click - to delete an action.

d. Manager DN: Enter the appropriate Manager DN.

e. Manager Password: Enter the appropriate Manager Password.

f. Retrieve Database Roles: Select whether to retrieve additional roles from the

database using the User/Role many-to-many.

g. Retrieve Group Roles: Select whether to infer roles based on group mem-bership.

h. Ignore Partial Result Exception: Select whether to ignore partial result excep-tions.

i. Search Subtree: Select whether you want to search in subtrees.

j. Search Filter: This is the pattern to be used for the user search. For Example,{0} is the user’s DN.

k. Group Search Base: Enter the base DN from which the search for group mem-bership should be performed.


Settings

l. Group Search Filter: Enter the pattern to be used for the user search. Forexample, {0} is the user’s DN.

m. Group Role Attribute: Enter the ID of the attribute which contains the rolename for a group.

5. Click Save.


Settings

Enable/Disable X509 AuthenticationSNYPR supports X509 certificate authentication with a secure TLS/SSL connection.X509 is a public key infrastructure (PKI) standard used to manage digital certificatesand public-key encryption to secure web and email communication. When X509authentication is used, clients can authenticate to servers with certificates rather thanwith a user name and password.

Before You BeginBefore you enable X509 Authentication, you must create an new SystemAdministrator user with the common access card (CAC) certificate name. The CAC isused for the standard identification of active duty uniformed service personnel,Selected Reserve, Department of Defense (DoD)civilian employees, and eligiblecontractor personnel. It is also used to enable physical access to buildings andcontrolled spaces, such as the DoD computer networks and systems.

To setup an administrative user with X509 Authentication, do the following:

1. Log in to SNYPR as an Administrator.

2. Navigate to Menu > Administration > Access Control.

3. Click + to create a new admin user.

4. Complete the following information in the Enter User Information section:


Settings


Settings

a. Username

Note: Do not edit the default SNYPR user name, as it is a super user in the

SNYPR application.

b. Password

c. First Name

d. Last Name

e. Email

f. Phone Number

g. Badge Background Color

h. Enabled?

i. Password Change Required

5. Enable ROLE_ADMIN to assign administrative privileges to the user name.


7. Enable multiple users by assigning them to the same group. Groups may also be

used for incident assignment and response.Users will be assigned with roles of


Settings

groups

See Access Control for complete details about creating users.

Enable X509 AuthenticationTo enable X509 Authentication, do the following:


2. Click X509 Authentication from the left pane.

3. Set Enable X509 Authentication to YES.

4. Click Save.

Once you click Save, a pop-up warning box will appear.


Settings

Click Yes in the pop-up to restart the application and apply your updated changes.

5. Stop the application: bin/securonix.sh stop

6. Copy the CA certificates you have to any folder.

7. Add the CA certificates to the truststore file as trusted certificates. By default,

securonixKeyStore is the truststorefile.

Example:

l /home/securonix/securonix50/Java/jre/bin/keytool -importcert -key-store

l /home/securonix/securonix50/Tomcat/conf/securonixKeyStore -trust-cacerts -alias

l pivkeydeviceca -file /usr/local/share/ca-certificates/pivkeydeviceca.crt

8. Start the application: bin/securonix.sh start

9. Navigate to the web browser and clear its cache.

10. Enter the application URL and refresh. The web browser shows a certificate


Settings

prompting the user to accept the certificate. You may have to accept the certificate

twice in Internet Explorer.

11. Enter the CAC card pin after the certificate is accepted. Upon successful validation

of the CAC card pin and the certificate, the user is logged in with administrative

privileges without the need for a user name or password.

You can also disable the X509 Authentication. To disable the X509 authentication,follow the steps below:

Note: Only a CAC card user with admin privileges can disable X509 authentication


2. Click X509 Authentication from the left-side panel.

Note: Ensure you have read/write permissions to server.xml.

3. Set Enable X509 Authentication to NO.

4. Click Save. A dialog box appears with the message to restart the application upon


Settings

disabling the X509 Authentication.

5. Stop the Securonix Enterprise applicaton: bin/securonix.sh stop.

6. Start the Securonix Enterprise applicaton: bin/securonix.sh start.

7. Navigate to the web browser and clear its cache.

8. Enter the application URL and refresh.

The user can now log in with the user name and password.


Settings

Schedule Housekeeping JobsUse this screen to schedule housekeeping jobs to clean data from the application aftera specified number of days.

To schedule housekeeping jobs, do the following:

1. Navigate to Menu > Administration> Settings.

2. Click Housekeeping Jobs from the left pane.

3. Click Schedule Housekeeping Job.

4. Click the radio button next to the job you want to run.


Settings

5. Provide a value in the Remove all data from X days prior to today’s date text-box.


7. Provide the following information in the Job Details section:

a. Job Name: By default, the job name will auto-populate. You can enter a new jobname if you choose so.


Settings

b. (Optional) Job Description: Enter a description for the job.

c. Enable Job Related Notifications: Set to YES to enable job related notifications.

This will display 3 additional sections, including:

l On Success

l On Failure

l On Completed with Errors

Click the Select Email Template to Use for Sending Notifications drop-down, in either 3 sections, and select one of the following options:

l Create New Email Template


Settings

l Job Status

d. Complete the required information.

8. Click Run.


Settings

Types of Jobs

Job Name Description RecommendedSchedule

User Import History

Every time a user import is fired, the

SNYPR application stores the history of the

number of new users, deleted users,

updated users, etc. This job clears this table

based on the input days.

Example: Query fired: DELETE

FROM Userimporthistory WHERE

importdate<Thu Sep 05 15:24:35

IST 2013

90 days

Access/Activity/User

Import Errors

Clears the errors recorded while running

Access/Activity/User imports.


FROM Resourceimporterrors

WHERE lastupdated<Sat Dec 14

15:30:30 IST 2013

30 days

Risk Score Card

History

Clears the risk score card history data.


FROM Riskscorecardhistory WHERE

generatedtime<Thu Nov 14

15:36:51 IST 2013

180 days

Policy Violations Clears the policy violation data. 90 days


Settings


Auditing

Clears the audit history.

Example: Query Fired: DELETE

FROM Sysaudit WHERE logtime<Sat

Dec 14 15:57:46 IST 2013

180 days

Activity User IP

Mapping

Clears the activity user IP mapping that is

maintained for IP address attribution.

Example: Query Fired: DELETE

FROM Activityuseripmapping

WHERE lastupdate<Sat May 03

16:03:11 IST 2014

90 days

Completed Jobs

Clears the completed jobs.


FROM QuartzCustomFiredTriggers

qcft WHERE qcft.startTime <= Sat

May 03 16:38:43 IST 2014 and

qcft.status in

('Completed','Completed with

errors')

90 days


Settings


Failed Jobs

Clears the failed jobs.


FROM QuartzCustomFiredTriggers

qcft WHERE qcft.startTime < Sat

May 03 16:41:10 IST 2014and

qcft.status in ('Failed')

90 days

Clean Files

Clear the files in success folder and failed

folder on the system.

l Inputs: folder path(s): List of commaseparated folder path (updated tosupport securonix_home).

l File name: File name or regex patternof the files to be deleted from abovepaths.

l No. of days: File modified before thisnumber of days.

l Include sub folders: Scans the subfolders for previously listed jobs.

l Remove non empty files: Deletesfiles with data. (This should be set totrue by default.)

Varies on file

volume per day

(30 days)


Settings

Configure SAML Settings

To configure the SAML settings, do the following:


2. Click SAML Settings from the left pane.

3. Complete the following information in the KeyStore Details section:

a. KeyStore File Name: Provide a key store file name.

b. Key Store Password: Provide a key store password.

c. Alias Name: Provide an alias name.

d. Alias Password: Provide an alias password.


Settings

4. Complete the following information in the Service Provider Details section:

a. Entity ID: The Entity ID is a unique identifier for an identity or service provider.This value is included in the generated metadata.

b. Entity Base URL: Base to generate URLs for this server. For example:https://myServer:443/saml-app. Enter the public address from which yourserver will be accessed.

c. Entity Alias: The Alias is an internal mechanism that allows the application to

collocate multiple service providers on one server. The alias entity must be

unique.


Settings

Note: You can download the SPmetadata (sp.xml) file from

{SNYPRURL}/Snypr/saml/metadata/alias/{entityalias}. You have to replace

the entityalias with the value specified in the Entity Alias setting. For

example, the URL is {SNYPR URL}/Snypr/saml/metadata/alias/10.0.0.81 in

this scenario.

d. Include IDP Discovery: Select this option to include identity provider discoveryin the metadata.

e. SSO Bindings: Select the bindings to use for SSO, which include Post, PAOS,and Artifact. The binding, in general, determine how an SAML request andresponse map to protocols for messaging and communication.

f. Security Profile: From the dropdown list, select the option you want to use for

trust of signature, encryption, and SSL/TLS credentials. The Metadata

Interoperability profile is the default.

g. Sign metadata: Select this option to digitally sign the generated metadata with

the specified signature key.

h. Sign sent AuthNRequests: If selected, the generated metadata is digitally

signed using the specified signature key.

i. Require signed authentication Assertion: If selected, the generated metadata is

digitally signed using the specified signature key.

j. Require signed LogoutRequest: If selected, the generated metadata request is

digitally signed for logout requests using the specified signature key.

k. Require signed LogoutResponse: If selected, the generated metadata request is

digitally signed for logout responses using the specified signature key.

l. Require signed ArtifactResolve: If selected, the generated metadata request is

digitally signed for artifact resolution using the specified signature key.


Settings

a. SAML Assertion Attributes: Provides the following SAML settings:

i. Enable Advanced SAML Configuration: If set to YES, it allows you toselect the attributes that are sent in SAML assertion. The identityprovider sends SAML assertion that has user authorization to the serviceprovider.

ii. Do you want to create user if user is not found in Securonix: If set toYES and the user does not exist in the system, SAML creates the user

and authenticate.

Warning: When the Role and Group are retrieved from the SAML

assertion, you must create same role and group in SNYPR as in the

SAML assertion. This will ensure only that user get access to specific

role and group in the SNYPR application.

Note: When this settings is enabled, you have to map all the

mandatory attributes with the attributes created in Identity Provider.

The mandatory attributes are Firstname, Rolename, AdminFlag, Email,

and Lastname.


Settings

Note: When you have not configured to retrieve group information

from the SAML assertion, then you have to create a group name same

as the role name for the authenticated user.

iii. Map the attributes with the attributes created in Identity Provider.

5. Click Save to save the IDP metadata.


Settings

Configure SMTP Server SettingsThe Simple Mail Transfer Protocol (SMTP) settings allow you to add or edit a mailserver. SNYPR uses the mail server for the following purposes:

l Send email notifications on a violation

l Send job success/failure notifications

l Send email notifications on user life cycle changes (new, updated, and terminatedusers)

l Send notification emails for case-related issues

l Receive emails when comments are added to existing cases

This section includes step-by-step instructions to add or edit a mail server withinSNYPR.

To edit an existing SMTP server or add a new SMTP server, do the following:


2. Click SMTP Server Settings from the left pane.

3. Do the following, depending on what action you want to take:


Settings

I want to add a new mail server

a. Click Add New Mail Server at the top of the page.

b. Complete the following information in the General Settings section of the pop-up:


Settings


Settings

1. Mail Box Name: Specify the outgoing mail server's host name.

2. Host: Specify the outgoing mail server's host name.

3. Port: Specify the outgoing mail server's port number.

4. (Optional) From Email: Specify the sender's name.

5. (Optional) SSL Enabled?: This field has two settings, including:

l YES: Sends information securely over the Internet using SSL.

l NO: Disables SSL.

6. (Optional) Authentication Required: This field has two settings, including:

l YES: Requires authentication.

l NO: Doesn't require authentication.

7. Username: This option only displays if Authentication Required is set toYES. Specify the account username on mail server.

8. Password: This option only displays if Authentication Required is set toYES. Specify the account password on mail server.

c. Complete the following information in theMore Settings section:


Settings

1. Font name: By default the font name is set to Arial. To change the font name

for mail content, click the drop-down and select the font you want.

2. Font size: By default the font size is set to 2. To change the font size, enter a

numeric value to represent the size you want.


Settings

3. Batch size: By default the batch size is set to 25. To change the batch size,

enter the number of email notifications that you want to be sent in a batch.

4. Interval: By default the interval is set to 10 seconds. To change the interval,

enter a numeric value.

5. Process In Batch: This field has two options, including:

l YES: This is the default setting that enables you to send email noti-fications in batches.

l NO: Set to NO if you don't want to send email notifications in batches.

6. Stop When Done: This field has two options, including:

l YES: This is the default setting that enables you to stop sending emailnotifications when all of the messages in queue are completed

l NO: If you don't want to stop sending email notifications when all of themessages in queue are completed, choose this option.

d. (Optional) There are two buttons at the bottom of the screen that give you the

option to save and send a test email or test the server. Do the following,depending on what action you want to perform:

I want to save and send a test email

1. Click Save And Send Test Email at the bottom of the screen.

2. Complete the following information in the Send Test Email pop-up:


Settings

a. To: You can specify multiple email addresses separated by a comma (,).

Example: [email protected],[email protected]

3. Click Send.


Settings

4. Continue to the next step.

I want to test the server

1. Click Test Server. You will be redirected to the SMTP Server Settings page.

2. Continue to the next step.

e. Continue to the next step.

I want to edit a mail server

The SMTP Server Settings screen will be auto-populated if you already have anexisting mail server, as seen below. You can edit any information on this screen atanytime. When you enter new information, click Save at the bottom of the screento save your changes.


Settings

4. Click Save to save your information.


Settings

Configure Spotter SettingsTo configure your Spotter settings, do the following:


2. Select Spotter Settings from the left pane.

3. Complete the following information:


Settings

a. Maximum Allowed Days For Archival Query: Enter the maximum number of

days allowed for index = archive query.

b. Maximum Docs Per Query: Enter the maximum number of solr documents to

retrieve for the query.

c. Maximum Jobs: Enter the maximum number of jobs that can run

simultaneously.

d. Maximum Parallel Archival Queries: Enter the maximum number of Archival

queries that can run simultaneously.

e. Maximum Parallel Data Insights Queries: Enter the maximum number of Data


Settings

Insights queries that can run simultaneously.

f. Maximum Parallel SCC Queries: Enter the maximum number of SCC queries

that can run simultaneously.

g. Lucene Interval: Enter the time interval required to cleanup lucene data.

h. Lucene Time To Live: Time to live data in lucene folder.

i. Maximum Queries Per User: Enter the maximum number of queries that can

be run per user.

j. Page Size: Enter the pagesize to fetch results from solr for each batch.

k. Continue Next Batch: Enable this flag to continue next batch once Maximum

Docs Per Query reached.

l. Maximum Chartpoints: Enter the maximum chart points display for the

Commands like Barchart, Timechart, etc.

m. Maximum RAM usage: Enter the maximum RAM usage required range from 0

to 100 percent.

n. Maximum Disk usage: Enter the maximum Disk usage required range from 0 to

100 percent.

o. Maximum Users In Cache: Enter the maximum number of user in cache.

p. Default Time To Pause Job: Enter the default time to pause job.

q. Use Default Window For Available Datasource: Enable this flag to use default

window when clicked on a datasource from spotter summary tab.

r. Default window To Query For Datasource: Select default time window for

available datasource query.

s. Default Time To Query For Datasource: Enter the default time for available

datasource query in minutes,hours,days and etc.


Settings

t. Use Default Window For Available Violation: Enable this to use default

window when clicked on a violation from spotter summary tab.

u. Default Window To Query For Violations: Select default window time for

available violation query.

v. Default Time To Query For Violations: Enter the number of default time to

query for available violation in minutes,hours,days and etc.

w. Allowed Facet Fields: Enter the number of allowed facet field in query.

x. Allowed Facet Fields For Commands: Enter the maximum number of facet

fields allowed to Command query.

y. Leftside Maximum Collections: Enter the maximum collections to query for the

left panel attribute on click.

z. Maximum Time Allowed: Enter the maximum time allowed for Spotter queries

to wait for response.

aa. Maximum number of buckets: Enter the max no of aggregated result.

ab. MinimumWord Count For Terms Parser: Minimum number of query terms

required to switch the underlying Solr traditional query parsing to terms query

parsing for large IN queries. Set to -1 for disabling.

ac. Default Query Facet Attributes: Default facet attributes for the left panel on

click.


Settings

ad. Facet Level Pageinfo: Control the limits of number of unique records to befetched for each level for aggregated commands. Use -1 to fetch all records.

4. Click Save.


Settings

Configure UI PreferencesThe UI Preferences settings let you customize the text that appears on theSNYPR log in screen, as seen in the following image:

To customize the text that appears on the log in screen, do the following:


2. Click UI Preferences from the left pane.


Settings

3. Enter text in the text-box, then click Save.

To see your changes, log out of the application then visit the log in screen.


Settings

Upload CRP/CFP ContentTo upload CRP/CFP content, do the following:


2. Select CRP/CFP Content Upload from the left pane.

3. Click Click here to create SecuronixDB Connection.

4. Click + in the top left of the screen. The following options are available:


Settings

l Add New Connection

l Upload File

l Download Files

l Register connectors

5. Do the following, depending on the option you selected in the step above:

Add New Connection

a. Complete the following information:


Settings

1. Connection Name: Provide a name to uniquely identify this connection.

2. Connection Type for: Select the type of connection.

3. Connection Type: Select the type of data you will use this connection for.

b. Click Save.

Upload File



Settings

1. File

2. Remote Connection

3. Host IP Address


Settings

4. Port Number

5. Username

6. Password

7. Destination directory

b. Click Upload.

Download Files



Settings

1. Remote Connection Type

2. Host IP Address

3. Port Number


Settings

4. Username

5. Password

6. Source Directory

7. File Name

b. Click Download.

Register Connectors


1. Connector Type: Select the source from which to import data. You canimport data from a delimited file (csv, pipe delimited etc), Active Directory orany other listed sources.

2. Connector description: Enter connector description.

3. Connector Class: Enter connector class.

4. Import Type: Click the drop-down and select an import type.

5. Enable Connector: Enable to make connection visible.

b. (Optional) To edit a connectors information, scroll down the screen and clickthe edit icon (pencil icon) in the Actions column.


Settings

Click Save once you’ve made your modifications.


Access Control

Access ControlAccess control is used to provision access for authorized SNYPR users to selectedscreens and resources based on their role or job function. Users are only allowed toaccess the resources necessary to perform their job responsibilities. In addition, auser's access can be limited to specific tasks such as the ability to create or modify afile.

As a result, lower-level employees are restricted from accessing sensitive data becausethey don't need to do so to fulfill their responsibilities. This is especially helpful if youhave a large company with many employees or use third-parties that make it difficultto closely monitor access.

Before You BeginBefore setting up access control, determine the roles and capabilities to assign to eachrole. Then decide which users should be assigned to each role.

To set up access control, you will complete the following steps:

1. Create Roles and assign capabilities to Roles.

2. Create Users and assign them Roles.

3. (Optional) Create Groups and assign Users to Groups.


Access Control

Note: Security groups make it easier to manage users by allowing bulk actions.

Permissions assigned to groups are inherited by all members within the group


Access Control

Create RolesRoles control who has access to specific modules in SNYPR. Roles can have can havemultiple capabilities. Roles with meaningful names (for example: auditors, securityoperations, forensics, investigator, etc.) make it easier to perform access control.

To view a list of default roles in SNYPR, see Roles.

To create a role, do the following:


2. ClickManage Roles from the left pane.

3. Click +, just to the left of the search criteria bar.

4. Provide the following information:


Access Control

a. Role Name: Enter a unique name for the role.

b. (Optional) Description: Enter a brief description about the purpose and priv-ileges that will be granted for the role.

c. Privileges: Click the drop-down and select the modules of the user interface

(UI) to which you want the role to have access:

Note: Privileges are granted by module and screen of the module. For

example, you can grant a role access to view the list of resource types

ingested in SNYPR, select Views > /resource/listResourceTypes.

a. Dashboard

b. View

c. Add Data

d. Analytics

e. Reports

f. Third Party Intelligence

g. Other

h. Geolocation

i. Investigation Workbench


Access Control

j. Spotter

k. Security Command Center

l. Operations Center

m. Approval Workflow

n. Spotter Web Services

5. Click the screen(s) you want to assign to users and move them to the right box byclicking the right arrow (>).

Tip:

To select multiple screens at once, use the following methods:

1. Click and drag

2. Click a screen, hold the Ctrl key down, then select additional modules.

6. Click Save.

Types of RolesThe following table displays the typical roles included in SNYPR:


Access Control

Role Main Task

Access Certifier

Certify user access privileges

l Can log in and view the risky entitlementsfor the users who report to themanager/certifier

l Has access to specific SecurityDashboards (Access Review Categoryonly)

Access Scanner

Detect user access privilege outliers

l Is a role typically assigned to usersrunning access outliers and on-boardingaccess entitlements into the applicationand limits access within the applicationto only access-related screens andaccess-related resource groups

l Has screen access configured by theadmin

Admin

Configure the application

l Has highest level of access available

l Has ability to add/ delete data in the

application

l Has ability to create/ modify/delete jobs

l Has ability to create / modify/delete users,roles, and groups

l Has ability to control access to theapplication

l Has ability to encrypt/mask data


Access Control

Role Main Task

Auditor

Monitor the SNYPR application health

l Has ability to access the administrativedashboard to review all operational/ITmetrics about events and data sources inthe systems

Business Unit Manager

Monitor risk profile for business units

l Allows business unit managers to log in tothe application and review the risk profileassociated to the users within theirbusiness units

l Is not typically given admin privileges andis unable to add or remove data within theapplication

Case Analyst

View and Manage Cases

l Has access to the incident dashboard

l Has ability to review and work on cases

l Is unable to configure any jobs or importdata into the application

Hunters

Hunt team

l Has access to security dashboards

l Has ability to drill-down and investigateincidents using tools such as theInvestigation Workbench for data linkanalysis


Access Control

Role Main Task

License Manager

Manage application licensing

l Has access only to the license screen tore-register license details and validatelicenses

l Is unable to access any other screen orview data for the user

Operations Team

End-to-end monitoring of the application

l Has ability to view the health andoperation of the application from end-to-end

l Has ability to ensure data imports werescheduled correctly, activity imports andscheduled jobs ran properly

l Has ability to modify the settings to

ensure the end-to-end flow is working

Privacy Master

View unmasked PII (Personally Identifiable

Information) data

l Has the ability to view unmasked PII datawithin the application when data masking

is enabled

l Has access only to certain screenscontrolled by the admin (typical screensareManage Users and High-Risk Users)

l Is not typically given access to view theunderlying data that caused violations


Access Control

Role Main Task

System Owner

Manage risk posture by application

l Allows application owners to view the riskprofile for all users of the application

l Is typically given admin privileges to theapplication for which they are the owners

l Has screen access configurable from theUI

User Admin

Manage applications

l Is a role assigned to application admins

l Can be configured if users need somesuper user privileges but not all adminprivileges

l Has screen access configurable from the

UI


Access Control

Create UsersUsers, in the context of Access Control, refers to all users interacting with the SNYPRapplication. This can be:

l Systems administrators responsible for the maintaining the platform

l Analysts responsible for managing threats

l Content developers responsible for developing use cases

l Compliance officers responsible for ensuring compliance with regulations likeGDPR

When you use access control to create a user, you will grant them permissions, whichwill determine what they can and cannot do in SNYPR.

To create a user, do the following:


2. ClickManage Users from the left pane.



Access Control

4. Provide the following user information:

a. User Name

b. Password

c. Re-Enter Password

d. First Name

e. Last Name


Access Control

f. (Optional) Badge Background Color: Click and choose a background color forbadges showing active users.

g. (Optional) Enabled?: Toggle to YES if you want to enable the user.

5. Click Save and Next.

6. Set the sliders to YES to assign the user to a role.

7. (Optional) Set the slider to YES to assign the user to a group.

Note: You must enable at least one group to continue to step 4: Assign

Notifications.

8. (Optional) To create a new group, do the following:


Access Control

a. Click Add New Group.

b. Provide the following information:

l Name: Enter the name for the group.

l (Optional) Type: Choose None or Administrator.

l Email: Enter the group email address.

c. Click Save to save the new groups information.


10. Assign notifications to users to grant access notifications.


Access Control

11. Click Save.

The user you created will display on the Access Control screen as seen in the imagebelow.


Access Control

Create GroupsA group is a collection of individual users who share a set of permissions. For example,a group called "Admins", are assigned permissions such as creating new users,changing passwords, and configuring application settings. Any user added to thatgroup will automatically inherit all the rights that are assigned to the group.

The permissions of the group are determined by the roles assigned to the group.Creating groups can be viewed as a shortcut to assigning roles to users: rather thanassigning each role individually to each user, you can assign all the roles to a groupand add the user to the group.

Groups also provide greater control over data-level access through the GranularAccess Control feature.

To create a group, do the following:


2. ClickManage Groups from the left pane.



Access Control

4. Provide the following group details:

a. Name: Enter a descriptive name for the group.

b. Type: Select a group type from the drop-down:

l None

l Administrator

c. Email: Specify the group email address.

d. Parent Group: Search to select a Parent Group from existing groups.



Access Control

6. (Optional) You can select one or both of the following options:

Add a user

To add a user, do the following:

a. Click Add User(s).

b. Check the box next to the users you want to add to the group.

c. Click Add Selected User(s).

Remove a user

To remove a user, do the following:


Access Control

a. Check the box next to the users you want to remove from the group.

b. Click Remove User(s).


8. Set the sliders to YES for the roles you want to assign the group to.

9. Assign notifications to groups by enabling the Role Name.


Access Control

10. Click Save.


Access Control

Manage Users, Roles, and GroupsYou can edit the settings for users, roles, and groups using the icons on the AccessControl screen.

Action IconsThe Access Control screen (Menu > Administration > Access Control) uses almost allthe same icons and functionality to edit users, roles, and groups. Use the table belowto learn what each icon does.

Icon Description

Edits the user, role, or group.

Deletes the user, role, or group.

Note: You cannot delete or disable the Admin user.

Changes password for the user.

Note: This option is only available for users.

Note: SNYPR gives users with the role, ROLE_PRIVACYMASTER, the ability to

unmask (not unencrypted) masked data. When creating users and groups, enable the

role, ROLE_PRIVACYMASTER, to use this feature.


Access Control

Enable Granular Access ControlGranular access control is used to restrict access for users at a data level. Whengranular access control is enabled, SNYPR users will only see the users, resources,policies, and threat models to which they have been granted access.

Before You BeginBefore enabling Granular Access Control, you will need to do the following:

l Create Users

l Create Roles

l Create Groups

To enable granular access for a group, do the following:


2. Click Granular Access Control from the left pane.

3. Set Enable Data level Access Control to YES.


Access Control

4. Click the drop-down and select a sec group to view tenant configurations:


Access Control

5. (Optional) You can edit the access configurations on this step. Do the following toadd access configurations:


Access Control

a. Click Add to modify access configurations for the selected Sec group.

You will be directed to the configuration screen.

b. Set Show only correlated data to YES to enable a flag to see both correlatedand uncorrelated data.

c. SetWhat users you want to grant access to? to YES to select which users the

group will be allowed to view and provide the following information:

l Search by

l Search condition

l Provide value

l Select operator

d. SetWhat resources you want to gran access to? to YES.

e. Check the box next to the resource(s) you want the group to be able to view.


Access Control

Tip: Quickly search for the resource you want by typing in the Type To Filter

search bar.

f. SetWhat policy categories you want to grant access to? to YES.

g. Check the box next to the policy categories you want the group to be able to

view.


Access Control

h. SetWhat threat models you want to grant access to? to YES.

i. Check the box next to the threat model(s) you want the group to be able to

view.

j. SetWhat sandbox policy categories you want to grant access to? to YES.


Access Control

k. Check the box next to the categories you want to be accessible.

l. Click Save Configuration at the bottom of the screen.

Your changes will display on the Granular Access Control screen.


Access Control

Enable Password ControlFor additional access control, you can enable password control options.

To enable password control, do the following:

1. Navigate to Menu > Administrator > Access Control.

2. Click Password Control from the left pane.

3. Set Enable Password Control? to YES.

4. Provide the following information for each parameter:


Access Control

a. Minimum Length: The minimum number of characters used in a password.

b. Maximum Length: The maximum number of characters used in a password.

c. Minimum Upper Case Letters: The minimum number of upper case lettersrequired in a password.

d. Minimum Lower Case Letters: The minimum number of lower case lettersrequired in a password.

e. (Optional) Numbers Allowed?: By default, numbers are allowed in passwords.Set to NO to disallow numbers in passwords.

f. Minimum Numbers: The minimum count of numbers required in a password.

g. (Optional) Special Characters Allowed?: This option only appears if NumbersAllowed? is set to YES. By default, special characters are allowed in a password.Toggle to NO to disallow special characters in a password.

h. Lock after 'n' login failures: The number of login attempts that will result inaccount lockout.

i. (Optional) Password never expires?: Set to YES to have passwords be non-expiring. If set to YES, the Password expiration period and Remainder Interval(Days) settings disappear.

j. Password expiration period: Enter the number of days before a passwordchange is required.

k. Reminder Interval (Days): Set the number of days for the password expiry

notification.


Access Control

Note: Administrators can restrict users from reusing their previous pass-

words by setting the Minimum Reuse Count property from backend.

5. Click Save.


Connection Types

Connection TypesFrom the Connection Types screen, you can create and manage connections to third-party tools, and upload files to or download files from the SNYPR directory, andregister and edit existing connectors for data import.

Filter ComponentsFrom the Connection Types screen, you can perform basic or advanced filtering onconnection types. When you do a basic filter, you can enter filter criteria in the textbox to narrow down your search.

When you do advanced filtering, a drop-down will display that allows you to choose aConnection Name, Connection Type for, or a Connection Type. Once you havechosen from the drop-down, you can type filter criteria in the text box, then clickSearch to view the results.


Connection Types


Connection Types

Add a NewConnectionTo add a new connection type, do the following:

1. Navigate to Menu > Administration > Connection Types.

2. Click + from the left pane, then select Add New Connection.

3. Provide a name to identity the connection.

4. Click the Connection Type for drop-down and select from one of the followingoptions:

l "Add a New Connection" above: Create a connection to export SNYPR violationevents as CEF to third-party tools including RSA Archer and RSA Netwitness.

This option appears on the Actions for Violations screen when creatingPolicy Violations.

l "Add a New Connection" above: Create a connection to the Threat ModelExchange database from which you can import new threat models and exportthreat models you created.

l "Add a New Connection" above: Create connections to take actions on viol-ations using Playbooks, including export violations as CEF, to a database, to aremote server as a file, to a NPP (Nitro) tool, or to a syslog server.


Connection Types

l "Add a New Connection" on the previous page: Create a connection to AWS tosend archival data.

Note: The connections you can create may vary depending on your license.

5. Click the Connection Type drop-down and select from one of the followingoptions:

l CEF Format

l IBM Resilient

l RSA Archer CEF Format

l RSA Netwitness CEF Format

l Database

Note: These options will vary depending on your selection in the Connection

Type for drop-down.

6. Do the following information, depending on what you selected in the previous step:


Connection Types

CEF

a. Complete the following Connection Details:

l Protocol: Enter the protocol.

l Host:Replace <hostname> with the appropriate network address/domain name.

l Port: Replace <port> with port the number.

l Generate Token?: This creates a user called, siemuser, and a role called, ROLE_siemrole, under Administration >Access Control. It also creates a token thatcan be used to access the Securonix application from ArcSight ESM. You cancreate a device URL in ArcSight ESM using following URL:

https://<hostname>:<port>/Snypr/manageData/showUserSearch?to

ken=${generated-token}&accountid=${destinationUserName}

IBM Resilient



Connection Types

l IBM Resilient url

l IBM Resilient username

l IBM Resilient password

RSA Archer CEF Format



Connection Types


l Host:Replace <hostname> with the appropriate network address/domainname.


l Generate Token?: This creates a user called, siemuser, and a role called,

ROLE_siemrole, under Administration >Access Control. It also creates a

token that can be used to access the Securonix application from ArcSight

ESM.

RSA Netwitness CEF Format



Connection Types




l Generate Token?: This creates a user called, siemuser, and a role called,

ROLE_siemrole, under Administration >Access Control. It also creates a

token that can be used to access the Securonix application from ArcSight

ESM.

Database



Connection Types

l Database Type: Select the database type from the dropdown.Example: MySQL.

l JDBC URL: Specify the JDBC URL.

l Driver Class: Specify the driver class.

l Database Username: Specify the username.

l Database Password: Specify the password.

b. Click Test Connection to ensure connection is successful.

File



Connection Types

l Import from Remote Server?

l Remote Connection Type

l Host IP Address

l Port Number

l Username

l Password

l Source Directory

l Proxy Server: This is a server that all computers on the local network haveto go through before accessing information on the Internet.

o Proxy Server URL

o Proxy Server Username


Connection Types

o Proxy Server Password

l Test Remote Connection

NPP (Nitro)


l Nitro Receiver Host: Provide the host URL of the Nitro receiver.

l Nitro Receiver Port: Provide the port for the Nitro receiver.

l Source IP Address: Provide the IP Address of the SNYPR application.

Note: You must first create a device type for SNYPR on McAfee

ESM with the application IP address to use this feature.

b. Complete the following information in theMore Settings section:


Connection Types

l Version

l Type

l Flow

l Protocol

l Retry Interval (In Seconds)

l Retry Interval

l Generate Token?

Syslog



Connection Types




l Facility: Select an option from the drop-down.

AWS



Connection Types

l Access Key: Enter an alphanumeric text string that uniquely identifies the

user who owns the account.

l Secret Key: Enter a string of characters that you use to calculate the digital

signature that you include in the request.

l S3 Bucket: Enter a name where logs are archived.

l Source Folder: Enter the complete path to the directory where this file is

located.

l Success Folder: Enter the complete path to the directory where this file

must be moved once the import is completed successfully.

l Failed Folder: Enter the complete path to the directory where this file must

be moved if the import job fails to complete.

l Incremental Field: Enable it to allow incremental update.

l Prefix: Specify the path within the bucket from which logs must be


Connection Types

extracted. You can use this to limit the response to folders that begin with

the specified prefix.

7. Click Save.

The new Connection Type becomes available in the left pane, allowing you to edit ordelete connections.


Connection Types

Manage Connection TypesThe Connection Types screen (Menu > Administration > Connection Types) hasicons that help filter your connection types.

Action IconsUse the table below to learn what each icon does.

Icon Description

Filter: Click this icon to perform a basic

filter for your connection types. A text box

will display where you can type information

to filter your results.


Connection Types

Icon Description

Advanced Options: Click this icon to access

the advanced filter options. From here, you

can choose a connection name from the

drop-down.


Connection Types

Download FilesUse the this function to download files from SNYPR directories to remote FTP, SFTP,or SCP remote host.

Example: Download a properties file from

"securonix/tenants/<tenantname>/securonix_home/response/activedirectory" to edit

connection details.

To download a file, do the following:


2. Click + from the left pane, then select Download File.



Connection Types

a. Remote Connection Type: Click the drop-down and select a remote connectiontype.

b. Host IP Address: Select the Host IP address to which to download the file.

c. Port Number: Provide the port number. Default: 21 of the host IP address.

d. (Optional) Username: Provide the username for the server.

e. (Optional) Password: Provide the password for the server.

f. Source directory: Provide the source directory from which to download the

file.

Example: securonix/tenants/<tenantname>/securonix_

home/response/activedirectory.

g. File Name: Provide the file name to download.

4. Click Download.


Connection Types

Upload FilesUpload files from an FTP, SFPT, or SCP host into your Securonix_home directory. Forexample, you can add data files to your "$securonix_home/import/in" folder to importfrom Add Data > Activity.

To upload a file, do the following:


2. Click + from the left pane, then select Upload File.



Connection Types

a. File: Specify the file name and path or click Browse to select from local machine.

b. Remote Connection Type: Click the drop-down and select a remote connectiontype.

c. Host IP Address: Select the Host IP address from which to upload the file.

d. Port Number: Provide the port number. Default: 21 of the host IP address.

e. (Optional) Username: Provide the username for the server.

f. (Optional) Password: Provide the password for the server.

g. (Optional) Destination directory: Provide the destination directory into which

to upload the file.

Example: securonix/tenants/<tenantname>/securonix_home/import/in.

4. Click Upload.


Connection Types

Register ConnectorsYou can register a new connection in SNYPR to import data, or edit details aboutexisting connections.

Note: To import data, use the Add Data module of the Main Menu.

To register connectors, do the following:


2. Click + from the left pane, then select Register connectors.



Connection Types

a. Connector Type: Select the source from which to import data. You can importdata from a delimited file (csv, pipe delimited etc), Active Directory or any otherlisted sources.

b. (Optional) Connector description: Enter connector description.

c. Connector Class: Enter the connector class.

d. Import Type: Click the drop-down and select an import type.

e. (Optional) Enable Connector: Enable to make connection available for SNYPR.

Note: By default, the class files for connectors are present in the folder [Custom

Location]/webapps/Snypr/WEB-INF/classes.

4. Click Save.

Towards the bottom of the screen, you can view the list of connectors available inSNYPR. To edit default connectors, click the edit icon and complete the stepsdescribed above.


Connection Types


Email Templates

Email TemplatesEmail templates are used by administrators to send standardized responses andnotifications via email. You can customize your own or use a default email template tobuild a notification email that best suits the needs of your organization. You can alsoadd variables, which allow you to personalize these communications and includeadditional relevant information.


Email Templates

Create an Email TemplateYou can create new email templates to use in place of default templates for each typeof activity in SNYPR.

Note: You will only be able to create templates for activity within modules that are

already configured to send notifications.

To create an email template from the Email Templates screen, do the following:

1. Navigate to Menu > Administration > Email Templates.

2. Click + from the left pane, then select Create New Email Template.



Email Templates

a. Sender Name: Enter the name of the sender.

b. Template Name: Enter a unique name for the template.

c. (Optional) Description: Enter a description of the template.

d. To: Enter the email address of the recipient.

e. From: This field will auto-populate with the sender address.


Email Templates

f. (Optional) CC: Enter email addresses of the carbon copy recipients separatedby commas.

g. (Optional) BCC: Enter email address of the blind carbon copy recipients sep-arated by commas.

h. (Optional) Subject: Enter a subject for the email template.

i. (Optional) HTML Enabled: Set to YES to enable HTML.

j. (Optional) Store in Outbox prior to sending?: Set to YES to store outgoing

messages in the outbox prior to sending.

Note: View the Outbox from the collapsed menu on the top navigation

menu.


Email Templates

k. Use this template for: Select a module for the template. The module you selectwill determine the variables that you can use in the email template. You willonly be able to use variables for the module you have selected.

l. (Optional) Email body: You can do one or both of the following:

Add Email Template Variables

1. Click Add Email Template Variables.

2. Check the box next to the variables you want to add.


Email Templates

3. Scroll to the bottom and click Add.

Enter and Format Text

1. Type what you want in the blank space and use the tools in the toolbar to

format the email body.

4. Click Save.


Email Templates

Edit Email TemplatesSNYPR provides out-of-the box email templates for different types of activity inSNYPR. This activity in is categorized by module. You can view templates for each typeof activity and customize them for your environment.

From the main Email Templates screen, a list of all the available templates is displayedby default. You can filter by module to view only the templates for activity within thatmodule. For example, click Job Failure to see only the templates for notificationsSNYPR sends in the event of a failed import job.

To edit an email template, do the following:

1. Navigate to Menu > Administration > Email Templates.

This screen displays the modules in the left pane and a variety of default templateson the right side.

Tip: To filter the list of available templates by module, click the module name in

the left panel.

2. Click the template name to edit the template.


Email Templates

The email template offers hover help for additional information on fields.

Example: For the To field for email, you can use commas to separate more than

one email address. The Email Body contains variables in the email text that are

contextual to the module. To learn more about a variable or add a new variable

for that specific module, click Add Email Template Variables.

The updated email template is used, for example, when an access certification job ispending a review.


Email Templates

3. Click Save.


Workflows

WorkflowsSNYPR provides several default workflows to handle incidents and case management.Workflows determine the actions case analysts can take during each stage of the casemanagement process.

You can create custom workflows to take specific actions on cases, or you can makechanges to the existing workflows. Workflows are invoked in the following screenswithin the application:

l Security Command Center (SCC): Workflows are invoked when an incident is cre-ated by an analyst for a policy or threat violation.

l Policy Violations: Workflows are invoked when a policy is configured to auto-matically generate an incident in the event of a violation.

Sample WorkflowThe diagram displays the following sample workflow:

1. The user begins the case workflow by creating a case from the Security CommandCenter.

2. The user takes action to claim the case, assign the case to another analyst, or closethe case.

3. The analyst to whom the case is assigned takes appropriate action to resolve the

case.

4. The case is closed or assigned to another analyst to re-verify the resolution, or theuser can reopen the closed case for further investigation. See Incident Managementin the SNYPR User Guide for more information about cases.


Workflows


Workflows

Example 1: Workflow for Investigation


Workflows

Example 2: Workflow for InvestigationWith 3 Strike Rule


Workflows

Create a NewWorkflowWhen you configure a workflow, you determine what actions a case analyst can takewhen an incident is created for a policy or threat violation.

Before You BeginThis section lists the minimum requirements necessary to configure workflows:

l Import User Data

l Configure Access Control to create users

l Configure Access Control to create roles

l Configure Access Control to create groups

To create a new workflow, do the following:

1. Navigate to Menu > Administration > Workflows.

2. Click the + from the left pane, then select Create New Workflow.

3. Complete the following information in the General Details section:


Workflows

a. Workflow Name: Enter a unique name for the workflow.

b. Default Assign To: Select one of the following options:

l Assign incident to selected Group: Click the drop-down to assign cases inthis workflow to a particular group.

l Assign incident to Selected User: Click the drop-down to assign cases inthis workflow to a particular user.

c. (Optional) Default Notification Email Template: Select one of the followingoptions from the drop-down list:

l Create a New Email Template

l Case Management


Workflows

l Case Assignment

l Case SLA Notification


5. Click Add Action to add an action for this step in the workflow.

Note: The Open case step for this workflow is already in place.


a. Action Name: Enter a unique name for the action.

b. (Optional) Assign To: Select assignees and use mouse to drag options into theorder in which the application will assign the case.

c. (Optional) Functions: Select functions and use mouse to drag into the order inwhich the application will process them. Available actions include:


Workflows

l Complete and Close: Mark as complete and close the case

l Update score for mitigation: Modify urgency of mitigation activities based

on results of investigation

l Update Score for Mitigation and Complete Case:

l Remove As Child Case:

l Claim: Claim the case for the current user

l Assign: Assign the case to a specific group or user

l Create JIRA issue: Create a ticket in an external ticketing site

l Update workflow: Modify the workflow for changes to the standard

operating procedure

d. (Optional) Action Tooltip Information: Enter information to show in tool tip.

e. (Optional) Action Icon: Click the drop-down and select an action icon.

f. (Optional) Change Case Status to: Select from drop-down.

g. (Optional) Change Incident Status to: Click the drop-down and select one ofthe following:

l Completed

l Open

h. (Optional) Show User Input Form?: Do the following, depending on what youset this field to:

YES

Setting this to YES will create an input screen that will be displayed to the user

when this action is taken during the case work flow.

1. Click Design New Screen to create a new input screen.

2. Provide a Screen Name.


Workflows

3. (Optional) Click Create New Section.

Enter a section name, then click Save.


Workflows

NO

1. Skip to the next step.

i. (Optional) SLA Configuration: Do the following, depending on what you set thisfield to:

YES



Workflows

a. Level: Enter a value for SLA level.

b. Duration Days: Enter a numeric value for duration in days.

c. Notification Email Template: Select from drop-down or Create New

Email Template.

d. Functions: Select from list.

e. +/-: Use to add/remove entries.

2. Click Save to save your changes.

NO

1. Skip to the next step.

7. (Optional) Do the following, depending on what action you want to take:

I want to add a step to the workflow

a. Click Add Workflow Step.


Workflows

b. Provide a Step Name in the text box.

c. Click Save to save your changes.

d. Add actions for this step in the workflow using step 6 above.


Workflows

I want to remove an action

a. Check the box next to the workflow action you want to delete.

b. Click Remove Action(s).

8. Click Finish.


Workflows

Edit a WorkflowThis section describes how you edit an existing workflow.

To edit a workflow, do the following:

1. Navigate to Menu > Administration > Workflows.

2. Click the workflow you want to edit from the left pane.


Spark Apps

Spark AppsAs described in the Data Flow section, each Spark application runs an independent setof executor processes. Within each Spark application, multiple tasks (Spark actions)may be running simultaneously (e.g. reads and performs computation on data, writesoutput data).

Spark App PropertiesThis section includes all default property values for each Spark App.

Spark App 1: Event Enrichment

Property Default Value

Name Event_Enrichment

Driver-Memory 1gb

Number of Executors 5

Executor Memory 1gb

Driver Cores 1

Executor Cores 1

Consumer Group Name RG-enrichment

Max rate per Partition (mrpp) 5

Job Duration 1s

Driver Memory Overhead 1024

Executor Memory Overhead 1024

Minimum Executors 1

Maximum Executors 20

Initial Executors 1

Component that executes tasks in Spark apps. See Spark Executor.


Spark Apps


Sustained Scheduler Backlog Timeout 60s

Executor Idle Timeout 300s


Spark Apps

Spark App 2: Event Ingestion


Job Name Event_Ingestion

Driver-Memory 1gb


Executor Memory 1gb

Driver Cores 1

Executor Cores 1

Consumer Group Name RG-ingestion


Job Duration 1s



Minimum Executors 1


Initial Executors 1



Spark App 3: Event Indexer


Job Name Event_Indexer

Driver-Memory 1gb



Spark Apps


Executor Memory 1gb

Driver Cores 1

Executor Cores 1

Consumer Group Name RG-indexer


Job Duration 1s



Minimum Executors 1


Initial Executors 1



Spark App 4: Behavior Analytics


Job Name Behavior_Analytics

Driver-Memory 1gb


Executor Memory 1gb

Driver Cores 1

Executor Cores 1

Consumer Group Name RG-behaviorsummary



Spark Apps


Job Duration 30



Minimum Executors 1


Initial Executors 1



Spark App 5: Individual Event Evaluator (IEE)


Job Name Policy_Engine_IEE

Driver-Memory 1gb


Executor Memory 1gb

Driver Cores 1

Executor Cores 1

Consumer Group Name RG-policy-iee


Job Duration 2s



Minimum Executors 1



Spark Apps


Initial Executors 1




Spark Apps

Spark App 6: Aggregated Event Evaluator (AEE)


Job Name Policy_Engine_AEE

Driver-Memory 1gb


Executor Memory 1gb

Driver Cores 1

Executor Cores 1

Job Duration 60s



Minimum Executors 1


Initial Executors 1



Spark App 7: Risk Generation


Job Name ThreatModel_RiskScoring_App

Driver-Memory 1gb


Executor Memory 1gb

Driver Cores 1


Spark Apps


Executor Cores 1

Consumer Group Name RG-riskgeneration


Job Duration 10s



Minimum Executors 1


Initial Executors 1



Spark App 8: Analyzer


Job Name Analytics_App

Driver-Memory 1gb


Executor Memory 1gb

Driver Cores 1

Executor Cores 1

Consumer Group Name RG-analytics


Job Duration 10s



Spark Apps



Minimum Executors 1


Initial Executors 1




Spark Apps

Spark App 9: Behavior Profiling


Job Name Behavior_Profile

Driver-Memory 1gb


Executor Memory 1gb

Driver Cores 1

Executor Cores 1

Minimum Executors 1


Initial Executors 1



Spark App 13: Action Prediction Learner


Job Name Action Prediction Learner Job

Driver-Memory 3gb


Executor Memory 5gb

Driver Cores 2

Executor Cores 4




Spark Apps


Streaming Concurrent Jobs 1

Max App Attempts 20


Spark Apps

Add Spark Jobs in ClouderaComplete the following steps to make changes to the Spark app properties and runthe Spark apps from Cloudera.

1. Navigate to SNYPR from Cloudera Manager.

2. Click Add Service.

3. Select SNYPR Gateway from the list of services.


Spark Apps

4. Click Continue.

5. Select the host for each Spark job individually to initiate the Gateway Service.

6. Select hosts for new or existing roles.

7. Click OK.

8. Click Continue to proceed.

9. Provide the following information in the Add SNYPR Gateway Service to SNYPR

screen:


Spark Apps

a. Jobs OS User: Enter a value.

Example: securonix.

b. Jobs Unique ID: Enter a value for the identifier prefixed to each spark job name.

Example: securonix.

Warning: The job name, Event_Enrichment, will have "securonix_Event_

Enrichment" as the Jobs Unique ID.

c. Jobs start mode: Specify single or multitenant.


Spark Apps

Note: Single starts with static memory allocation for executors. Multitenant

uses dynamic memory allocation.

d. Jobs queue name: Specify the name of the queue the Spark application shouldbe assigned. Example: root.

e. MySQL IP: Enter a value. Example: 10.0.0.60.

f. MySQL Port: Enter a value. Default: 3306

g. Database name: Enter a value. Example: snypr6_mn.

h. Database username: Enter a value. Example: root.

i. Database password: Enter a value.

10. Provide the following for all Jobs:

a. Job Name: Name of the Job.

b. Driver Memory: Memory allocated for the Driver.

c. Number of Executors: Number of executors for the job.

d. Executor Memory: The memory to be allocated for the job executors.

e. Driver Cores: The number of driver cores for the job.

f. Executor Cores: The number of executor cores for the job.

g. Consumer Group Name: Name of the Kafka consumer group.

h. Max rate per Partition (MRPP): Maximum rate at which your application can

process the message.

i. Job Duration: Duration of micro-batch in seconds.

j. Driver Memory Overhead: Memory overhead for the driver for each job.

k. Executor Memory Overhead: Memory overhead for the executor for each job.

l. Minimum Executors: Minimum number of executors.


Spark Apps

m. Maximum Executors: Maximum number of executors.

n. Initial Executors: Initial number of executors required.

o. Executor Idle Timeout: Maximum idle timeout for executor.

11. Ensure SNYPR Gateway has successfully started service.

12. Click Start SNYPR Gateway to expand details to view logs and errors (if any).


Spark Apps

13. Click Finish.

14. Check the status of SNYPR Gateway on the Cloudera Manager homepage. A green

circle indicates the service is running in good health.

15. (Optional) Navigate to Yarn to check the status of the Spark applications

associated with the Job roles to ensure they are running:


Spark Apps

Stop Spark Jobs in Cloudera1. Log in to Cloudera Manager.

2. Click down arrow to select Stop from SNYPR Gateway Actions menu.

3. Ensure the service has successfully stopped.

Warning: The service display a status, Failed, (even though all roles have been

stopped), is due to a Known Issue described in the SNYPR Installation Guide. The

only time you can ignore the failed status is if Step 1: Gracefully stop the service

completed successfully.

4. Navigate to YARN to ensure the applications show Killed status.


Spark Apps

5. Navigate to SNYPR Gateway Service summary from Cloudera Manager.

Example: Enrichment Job.

6. Click Actions > Stop_<Role_Name>_App.

Example: Stop_Enrichment_App.

7. Ensure the job has stopped successfully.


Spark Apps

8. Navigate to YARN to ensure the job shows Killed status.


Spark Apps

Administer Spark Jobs using Command LineComplete the following steps to make changes to the Spark Job properties and run theSpark jobs:

1. Navigate to the installation folder designated during Installation.

Example: "/Securonix/tenants/snypr/Sparkjobs/".

2. (Optional) Edit Spark jobs parameters in the "snypr_apps.properties" file in"/Securonix/tenants/snypr/Sparkjobs/conf/snypr_apps.properties".

snypr_apps.properties

The scripts to run each Spark job have been converted to accept the configurationsas arguments.

Configurable parameters:

l Name (name)

l Driver memory (driver-memory)

l Number of executors (num-executors)

l Executor Memory (executor-memory)

l Drive cores (driver-cores)

l Executor cores (executor-cores)

l Consumer group (cg)

l Max rate per partition (mrpp)

l Duration (d)

l HDFS user having access permission to HDFS

l Unique identifier to distinguish your jobs, attached as prefix to the name ofeach spark job initiated (tenant.id)


Spark Apps

Example: If tenant.id =CS, the jobs will be run as “CS_Event_Enrichment”

l queue name

These configurations are maintained in a file, “snypr_apps.properties”. This file canbe edited to run your custom configurations for each job.

3. Execute the following command to run all Spark jobs at once: sh snypr_apps.sh

-a all

snypr_apps.sh

l Utility script to start the spark application by reading from the properties file,"snypr_apps.properties"

l The script will start each application, wait for 20s and check the status of theapplication. If it is in Running state, then it generates a <jobname.pid> filewith the applicationId of the application.

Example: jobname=CS_Event_Enrichment, then CS_Event_

Enrichment.pid will have the applicationId for CS_Event_Enrichment

l If it doesn’t go to “Running” state, then the <Jobname=applicationId> isstored in a file <tenant.id_pending_apps.txt>

Example: CS_pending_apps.txt

l This file is once again checked after 30s to check if the application has moved to“Running” state or “Failed” state. The logs for status check for pendingapplications are maintained in < tenant.id_pending_apps.log>

Example: CS_pending_apps.log

l Following are the ways the script can start the spark application:


Spark Apps

o -r (or) range: Series of applications at once i.e to start jobs from enrichmentthrough behavior analytics, we can use:

sh snypr_apps.sh –r <from_number-to_number>

Example:l sh snypr_apps.sh –r 1-4

l sh snypr_apps.sh –range 1-4

o -i (or) initiate: Start individual jobs or a list of discontinuous jobs:

sh snypr_apps.sh –i <job_number>

Example:l sh snypr_apps.sh –i 1

l sh snypr_apps.sh –i 1,5,9

l sh snypr_apps.sh –initiate 1,5,9

o -a (or) alias: By alias

sh snypr_apps.sh –a <alias_name>

Example:l sh snypr_apps.sh –a enrichment

l sh snypr_apps.sh -alias enrichment

4. To start all applications:

sh snypr_apps.sh –a all


Spark Apps

Example

[root@10-0-0-90 sparkjobs]# sh snypr_apps.sh -a all

17/05/18 12:11:12 INFO client.RMProxy: Connecting to

ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032

CS_Event_Enrichment running successfully, CS_Event_

Enrichment.pid generated in /Securonix/props_sparkjobs/logs



CS_Event_Ingestion running successfully, CS_Event_Ingestion.pid

generated in /Securonix/props_sparkjobs/logs



CS_Event_Indexer running successfully, CS_Event_Indexer.pid

generated in /Securonix/props_sparkjobs/logs



Warning: CS_Behaviour_Analytics not running, appended to

/Securonix/props_sparkjobs/logs/CS_pending_app.txt



CS_Policy_Engine_IEE running successfully, CS_Policy_Engine_

IEE.pid generated in /Securonix/props_sparkjobs/logs



CS_Policy_Engine_AEE running successfully, CS_Policy_Engine_

AEE.pid generated in /Securonix/props_sparkjobs/logs



CS_ThreatModel_RiskScoring_App running successfully, CS_

ThreatModel_RiskScoring_App.pid generated in /Securonix/props_

sparkjobs/logs


Spark Apps



Warning: CS_Analytics_App not running, appended to

/Securonix/props_sparkjobs/logs/CS_pending_app.txt



CS_Behaviour_Profile running successfully, CS_Behaviour_

Profile.pid generated in /Securonix/props_sparkjobs/logs

Checking all pending app status, check

/Securonix/tenants/snypr/Sparkjobs/logs/CS_pending_app.log for

any further errors

5. Execute the following command to terminate all Spark jobs at once: sh snypr_apps.sh -t all CS

-t (or) -terminate: To terminate a particular application, you can pass by range, one

job number/list of jobs, alias or kill all jobs for a particular tenant

sh snypr_apps.sh -t <option> <tenantId>

Option 1: Terminate a continuous range of jobs

sh snypr_apps.sh -t <start_job_num>-<end_job_num> <tenantId>

Example: sh snypr_apps.sh -t 1-4 CS

Option 2: Kill one job

Example:l sh snypr_apps.sh -t <job_num> <tenantId>

l sh snypr_apps.sh -t 4 CS

Option 3: Kill a list of discontiuous jobs


Spark Apps

sh snypr_apps.sh -t <job_num1>,<job_num2>,<job_num3>..

<tenantId>

Example: sh snypr_apps.sh -t 1,5,8 CS

Option 4: Kill using an alias

sh snypr_apps.sh -t <job_alias_name> <tenantId>

Example: sh snypr_apps.sh -t enrichment CS

Option 5: Kill all applications for a tenant

sh snypr_apps.sh -t all <tenantId>

Example:l sh snypr_apps.sh -t all CS

l sh snypr_apps.sh -terminate all CS

Example

[root@10-0-0-90 sparkjobs]# sh snypr_apps.sh -t all CS



No such yarn appication with name = CS_Analytics_App present



No such yarn appication with name = CS_Behaviour_Profile

present



Spark Apps


killing CS_Event_Enrichment





Killing application application_1494916983246_0199

17/05/18 12:41:25 INFO impl.YarnClientImpl: Killed application

application_1494916983246_0199



killing CS_Event_Indexer







application_1494916983246_0201



killing CS_Event_Ingestion







application_1494916983246_0200




Spark Apps

killing CS_Policy_Engine_AEE







application_1494916983246_0204



killing CS_Policy_Engine_IEE







application_1494916983246_0203



killing CS_ThreatModel_RiskScoring_App







application_1494916983246_0205

6. Execute the following command to check the status of all pending Spark jobs:

snypr_check-pending-apps.sh


Spark Apps

l Checks if the applications started by the snypr_apps.sh has moved to “Running”state and if in running state, generates <jobname.pid> file containing theapplicationId of the application

l Argument required:

l File containing the jobname & applicationId < tenant.id_pending_apps.txt>

Example: CS_pending_apps.txt Usage: sh snypr_check-pending-

apps.sh CS_pending_apps.txt

Example

[root@10-0-0-90 sparkjobs]# cat logs/CS_pending_app.log



CS_Behaviour_Analytics failed, try re-initiating

7. Execute the following command to check the status of all Spark jobs: sh snypr_apps.sh -s 1 CS

-s (or) -status: To get status a particular application by specifying the jobnum oralias name

sh snypr_apps.sh -s <job_num> <tenantId>

Example:l sh snypr_apps.sh -s 1 CS

l sh snypr_apps.sh -s <alias_name> <tenantId>

sh snypr_apps.sh -s enrichment <tenantId>


Spark Apps

Example

[root@10-0-0-90 sparkjobs]# sh snypr_apps.sh -s 1 CS







Application Report :

Application-Id : application_1494916983246_0199

Application-Name : CS_Event_Enrichment

Application-Type : SPARK

User : securonix

Queue : root.root

Start-Time : 1495127477673

Finish-Time : 0

Progress : 10%

State : RUNNING

Final-State : UNDEFINED

Tracking-URL : http://10.0.0.90:43713

RPC Port : 0

AM Host : 10.0.0.90

Aggregate Resource Allocation : 2500214 MB-seconds, 1220 vcore-

seconds

Log Aggregation Status : NOT_START

Diagnostics :






Spark Apps






Application-Name : CS_Event_Ingestion


User : securonix

Queue : root.root

Start-Time : 1495127498602

Finish-Time : 0

Progress : 10%

State : RUNNING



RPC Port : 0

AM Host : 10.0.0.94


seconds


Diagnostics :










Application-Name : CS_Event_Indexer


Spark Apps


User : securonix

Queue : root.root

Start-Time : 1495127520070

Finish-Time : 0

Progress : 10%

State : RUNNING



RPC Port : 0

AM Host : 10.0.0.91


seconds


Diagnostics :

8. Execute the following script to get logs for a particular application: sh snypr_apps.sh -l <application_name>

-l (or) -logs: To get logs a particular application

sh snypr_apps.sh -l <application_name>

Example:l sh snypr_apps.sh -l CS_Event_Enrichment

l sh snypr_apps.sh -logs CS_Event_Enrichment

9. Execute the following script to run the Spark applications in either multitenantmode or single mode: sh snypr_apps.sh <script intializingparameters> -m <mode>


Spark Apps

-m (or) -mode: To run the spark applications in either "multi-tenant" mode to passthe dynamic parameters or "single" mode

sh snypr_apps.sh <script intializing parameters> -m <mode>

Example:l sh snypr_apps.sh -a all -m multitenant

l sh snypr_apps.sh -i 1 -m single

l sh snypr_apps.sh -r 1-9 -m multitenant

Note: If the mode is not explicitly mentioned in the parameters, the applications

will be initiated with mode specified in the properties file.

Tip: Files starting with "mt" are used to run the scripts in multi-tenant mode.


Spark Apps

View YARN Application StatusTo view the YARN applications and their status, use the following command:

List the applications from the resource manager


Appendix A: Access Privileges

Appendix A: Access PrivilegesIn Access Control, you can grant specific access privileges to each user role. Theseareas include the following

Privileges are grouped based on the module (i.e., dashboard, manage, detect, respond,reports, and configure). The complete list of privileges is displayed in the followingtables:

Add Data

Category URL ID Description

AddData

/config/licenseSuccessSettings3697

Configuration-LicenseSuccessSettings

AddData

/users/showScheduleImportJob1856

Configure-Tasks-UserImport[showsuser importscreen]

AddData

/users/showUserJobStatusDetails1855

Configure-Tasks[showsdetails of userimport job]

AddData

/users/saveConfig1854

Configure-Tasks-Configure UserImport[savesvalues for userimport configreceived fromuser importconfig screen]




AddData

/users/showImportConfig1853

Configure-Tasks-Configure UserImport[showsuser importconfig screen]

AddData

/resource/updateActivityAttributeDisplayOrder4394

Resource-UpdateActivityAttributeDisplay Order

AddData

/resource/showResourceGroupsForNode4393

ResourceGroups ForNode

AddData

/resource/isAccessValueDuplicate4392

Resource-Check ifAccess Value isDuplicate

AddData

/resource/saveConfigTemplate4391

Resource-SaveConfigurationTemplate

AddData

/users/importUsers1857

Configure-Tasks-UserImport[importusers fromspecifeddatasource]

AddData

/resource/getNitroWSDeviceList4390

Resource-GetNitro WSDevice List




AddData

/watchList/listActivityTransactionNotInWatchlist4505

Watchlist-Listof ActivityTransactionsNot inWatchlist

AddData

/users4503

Users

AddData

/resource/toggleSuspectchecksFlag4365

Resource-ToggleSuspectchecksFlag

AddData

/resource/previewActivityCorrelationResults4420

Resource-PreviewActivityCorrelationResults

AddData

/resource/updateAccountAttributes4418

Resource-UpdateAccountAttributes

AddData

/resource/showEditActivityUserFilter4417

Resource-ShowEdit ActivityUser Filter

AddData

/resource/showUncorrelatedAccountsWithAccessValue

4416

Resource-ShowUncorrelatedAccounts WithAccess Value

AddData

/resource/showCorrelatedResults4415

Resource-ShowCorrelatedResults




AddData

/resource/showCorrelatedActivityAccountsUsage4389

Resource-ShowCorrelatedActivityAccountsUsage

AddData

/resource/saveActionFilters4414

Resource-SaveAction Filter

AddData

/peer/showCreationRules1868

Manage-Peers-Peer CreationRules

AddData

/peer/showJobForAssignmentRules1884

Manage-Peers-PeerAssignmentRules[showslist of peerassignmentrules job]

AddData

/resource/addReport4376

Resource-AddReport

AddData

/resource/showBehaviorConfig4375

Resource-ShowBehaviorConfiguration

AddData

/resource/showAddResourceGlossary4374

Show AddResourceGlossary

AddData

/resource/updateGlossary4373

Resource-UpdateGlossary

AddData

/resource/saveResourceGroupList4372

Save ResourceGroup List




AddData

/resource/showJobsForAccess4371

Resource-ShowJobs ForAccess

AddData

/resource/getDeviceList4370

Resource-GetDevice List

AddData

/resource/4369

Resource

AddData

/peer/showJobForCreationRules1869

Manage-Peers-Peer CreationRules[showslist of peercreation rulesjob]

AddData

/resource/searchAJAX4368

Resource-Search usingAJAX

AddData

/resource/searchActivityAccountsAJAX4386

Resource-Search ActivityAccounts usingAJAX

AddData

/users/showUserRiskDetails4442

Users-ShowUser RiskDetails

AddData

/resource/saveGlosssaryImportConfig1920

Configure-Tasks-ConfigureGlossaryImport[savevaluesrecieved fromconfigureglossary importscreen]




AddData

/resource/isResourceAccessAttributeNameDuplicate

4388

Check ifResourceAccessAttributeName isDuplicate

AddData

/resource/saveAccessImportConfig1918

Configure-Tasks-ConfigureAccess Import[save valuesrecieved fromconfigureaccess importscreen]

AddData

/resource/resourceAccessConfig1917

Configure-Tasks-ConfigureAccess Import[showsconfigureaccess importscreen]

AddData

/resource/saveConnType1916

Configure-Tasks-ConfigureActivity Import[save valuesrecieved fromconfigureactivity importscreen]




AddData

/resource/resourceActivitiesConfig1915

Configure-Tasks-ConfigureActivity Import[showsconfigureactivity importscreen]

AddData

/resource/showAccessCorrelationRulesList4367

Resource-ShowAccessCorrelationRules List

AddData

/resource/listResourceGroupsForGlossaryImport4377

List ResourceGroups ForGlossaryImport

AddData

/resource/getDatasourceConnection4413

Resource-GetDatasourceConnection

AddData

/resource/importActivities4411

Resource-ImportActivities

AddData

/resource/resourceEvents4434

Resource-ResourceEvents

AddData

/resource/showAppEvents4433

Resource-ShowApplicationEvents

AddData

/resource/getResourceGroupGeneralDetails4432

Get GeneralDetails forResourceGroup




AddData

/resource/showBubbleChartByAccessValue4431

Resource-ShowBubble ChartBy AccessValue

AddData

/resource/getSailpointDatasourceAttr4430

Resource-GetSailpointDatasourceAttributes

AddData

/resource/ipMappingEnabledChk4429

Resource-Check for IPMappingEnabled

AddData

/settings/updateLogLevels1966

Configure-Logging-Modules[update loglevel]

AddData

/resource/isResourceAttributeNameDuplicate4427

Check ifResourceAttributeName isDuplicate

AddData

/resource/updateResourceColor4435

UpdateResource Color

AddData

/resource/advancedSearchAddUser4426

Resource-AdvancedSearch AddUser

AddData

/resource/getFilterCondition4424

Resource-GetFilterCondition




AddData

/resource/fetchUiConfig4423

Resource-Fetch UIConfig

AddData

/users/save4455

Users-Save

AddData

/users/updateCriticality4457

Users-UpdateCriticality

AddData

/users/getUserActivityAccounts4502

Users-GetUser ActivityAccounts

AddData

/users/showUserQuickInfo4481

Show UserQuick Info

AddData

/users/showManagerDetails4483

Users-ShowManagerDetails

AddData

/users/getLastImportDateForResource4484

Users-Get LastImport Datefor Resource

AddData

/resource/showImportResourceMetadata4425

Show ImportResourceMetadata

AddData

/resource/showResourceGlossary4412

Show ResourceGlossary

AddData

/resource/saveNitroFieldFilter4436

Resource-SaveNitro FieldFilter

AddData

/resource/showActivityJobStatusDetails4438

Resource-Activity JobStatus Details




AddData

/users/getUsageTransactionsListForUser4444

Get UsageTransactionsList for User

AddData

/users/getMonths4445

Users-GetMonths

AddData

/users/getUpdatedToken4446

Users-GetUpdated Token

AddData

/users/advancedSearch4447

Users-AdvancedSearch

AddData

/users/getDefaultQuery4448

Users-GetDefault Query

AddData

/users/verifyUserImportConfig4449

Users-VerifyUser ImportConfig

AddData

/users/saveStatusDescriptionRules4450

Users-SaveStatusDescriptionRules

AddData

/users/getPeerBaselines4451

Users-GetPeer Baselines

AddData

/resource/listOwners4437

Resource-Owners List

AddData

/users/showSearch4452

Users-ShowSearch

AddData

/users/emailTemplates4454

Users-EmailTemplates

AddData

/resource/showGlossaryImportConfig4419

Resource-ShowGlossaryImportConfiguration




AddData

/resource/searchResourceTypeAJAX4421

SearchResource Typeusing AJAX

AddData

/users/decryptSelectedUsers4456

Users-DecryptSelected Users

AddData

/resource/showVennChartByAccessValue4422

Resource-ShowVenn Chart ByAccess Value

AddData

/resource/editFieldFilter4440

Resource-EditField Filter

AddData

/resource/previewAccessImportConfig4439

Resource-PreviewAccess ImportConfiguration

AddData

/users/isEmployeeIdDuplicate4443

Users-Check ifEmployee Id isDuplicate

AddData

/users/showDLPAlerts4453

Users-ShowDLP Alerts

AddData

/users/showAccessLevel34485

Users-AccessLevel3

AddData

/resource/saveLineFilters4378

Resource-SaveLine Filters

AddData

/resource/showAccessValuesByPeer4380

Resource-ShowAccess ValuesBy Peer

AddData

/config/showPreviewTEMP3699

Configuration-ShowPreviewTEMP




AddData

/config/isWorkflowDuplicate3698

Configuration-Check ifWorkflow isDuplicate

AddData

/config/showSamlSettings3696

Configuration-Show SAMLSettings

AddData

/config/isFileExist3695

Configuration-Check if FileExists

AddData

/config/maskUnmaskData3694

Configuration-Mask orUnmask Data

AddData

/config/showConfigureResourceRiskLevels3693

Configuration-ShowConfigureResource RiskLevels

AddData

/config/getEncryptionKeyCount3692

Configuration-Get Key Countfor Encryption

AddData

/peer/getPeerActivityDates4225

Get PeerActivity Dates

AddData

/config/updateJob3700

Configuration-Update Job

AddData

/uf/saveRgUfConfig3026

Configure-UniversalForwarder-Save/UpdateResourceGroupConfiguration




AddData

/resource/deleteAccessValue4406

Resource-Delete AccessValue

AddData

/resource/listFormatForActivity4403

Resource-ListFormat ForActivity

AddData

/resource/scheduleActivityCorrelationJob4402

Resource-ScheduleActivityCorrelationJob

AddData

/resource/verifyAccessImportDatasourceConfig4401

Resource-Verify AccessImportDatasourceConfiguration

AddData

/resource/showAccessImportAttrMapping4400

Resource-ShowAccess ImportAttributeMapping

AddData

/resource/showActivityOutlierDetailsForResourceByJobId

4399

ActivityOutlier DetailsFor ResourceBy Job Id

AddData

/resource/showResourceActivitySummary4398

Show ResourceActivitySummary

AddData

/resource/showUnCorrelatedAccountDetails4397

Resource-UnCorrelatedAccountDetails




AddData

/peer/listSelectPeer4227

List SelectPeer

AddData

/resource/getPoliciesList4396

Resource-GetPolicies List

AddData

/config/deleteAttachment3701

Configuration-DeleteAttachment

AddData

/config/populatetpikb3702

Configuration-Populate PIKB

AddData

/config/createGeoImportConfig3672

Configuration-CreateGeolocationImportConfiguration

AddData

/config/manageEncryption3671

Configuration-ManageEncryption

AddData

/config/saveMetaconnection3670

Configuration-Save MetadataConnection

AddData

/config/showConfigurePeerRiskLevels3669

Configuration-Configure PeerRisk Levels

AddData

/config/showDetails3668

Configuration-Show Detials

AddData

/config/refreshUploadLicense3688

Configuration-Refresh UploadLicense

AddData

/config/isValidatePort3690

Configuration-Check if Port ifValid




AddData

/config/showUploadLicense3714

Configuration-Show UploadLicense

AddData

/config/checkConfig3691

Configuration-CheckConfiguration

AddData

/config/getBeforeEncrypDecryptData3703

Configuration-Get BeforeEncryption orDecrypttion ofData

AddData

/config/showAddWorkflowStatus3712

Configuration-Show AddWorkflowStatus

AddData

/config/showSavedJobDetails3711

Configuration-Show SavedJob Details

AddData

/config/getDistinctColValuesFromCRP3710

Configuration-Get DistinctColumn ValuesFrom CRP

AddData

/config/deleteConfig3708

Configuration-DeleteConfiguation

AddData

/config3707

Configuration

AddData

/config/decryptData3706

Configuration-Decrypt Data

AddData

/config/selectJobsForChaining3705

Configuration-Select Jobs ForChaining




AddData

/config/getSpecificBprofileconfigDetails3704

Configuration-Get Specific BProfileConfigurationDetails

AddData

/config/saveButton3713

Configuration-Save Button

AddData

/resource/saveActivityOutlierPolicy4379

Resource-SaveActivityOutlier Policy

AddData

/resource/showMonitorAccounts4395

Resource-ShowMonitorAccounts

AddData

/chainTransaction/searchTransactions1931

Manage-Resources-ActivityManagement[shows activitymanagementscreen]

AddData

/watchList/auditLogs4516

Watchlist-Audit Logs

AddData

/watchList/showWatchlistImportJob4517

Watchlist-Show WatchlistImport Job

AddData

/watchList/listActivityAccountNotInWatchlist4518

Watchlist-Listof ActivityAccounts Notin Watchlist

AddData

/watchList/showAddToWhitelist4519

Watchlist-Show Add toWhitelist




AddData

/watchList/addSelectedMembers4521

Add SelectedMembers toWatchlist

AddData

/watchList/4522

Show Watchlist

AddData

/watchList/listUsersNotInWatchlist4523

Watchlist-Listof Users Not inWatchlist

AddData

/watchList/addToWL4524

Add toWatchlist

AddData

/watchList/showWLImportConfig4515

Watchlist-Show WatchlistImportConfiguration

AddData

/resource/showCorrelationRulesList4409

Resource-ShowCorrelationRules List

AddData

/resource/selectResourceForActivitiesImport1921

Configure-Tasks-ActivityImport[showsactivity importscreen]

AddData

/watchList/getUpdatedToken4504

Watchlist-GetUpdated Token

AddData

/resource/searchActivityAccounts4387

Resource-Search ActivityAccounts

AddData

/resource/showAllTranForAccount4385

Resource-ShowAll Tran ForAccount




AddData

/resource/previewTokens4384

Resource-PreviewTokens

AddData

/resource/showResourceBehaviorSummary4383

Show ResourceBehaviorSummary

AddData

/resource/selectedUsers4382

Resource-Selected Users

AddData

/resource/showActivityOutliersJobStatus4381

Resource-ShowActivityOutliers JobStatus

AddData

/resource/selectResourceForAccessImport1923

Configure-Tasks-AccessImport[showsaccess importscreen]

AddData

/chainTransaction/list1932

Manage-Resources-ActivityManagement[shows list ofactivities onactivitymanagemntscreen]

AddData

/resource/editArchSightLoggerFieldFilter4410

Resource-EditArchSightLogger FieldFilter

AddData

/watchList/memberlist4513

Watchlist-ShowMemberlist




AddData

/resource/scheduleGeolocationJob1930

Configure-Tasks-PopulateGeolocation[schedulepopulategeolocationjob]

AddData

/resource/showGeolocationJob1929

Configure-Tasks-ActivityArchival[showpopulategeolocationscreen]

AddData

/resource/scheduleActivityArchivalJob1928

Configure-Tasks-ActivityArchival[scheduleactivityarchival]

AddData

/resource/previewGlossaryData4574

Previewglossary datawhileimporting

AddData

/resource/showScheduleActivityArchivalJob1927

Configure-Tasks-ActivityArchival[showsactivityarchivalscreen]




AddData

/resource/scheduleGlossaryJob1926

Configure-Tasks-GlossaryImport[scheduleglossary importjob]

AddData

/resource/selectResourceForGlossaryImport1925

Configure-Tasks-GlossaryImport[showsglossary importscreen]

AddData

/resource/scheduleAccessJob1924

Configure-Tasks-AccessImport[scheduleaccess importjob]

AddData

/watchList/listAccessAccountNotInWatchlist4514

Watchlist-Listof AccessAccounts Notin Watchlist

AddData

/resource/correlateToUser4405

Resource-Correlate toUser

AddData

/resource/scheduleActivityImportJob1922

Configure-Tasks-ActivityImport[scheduleactivity importjob]

AddData

/resource/searchResourceGroupsAJAX4408

SearchResourceGroups AJAX




AddData

/watchList4506

Add Data-ShowWatchlist

AddData

/watchList/searchWLAJAX4507

Watchlist-SearchWatchlistthrough AJAX

AddData

/watchList/index4508

Watchlist

AddData

/watchList/manageWatchListMembers4510

Watchlist-ManageWatchListMembers

AddData

/watchList/saveWlImportConfig4511

Watchlist-SaveWatchlistImportConfiguration

AddData

/watchList/scheduleWLJob4512

Watchlist-ScheduleWatchlist Job

AddData

/resource/getFieldsForLineFilterRules4407

Resource-GetFields For LineFilter Rules

AddData


Users-AccessLevel4

AddData

/users/previewData4487

Users-PreviewData

AddData

/users/showDeleteAllUsersWarning4488

Users-ShowDelete AllUsers Warning

AddData

/peer4240

Peer




AddData

/peer/showPeerCreationJobStatus4241

Show PeerCreation JobStatus

AddData

/resource/getResourceTypesList4242

Get ResourceTypes List

AddData

/resource/showBehaviorActivityDetails4243

Resource-ShowBehaviorActivity Details

AddData

/resource/saveResourceConfig4245

Save ResourceConfig

AddData

/peer/showResourcesForPeerBehavior4236

Resources ForPeer Behavior

AddData

/resource/showActivityJobErrors4246

Resource-ShowActivity JobErrors

AddData

/resource/getDistinctColumnValue4247

Resource-GetDistinctColumn Value

AddData

/peer/advancedSearch4239

Peer-AdvancedSearch

AddData

/resource/showLineFiltersList4248

Resource-ShowLine Filters List

AddData

/resource/uploadImportFile4250

Resource-Upload ImportFile

AddData

/resource/showCreateResourceDialog4251

Show CreateResourceDialog

AddData

/peer/showPeerUserAccessDetails4237

Peer UserAccess Details




AddData

/peer/getUsageResourcesListForPeer4235

Get UsageResources Listfor Peer

AddData

/resource/verifyDatasourceConfig4272

Resource-VerifyDatasourceConfig

AddData

/resource/drillDownStackedChartByAccessValue4356

Resource-FilterStacked ChartBy AccessValue

AddData

/resource/assignSelectedUserToResource4362

AssignSelected Userto Resource

AddData

/resource/assignAppToUser4361

Resource-Assign App ToUser

AddData

/resource/showVulnerabilities4249

Resource-ShowVulnerabilities

AddData

/resource/showTranForAccount4360

Resource-ShowTransaction forAccount

AddData

/peer/reloadAutoComplete4238

Peer-ReloadAuto Complete

AddData

/resource/updateResourceGroupAttributes4273

UpdateResourceGroupAttributes

AddData

/resource/loadsureviewfilter4346

Resource-LoadSureview Filter




AddData

/resource/getResourceActivityDates4305

Get ResourceActivity Dates

AddData

/resource/getDatasourceType4331

Resource-GetDatasourceType

AddData

/resource/quickSearchAJAX4347

Resource-Quick Searchusing AJAX

AddData

/resource/importAccess4348

Resource-Import Access

AddData

/resource/showWhoIs4349

Resource-ShowWho Is

AddData

/resource/searchResourceGroup4350

SearchResourceGroup

AddData

/resource/loadFields4351

Resource-LoadFields

AddData

/resource/previewEventData4322

Resource-Preview EventData

AddData

/resource/addOwnerForAccessAttribute4352

Resource-AddOwner forAccessAttribute

AddData

/resource/isResourceNameDuplicate4354

Check ifResourceName isDuplicate

AddData

/resource/showUncorrelatedResults4310

Resource-ShowUncorrelatedResults




AddData

/resource/updateAccountDescription4309

Resource-UpdateAccountDescription

AddData

/resource/updateTransactionCriticality4308

Resource-UpdateTransactionCriticality

AddData

/resource/showSelectOperatorAttributes4307

Resource-ShowSelectOperatorAttributes

AddData

/resource/renderResourceGroupEventTemplate4306

RenderResourceGroup EventTemplate

AddData

/resource/selectedUsersEdit4327

Resource-Selected UsersEdit

AddData

/resource/updateAccessAccountAttributes4328

Resource-Update AccessAccountAttributes

AddData

/resource/listAttributeValuesForAccessAttribute4353

Resource-ListAttributeValues forAccessAttribute

AddData

/resource/showTranListForAccount4344

Resource-ShowTransactionList forAccount




AddData

/resource/toggleLineFilter4359

Resource-Toggle LineFilter

AddData

/resource/getResourceAccessMetadataList4357

Get ResourceAccessMetadata List

AddData

/resource/updateAccessValues4316

Resource-Update AccessValues

AddData

/resource/fillListVenn4255

Resource-FillList Venn

AddData

/resource/runBulkImportResources4266

Run BulkImportResources

AddData

/resource/ipAddrConfig4317

Resource-IPAddressConfiguration

AddData

/resource/saveResourceGlossary4319

Save ResourceGlossary

AddData

/resource/encryptDecryptAccessAttributeValue4262

Resource-EncryptDecryptAccessAttribute Value

AddData

/resource/savecefsettings4256

Resource-SaveCEF Settings

AddData

/resource/getSubTreeData4257

Resource-GetSub Tree Data




AddData

/resource/getParentResourceActivityAttributes4315

Get ParentResourceActivityAttributes

AddData

/resource/getNodeResourceGroups4258

Get NodeResourceGroups

AddData

/resource/saveNitroLineFilters4260

Resource-SaveNitro LineFilters

AddData

/resource/searchAccessAccountsAJAX4261

Resource-Search AccessAccounts usingAJAX

AddData

/resource/editNitroFieldFilter4335

Resource-EditNitro FieldFilter

AddData

/resource/previewFieldFilters4263

Resource-Preview FieldFilters

AddData

/resource/saveFieldFilterTemplate4264

Resource-SaveField FilterTemplate

AddData

/resource/attrCheck4265

Resource-AttributeCheck

AddData

/resource/checkAccountViolations4321

Resource-Check AccountViolations

AddData

/resource/showAddNewEntitlement4320

Resource-AddNewEntitlement




AddData

/resource/updateAccessAttribute4259

Resource-Update AccessAttribute

AddData

/resource/showFieldFilterRules4358

Resource-ShowField FilterRules

AddData

/resource/getNodesList4267

Resource-GetNodes List

AddData

/resource/saveArcsightloggerFieldFilter4324

Resource-SaveArcsightLogger FieldFilter

AddData

/peer/showAddParent4228

Peer-Show AddParent

AddData

/peer/4234

Peer Creation

AddData

/resource/isScheduleJobNameDuplicate4355

Resource-Check ifSchedule JobName isDuplicate

AddData

/peer/selectedOwnerEdit4229

Peer-SelectedOwner Edit

AddData

/peer/addUsersToPeer4230

Add Users ToPeer

AddData

/peer/isNameDuplicate4231

Peer-Check ifName isDuplicate

AddData

/peer/showBehaviorByResource4232

Peer-ShowBehavior ByResource




AddData

/peer/showPeerAccessDetails4233

Peer AccessDetails

AddData

/resource/showActivityOutliersJobWizard4323

Resource-ShowActivityOutliers JobWizard

AddData

/resource/checkAccountViolationsForResource4252

Check AccountViolations forResource

AddData

/resource/getUpdatedToken4254

Resource-GetUpdated Token

AddData

/resource/getThreatListParameter4318

Resource-GetThreat ListParameter

AddData

/resource/showAccessImportConnType4271

Resource-ShowAccess ImportConnectionType

AddData

/resource/showResourcesForActivityOuliers4326

ShowResources forActivityOuliers

AddData

/resource/showActivityOutliers4270

Resource-ShowActivityOutliers

AddData

/resource/filterResources4269

FilterResources

AddData

/resource/getTransactionsForResource4325

GetTransactionsfor Resource




AddData

/resource/listResourceGroupsForAccessImport4268

List ResourceGroups forAccess Import

AddData

/resource/assignToUserList4253

Resource-Assign to UserList

AddData

/resource/getSuspectChecksList4343

Resource-GetSuspectChecksList

AddData

/resource/getChartsList4342

Resource-GetChartsList

AddData

/resource/showSearchUsers4341

Resource-ShowSearch Users

AddData

/users/deleteAllUsers4464

Users-DeleteAll Users

AddData

/users/getUserAccounts4465

Users-GetUser Accounts

AddData

/users/getUserActivityDates4466

Users-GetUser ActivityDates

AddData

/users/getDateTime4467

Users-GetDate and Time

AddData

/users/validateDelimiters4468

Users-ValidateDelimiters

AddData

/users/getTransactionsForResource4469

Users-GetTransactionsfor Resource

AddData

/users/showResourceAccountsForUserBehavior4470

Show ResourceAccounts forUser Behavior




AddData

/users/getFilterCondition4471

Users-GetFilterCondition

AddData

/users/showUserActivitySummary4463

Users-ShowUser ActivitySummary

AddData

/users/showUserImportJobErrors4472

Show UserImport JobErrors

AddData

/users/showTransactionSearchForUser4474

ShowTransactionSearch ForUser

AddData

/users/beforeInterceptor4475

Users-BeforeInterceptor

AddData

/users/getUserResources4476

Users-GetUserResources

AddData

/users/showBehaviorByActivity4478

Users-ShowBehavior ByActivity

AddData

/resource/scheduleImportResources4366

ScheduleImportResources

AddData

/users/showAccessDetails4441

Users-ShowAccess Details

AddData

/resource/verifyGlossaryImportDatasourceConfig4364

Resource-VerifyGlossaryImportDatasourceConfig




AddData

/resource/showGlossaryJobStatusDetails4294

Resource-ShowGlossary JobStatus Details

AddData

/users/validateIdentifiers4473

Users-ValidateIdentifiers

AddData

/resource/loadDatasourceAttributes4288

Resource-LoadDatasourceAttributes

AddData

/users/getTreeNodes4462

Users-GetTree Nodes

AddData

/users/getUsageResourcesListForUser4460

Get UsageResources Listfor User

AddData


Users-AccessLevel1

AddData

/users/create4490

Users-Create

AddData

/users/searchAJAX4491

Users-Searchusing AJAX

AddData

/users/reloadAutoComplete4492

Users-ReloadAuto Complete

AddData

/users/getResourcesListForUser4493

Get ResourcesList for User

AddData

/users/getTransactionsForAccount4494

Users-GetTransactionsfor Account

AddData

/users/getDefaultOIADefaultQuery4495

Users-GetDefault OIADefault Query




AddData

/users/showBehaviorTimeWindowsSummary4496

Users-ShowBehavior TimeWindowsSummary

AddData


Users-AccessLevel2

AddData

/users/quickSearchAJAX4497

Users-QuickSearch usingAJAX

AddData

/users/showBehaviorWithSuspectForUser4499

Users-BehaviorWith Suspectfor User

AddData

/users/getTransactionsForResourceId4500

Users-GetTransactionsFor ResourceId

AddData

/users/showBehaviorActivityDetails4501

Users-BehaviorActivity Details

AddData

/users/showDashboard4482

Users-ShowDashboard

AddData

/users/showUserChangeHistory4480

Show UserChange History

AddData

/users/getUserAccountsByEmployeeId4458

Users-GetUser AccountsBy EmployeeId

AddData

/users/4479

Add Data-Enable UserImport




AddData

/users/showIPMappingForNetworkAddress4459

Users-Show IPMapping forNetworkAddress

AddData

/users/showAttrMapping4498

Users-AttributeMapping

AddData

/resource/deleteReport4289

Resource-Delete Report

AddData

/resource/getAccountData4290

Resource-GetAccount Data

AddData

/resource/getTransactionsForResourceId4291

GetTransactionsfor ResourceId

AddData

/resource/previewAccessData4277

Resource-PreviewAccess Data

AddData

/resource/saveArcsightLoggerLineFilters4276

Resource-SaveArcsightLogger LineFilters

AddData

/resource/saveFieldFilterRules4275

Resource-SaveField FilterRules

AddData

/resource/searchTransactionsForResource4333

SearchTransactionsfor Resource

AddData

/resource/showUnCorrelatedActivityAccountsUsage

4302

Resource-UnCorrelatedActivityAccountsUsage




AddData

/resource/getSolrFilterCondition4303

Resource-GetSolr FilterCondition

AddData

/resource/showResourceEvents4304

Show ResourceEvents

AddData

/resource/showCreateAttribute4345

Resource-ShowCreateAttribute

AddData

/resource/reloadAutoComplete4278

Resource-Reload AutoComplete

AddData

/resource/showCorrelationResults4336

Resource-CorrelationResults

AddData

/resource/saveAccessConfigTemplate4338

Resource-SaveAccess ConfigTemplate

AddData

/resource4314

Add Data-Resource

AddData

/resource/showBehaviorTimeWindowsSummary4313

Resource-ShowBehavior TimeWindowsSummary

AddData

/resource/removeResourceGlossary4312

RemoveResourceGlossary

AddData

/resource/loadResourceGroupEvents4311

Load ResourceGroup Events




AddData

/resource/getActivityAttributesForResourceGroup

4332

Get ActivityAttributes forResourceGroup

AddData

/resource/searchResources4339

SearchResources

AddData

/resource/getUsageTransactionsListForResource4340

Get UsageTransactionsList ForResource

AddData

/resource/showUserDetailsForActivityOutliers4337

Resource-ShowUser Detailsfor ActivityOutliers

AddData

/config/saveCriticality1970

Configure-Criticality[schedulecriticality job]

AddData

/resource/saveActivityOutliers4280

Resource-SaveActivityOutliers

AddData

/resource/showEventsSummary4363

Resource-ShowEventsSummary

AddData

/resource/showJobsForActivities4292

Resource-ShowJobs forActivities

AddData

/resource/showAccessValueDetails4293

Resource-ShowAccess ValueDetails




AddData

/resource/beforeInterceptor4295

Resource-BeforeInterceptor

AddData

/resource/showResourceGroupsForNode_DELETE4274

ResourceGroups ForNode_DELETE

AddData

/resource/showCreateResourceGroupList4296

CreateResourceGroup List

AddData

/resource/checkViolationsForResource4297

CheckViolations forResource

AddData

/resource/list4298

Resource-List

AddData

/resource/getMappedActivityAttributesList4299

Resource-GetMappedActivityAttributes List

AddData

/resource/showEditUserFilter4300

Resource-EditUser Filter

AddData

/resource/toggleAnalysisTpiState4301

Resource-Toggle AnalysisThird PartyIntelligenceState

AddData

/resource/showStackedChartByAccessValue4287

Resource-ShowStacked ChartBy AccessValue




AddData

/resource/getExistingTemplateDetails4286

Resource-GetExistingTemplateDetails

AddData

/config/showConfigureCriticality1969

Configure-Criticality[showsschedulecriticality jobscreen]

AddData

/resource/showResourceMetadata4284

Show ResourceMetadata

AddData

/resource/showActivityJobStatusDetailsInProcess4283

Resource-ShowActivity JobStatus DetailsIn Process

AddData

/resource/maskUnmaskAccessAttributeValue4282

Resource-MaskedUnmaskedAccessAttribute Value

AddData

/resource/showCorrelatedAccountsWithAccessValue

4330

Resource-CorrelatedAccounts WithAccess Value

AddData

/resource/showRecorrelationDetails4329

Resource-ShowRecorrelationDetails

AddData

/resource/showActivityOutliersByJob4281

Resource-ShowActivityOutliers ByJob




AddData

/config/writeToXML3673

Configuration-Write To XML

AddData

/config/saveLookupConfig3674

Configuration-Save LookupConfiguration

AddData

/resource/glossaryAccessConfig1919

Configure-Tasks-ConfigureGlossaryImport[showsconfigureglossary importscreen]

AddData

/config/saveJobDetails3676

Configuration-Save JobDetails

AddData

/organization/addChildOrganizations4180

Add ChildOrganizations

AddData

/organization/beforeInterceptor4176

Add Data-OrganizationBeforeInterceptor

AddData

/organization/createOrganizationCreationRule4173

OrganizationCreation Rule

AddData

/organization/getUpdatedToken4171

Add Data-OrganizationGet UpdatedToken

AddData

/organization/deleteJob4170

Organization-Delete Job




AddData

/organization/addApplicationsToOrg4168

AddApplications toOrganization

AddData

/peer/showPeerJobStatusDetailsChart4200

Peer JobStatus DetailsChart

AddData

/peer/getAccessAttributesByResourceGroup4202

Peer-GetAccessAttributes ByResourceGroup

AddData

/peer/savePeerCreationRules4186

Save PeerCreation Rules

AddData

/organization/loadCreationRule4166

Organization-Load CreationRule

AddData

/peer/showDashboard4223

Peer-ShowDashboard

AddData

/peer/getPBMonths4222

Peer-Get PBMonths

AddData

/peer/show4221

Peer-Show

AddData

/peer/quickSearchAJAX4220

Quick Searchusing AJAX

AddData

/peer/checkHasOutliers4219

Peer-CheckHas Outliers

AddData

/peer/getUpdatedToken4218

Peer-GetUpdated Token

AddData

/peer/getTransactionsForPeer4217

GetTransactionsfor Peer




AddData

/peer/showPeerJobStatusDetails4216

Show Peer JobStatus Details

AddData

/peer/getResourcesListForPeer4214

Get ResourcesList for Peer

AddData

/peer/beforeInterceptor4215

Peer-BeforeInterceptor

AddData

/peer/runRule4187

Peer-Run Rule

AddData

/peer/listUsersForOwner4201

Peer-List UsersFor Owner

AddData

/riskModeler/updateModelAttributes3081

Configure-Threat Model-Set ThreatModel Live

AddData

/riskModeler/saveThreatModel3082

Configure-Threat Model-Save ThreatModel

AddData

/org/assignResourceToOrg3144

Dashboard-Organization-AssignResource ToOrganization

AddData

/org/assignResourceToOrgHierarchy3145

Dashboard-Organization-AssignResource ToOrganizationHierarchy

AddData

/chainTransaction4105

ChainTransaction




AddData

/chainTransaction/showUsersForTranaction4106

Show Users forTransaction

AddData

/chainTransaction/showTransactions4107

ShowTransactions

AddData

/peer/showBehaviorActivityDetails4190

Peer-ShowBehaviorActivity Details

AddData

/peer/getUsageTransactionsListForPeer4188

Get UsageTransactionsList for Peer

AddData

/peer/showScheduleCreationRule4199

Peer-ShowScheduleCreation Rule

AddData

/peer/showSearch4197

Peer-ShowSearch

AddData

/peer/selectedOwner4196

Peer-SelectedOwner

AddData

/peer/listAddParent4195

Peer-List AddParent

AddData

/peer/showAccessOutliersByPeerChart4194

Show AccessOutliers ByPeer Chart

AddData

/peer/listPeerTypes4193

List PeerTypes

AddData

/peer/selectPeerList4192

Select PeerList

AddData

/peer/getRuleConditions4191

Peer-Get RuleConditions




AddData

/peer/showRiskyUsersForAccessValue4189

Peer-ShowRisky Users forAccess Value

AddData

/peer/advancedSearchAddUser4198

Peer-AdvancedSearch AddUser

AddData

/riskModeler/showThreatModel3080

Configure-Threat Model-Show/EditThreat Model

AddData

/peer/showAddOwner4213

Peer-Show AddOwner

AddData

/peer/listPeersForResourceGroup4212

List Peers forResourceGroup

AddData

/manageData/showProfileResourceAccessLevel14133

Manage Data-Show ProfileResourceAccess Level1

AddData

/config/showRiskModeler2028

Configure-RiskModeler

AddData

/endpoint/saveEndPointConfig4116

Save EndPointConfiguration

AddData

/endpoint/beforeInterceptor4115

Endpoint-BeforeInterceptor

AddData

/endpoint/getUpdatedToken4114

Endpoint-GetUpdated Token

AddData

/endpoint/showScheduleEndPointImportJob4113

Show ScheduleEndPointImport Job




AddData

/endpoint/4112

Endpoint

AddData

/endpoint4111

Show Endpoint

AddData

/config/scheduleIpMappingJob2002

Configure-Tasks-IPMapping[schedule ipmapping job]

AddData

/endpoint/scheduleEndPointImport4110

ScheduleEndPointImport

AddData

/manageData/addUsersToProfile4132

Manage Data-Add Users toProfile

AddData

/manageData/4134

Enable AddData

AddData

/organization/advancedSearchAddUser4162

Organization-AdvancedSearch AddUser

AddData

/organization/createRule4146

Organization-Create Rule

AddData

/organization/pauseJob4159

Organization-Pause Job

AddData

/organization/deleteOrganizations4158

DeleteOrganizations

AddData

/organization/showCreationRules4157

Organization-Show CreationRules




AddData

/organization/addResourcegroupsToOrg4156

Organization-Add ResourceGroups toOrganization

AddData

/chainTransaction/update4109

ChainTransaction-Update

AddData

/peer/searchAJAX4203

Peer-Searchusing AJAX

AddData

/config/interruptJob2000

Configure-Tasks[interruptjob]

AddData

/config/pauseJob1998

Configure-Tasks[pausejob]

AddData

/peer/showEventsSummary4211

Peer-ShowEventsSummary

AddData

/peer/runPeerCreationRule4210

Run PeerCreation Rule

AddData

/peer/showPeerAccessResourcesList4209

Peer AccessResources List

AddData

/peer/listUsersNotInPeer4208

List Users NotIn Peer

AddData

/peer/searchPeerOwnerAJAX4207

Search PeerOwner usingAJAX

AddData

/peer/showBehavior4206

Peer-ShowBehavior




AddData

/peer/showBehaviorByActivity4205

Peer-ShowBehavior byActivity

AddData

/peer/create4204

Peer-Create

AddData

/config/resumeJob1999

Configure-Tasks[resumejob]

AddData

/organization/addResourcesToOrg4167

Add Resourcesto Organization

AddData

/chainTransaction/updateTranFlags4108

ChainTransaction-UpdateTransactionFlags

AddData

/config/showIpMappingJob2001

Configure-Tasks-IPMapping[showscreate ipmapping jobscreen]

AddData

/manageData/removeUsersFromProfile4131

Manage Data-Remove Usersfrom Profile

AddData

/manageData/showAddOwnerProfile4130

Manage Data-Show AddOwner Profile

AddData

/manageData/isResourceGroupIpDuplicate4129

Manage Data-Check ifResourceGroup Ip isDuplicate




AddData

/manageData/showAddUsersToProfileDialog4128

Manage Data-Show Dialogfor Add Usersto Profile

AddData

/config/cancelJob1996

Add Data-Tasks[canceljob]

AddData

/config/reRunJob1997

Add Data-Tasks[re-runjob]

AddData

/organization/showJobForCreationRules4165

Organization-Show Job forCreation Rules

AddData

/uf/addJobToUf3025

Configure-UniversalForwarder-Save/Updatejob of UF

AddData

/uf/showUFResourceGroupConfig3024

Configure-UniversalForwarder-ShowsResourceGroupConfiguration

AddData

/uf/listUFJobList3023

Configure-UniversalForwarder-Shows list ofjobs in UF

AddData

/application/addResourcesToApp4082

Application-Add Resourcesto App




AddData

/application/isNameDuplicate4083

Application-Check if Nameis Duplicate

AddData

/chainTransaction/getFilterCondition4095

ChainTransaction-Get FilterCondition

AddData

/chainTransaction/edit4104

ChainTransaction-Edit

AddData

/chainTransaction/create4103

ChainTransaction-Create

AddData

/chainTransaction/delete4102

ChainTransaction-Delete

AddData

/chainTransaction/getUpdatedToken4101

ChainTransaction-Get UpdatedToken

AddData

/chainTransaction/beforeInterceptor4100

ChainTransaction-BeforeInterceptor

AddData

/application/list4081

Application-List

AddData

/chainTransaction/updateTransactionAttributes4099

ChainTransaction-UpdateTransaction Attributes




AddData

/chainTransaction/show4097

ChainTransaction-Show

AddData

/chainTransaction/showUncorrelatedAccountsForTranaction

4096

ChainTransaction-ShowUncorrelatedAccounts forTransaction

AddData

/chainTransaction/save4094

ChainTransaction-Save

AddData

/application/showCreateAppDialog4084

Show CreateApp Dialog

AddData

/chainTransaction/4093

Show ChainTransaction

AddData

/chainTransaction/showCreateTransactionDialog4092

Show CreateTransactionDialog

AddData

/chainTransaction/showTransactionDetails4091

ShowTransactionDetails

AddData

/application/getUpdatedToken4090

Application-Get UpdatedToken

AddData

/chainTransaction/getUniqueTransactionsForResourceId

4098

ChainTransaction-Get UniqueTransactionsfor ResourceId




AddData

/application/removeResourcesFromApp4089

Application-RemoveResourcesFrom App

AddData

/resource/deleteLineFilter2047

Configure-Tasks-ActivityImport Config-Line Filter[shows deleteline filterscreen]

AddData

/resource/showLineFilters2045

Configure-Tasks-ActivityImport Config-Line Filter[shows createline filterscreen]

AddData

/application/update4080

Application-Update

AddData

/application/showAddResourcesDialog4079

Application-Show AddResourcesDialog

AddData

/application/edit4078

Application-Edit

AddData

/application/searchAJAX4077

Application-Search usingAJAX

AddData

/application/showAppDetails4076

ShowApplicationDetails




AddData

/application/listResourcesNotApplications4075

List ResourcesNotApplications

AddData

/application4074

EnableApplicationView

AddData

/config/showPrivacySettings2033

Configure-PrivacySettings

AddData

/resource/editLineFilter2046

Configure-Tasks-ActivityImport Config-Line Filter[shows edit linefilter screen]

AddData

/config/showExportAccessJob2034

Configure-Tasks-Export-AccessEntitlements

AddData

/resource/showAccessImportConfig2037

Configure-Tasks-Import-Access-Edit/SetupConfiguration

AddData

/config/scheduleExportAccessJob2038

Configure-Tasks-Export-AccessEntitlements[ScheduleAccessEntitlementsJob]




AddData

/resource/saveAccessCorrelationRules2039

Configure-Tasks-AccessImoprt Config-CorrelationRule[savesCorrelationrule]

AddData

/resource/editAccessCorrelationRules2040

Configure-Tasks-AccessImport Config-CorrelationRules[UpdateCorrelationRule]

AddData

/resource/saveAccessUserFilter2041

Configure-Tasks-AccessImport Config[save advancedsettings]

AddData

/resource/showEditAccessCorrelationRule2042

Configure-Tasks-AccessImport Config-CorrelationRule [showsedit accessimportcorrealtionrule]




AddData

/resource/deleteAccessCorrelationRule2043

Configure-Tasks-AccessImport Config-CorrelationRule[deleteaccess importcorrealtionrule]

AddData

/resource/createAccessCorrelationRule2044

Configure-Tasks-AccessImport Config-CorrelationRule [showscreate accessimportcorrealtionrule screen]

AddData

/resource/showResourceActivitiesConfig2036

Configure-Tasks-Import-Activities-Edit/SetupConfiguration

AddData

/application/4088

Application

AddData

/application/showResourcesforApp4087

Application-ShowResources forApp

AddData

/application/beforeInterceptor4086

Application-BeforeInterceptor




AddData

/config/scheduleSavedJob3770

Configuration-ScheduleSaved Job

AddData

/config/showOwnersList3769

Configuration-Show OwnersList

AddData

/metadata/show3247

Metadata-Show

AddData

/config/showDecryptDataDialog3174

Configure-Access Control[Showdecrypted/Unmask data]

AddData

/config/searchSavedJobAJAX3675

Configuration-Search SavedJob throughAJAX

AddData

/uf/registerUF3020

Configure-UniversalForwarder-Save/updateUF

AddData

/resource/editCorrelationRules2052

Configure-Tasks-ActivityImport Config-CorrelationRule [updateCorrelationRule]




AddData

/resource/saveActivityUserFilter2053

Configure-Tasks-ActivityImport Config-AdavncedSettings [saveadvancedsettings]

AddData

/config/showPolicyScannerJob3771

Configuration-Show PolicyScanner Job

AddData

/tpi/showScheduleTpiImportJob2056

Configure-Tasks-TPIImport[showstpi importscreen]

AddData

/config/saveRiskModel2059

Configure-RiskModeler[updatemodeler]

AddData

/config/showCreateNode2060

Configure-Clustering[ClusteringModification]

AddData

housekeepingJobs3013

Configure-Settings-HouseKeeping Jobs

AddData

smptpSettings3017

Configure-Settings-SMTPServer Settings

AddData

/uf/deleteUF3019

Configure-UniversalForwarder-Delete UF




AddData

/uf/showAddJobToUF3021

Configure-UniversalForwarder-Add/edit UFJob

AddData

/org/confirmAssignmentOfResourceToOrgHierarchy

3146

Dashboard-Organization-Confirm-AssignResource ToOrganizationHierarchy

AddData

/uf/removeUfJob3022

Configure-UniversalForwarder-Remove Jobfrom UF

AddData

/resource/showResourceConfig2057

Configure-Show ResourceConfiguration

AddData

/config/isduplicatenode3772

Configuration-Check if Nodeis Duplicate

AddData

/config/attachFile3773

Configuration-Attach File

AddData

/config/completeDeleteJob3774

Configuration-CompleteDelete Job

AddData

/application/save4085

Application-Save




AddData

/resource/showCorrelationRules2048

Configure-Tasks-ActivityImport Config-CorrelationRule [showscreateCorrelationRule screen]

AddData

/resource/showEditCorrelationRule2049

Configure-Tasks-ActivityImport Config-CorrelationRule [showseditCorrelationRule screen]

AddData

/resource/deleteActivityCorrelationRule2050

Configure-Tasks-ActivityImport Config-CorrelationRule [showsdeleteCorrelationRule]

AddData

/uf/index3864

Add Data-UniversalForwarder Job

AddData

/metadata/save3248

Metadata-Save

AddData

/metadata3249

Show Metadata

AddData

/metadata/create3250

Metadata-Create




AddData

/metadata/3251

Metadata

AddData

/uf/3869

UniversalForwarder

AddData

/uf/beforeInterceptor3868

UniversalForwarder-BeforeInterceptor

AddData

/uf/controlUf3867

ControlUniversalForwarder

AddData

/uf/togglePolicyscratch3866

UniversalForwarder-Toggle PolicyScratch

AddData

/uf/getUpdatedToken3865

UniversalForwarder-GetUpdated Token

AddData

/uf/showPolicies3863

UniversalForwarder-Show Policies

AddData

/metadata/index3246

Metadata-index

AddData

/uf/toggleJobStatus3862

UniversalForwarder-Toggle JobStatus

AddData

/uf3861

Add Data-UniversalForwarder




AddData

/tpi/showTpiExport3845

Show ThirdPartyIntelligenceExport

AddData

/organization/interruptJob4154

Organization-Interrupt Job

AddData

/organization/addUsersToOrg4153

Add Users toOrganization

AddData

/resource/saveCorrelationRules2051

Configure-Tasks-ActivityImport Config-CorrelationRule [saveCorrelationRule]

AddData

/organization/cancelJob4148

Organization-Cancel Job

AddData

/config/registerUser3665

Configuration-Register User

AddData

/config/showEmailTemplateNotificationSettings3666

Configuration-Show EmailTemplateNotificationSettings

AddData

/config/showAuditDetails3728

Configuration-Show AuditDetails

AddData

/config/rac3738

Configuration-Rac

AddData

/config/_setAdvancedSearchObject3736

Configuration-Set AdvancedSearch Object




AddData

/config/testNitroConnection3735

Configuration-Test NitroConnection

AddData

/config/downloadFiles3734

Configuration-Download Files

AddData

/config/showGroupOwnersList3733

Configuration-Show GroupOwners List

AddData

/config/saveSystemAction3664

Configuration-Save SystemAction

AddData

/config/getFieldsFromSQL3732

Configuration-Get FieldsFrom SQL

AddData

/config/continueWithEncryption3730

Configuration-Continue WithEncryption

AddData

/config/testSureViewConnection3729

Configuration-Test Sure ViewConnection

AddData

/config/getColumnNames3727

Configuration-Get ColumnNames

AddData

/config/beforeMaskingUnmasking3740

Configuration-BeforeMasking orUnmasking

AddData

/config/httpListnerAction3726

Configuration-HTTP ListnerAction




AddData

/config/saveEncryptionSetting3725

Configuration-SaveEncryptionSetting

AddData

/config/showManageLicense3724

Configuration-Show ManageLicense

AddData

/config/updateAssociatedAccountFlag3723

Configuration-UpdateAssociatedAccount Flag

AddData

/config/showNitroDevicesList3731

Configuration-Show NitroDevices List

AddData

/config/searchAJAXConnType3722

Configuration-Search usingAJAX byConnectionType

AddData

/config/isScheduleJobNameDuplicate3592

Configuration-Check ifScheduled JobName isDuplicate

AddData

/config/isDatasourceNameDuplicate3594

Configuration-Check ifDatasourceName isDupliacte

AddData

/config/showConfigureActivityrRiskLevels3602

ConfigureActivity RiskLevels




AddData

/config/getSpecificPolicyDetails3611

Configuration-Get SpecificPolicy Details

AddData

/config/isValidEmail3610

Configuration-Check if Emailis Valid

AddData

/config/getDatasourceAttributes3609

Configuration-GetDatasourceAttributes

AddData

/config/showIndexActivityTransactions3608

Configuration-Show IndexActivityTransactions

AddData

/config/scheduleHostnameLookupJob3607

Configuration-ScheduleHostnameLookup Job

AddData

/config/saveScreen3606

Configuration-Save Screen

AddData

/config/compareAuditXML3605

Configuration-Compare AuditXML

AddData

/config/showSelectUsers3593

vSelect Users

AddData

/config/generateKey3604

Configuration-Generate Key

AddData

/config/advancedSearch3601

Configuration-AdvanceSearch




AddData

/config/checkDataToMask3591

Configuration-Check Data forMasking

AddData

/config/showScheduleIndexingService3600

Configuration-ScheduleIndexingService

AddData

/config/getBoxToken3599

Configuration-Get Box Token

AddData

/config/deleteSavedJob3598

Configuration-Delete SavedJob

AddData

/config/showSelectResources3597

Configuration-SelectResources

AddData

/config/showCreateJsecUser3596

Configuration-Create JsecUser

AddData

/config/showDatasourceList3595

Configuration-Show List ofDatasources

AddData

/config/beforeKeyGeneration3603

Configuration-KeyGeneration

AddData

/config/saveWorkflow3721

Configuration-Save Workflow

AddData

/config/showSystemWorkflowDetails3720

Configuration-Show SystemWorkflowDetails




AddData

/config/getAvailablePrivateKeys3719

Configuration-Get AvailablePrivate Keys

AddData

/config/attachFileToCase3745

Configuration-Attach File ToCase

AddData

/config/saveStatus3744

Configuration-Save Status

AddData

/config/scheduleIndexActTrans3717

Configuration-Schedule Indexfor ActivityTranssaction

AddData

/config/showAuditXML3715

Configuration-Show AuditXML

AddData

/config/3667

ShowConfiguration

AddData

/config/testAwsConnection3678

Configuration-Test AWSConnection

AddData

/config/config3687

Add Data-ShowConfiguration

AddData

/config/schedulePolicyScanner3686

Configuration-SchedulePolicy Scanner

AddData

/config/removeSystemActions3747

Configuration-RemoveSystem Actions

AddData

/config/getDateFormats3685

Configuration-Get DateFormats




AddData

/config/beforeEncryptDecrypt3683

Configuration-BeforeEncryptionDecryption

AddData

/config/runSavedJob3682

Configuration-Run Saved Job

AddData

/config/checkLogTampering3681

Configuration-Check LogTampering

AddData

/config/beforeInterceptor3680

Configuration-BeforeInterceptor

AddData

/config/updateCaseOwner3679

Configuration-Update CaseOwner

AddData

/config/getJobGroups3677

Configuration-Get JobGroups

AddData

/config/encryptDecryptText3689

Configuration-Encryption andDecryptionText

AddData

/config/showImports1993

Configure-Tasks

AddData

/config/showSelectPeers3684

Configuration-Select Peers

AddData

/config/previewPeerRiskLevels3748

Configuration-Preview PeerRisk Levels




AddData

/config/scheduleGenerateCasesJob3749

Configuration-ScheduleGenerateCasesJ ob

AddData

/config/deleteCaseAttachment3750

Configuration-Delete CaseAttachment

AddData

/config/showHelp3718

Configuration-Show Help

AddData

/config/showDefaultConfig3739

Configuration-Show DefaultConfiguration

AddData

/config/listResourceGroupsForIndx3742

Configuration-List ResourceGroups forIndexing

AddData

/config/licenseSuccess3716

Configuration-License InstallSuccess

AddData

/config/showScheduleImportJob3755

Configuration-Show ScheduleImport Job

AddData

/config/emailTemplate3764

Configuration-EmailTemplate

AddData

/config/updateDecryptFlag3763

Configuration-UpdateDecryptionFlag




AddData

/config/checkForEncryptedDataBeforeMasking3762

Configuration-Check ForEncryptedData BeforeMasking

AddData

/config/checkSecDB3761

Configuration-Check SecDB

AddData

/config/analyzeLineFilters3760

Configuration-Analyze LineFilters

AddData

/config/isduplicatenodeurl3759

Configuration-Check if NodeUrl isDuplicate

AddData

/config/createSamlDetails3758

Configuration-Create SAMLDetails

AddData

/config/getBeforeMaskUnmaskData3757

Configuration-Get BeforeMaskingUnmasking ofData

AddData

/config/showImportConfig3756

Configuration-Show ImportConfiguration

AddData

/config/importDevicesFromNitro3754

Configuration-Import DevicesFrom Nitro

AddData

/config/showAddAction3743

Configuration-Show AddAction




AddData

/config/removeActions3753

Configuration-RemoveActions

AddData

/config/getRemoteDatasources3752

Configuration-Get RemoteDatasources

AddData

/config/showDesignScreen3751

Configuration-Show DesignScreen

AddData

/config/getEncryptionKeys3612

Configuration-Get Encryptionkeys

AddData

/config/searchJobAJAX3590

Configuration-Search Jobthrough AJAX

AddData

/config/updateHelpPref3767

Configuration-Update HelpPreferences

AddData

/config/showEncryptionJobDetails3568

Configuration-ShowEncryption JobDetails

AddData

/config/showForms3630

Configuration-Show Forms

AddData

/config/getJobId3629

Configuration-Get Job Id

AddData

/config/showGenerateCases3628

Configuration-GenerateCases




AddData

/config/showMetadataConfig3627

Configuration-Show MetadataConfiguration

AddData

/config/showLookupImportJob3626

Configuration-Show Job forLookup Import

AddData

/config/getDatasourceByType3625

Configuration-GetDatasources byType

AddData

/config/getJobFields3624

Configuration-Get Job Fields

AddData

/config/testCEFSyslogConnection3623

Configuration-Test SyslogConnection forCEF

AddData

/config/importJiraCase3631

Configuration-Import JIRACase

AddData

/config/afterInterceptor3622

Configuration-AfterInterceptor

AddData

/config/getJobStatusList3620

Configuration-Get List of JobStatus

AddData

/config/isValidConfiguartion3619

Configuration-Check ifConfigurationis Valid

AddData

/config/saveSamlDetails3618

Configuration-Save SAMLDetails




AddData

/config/showSystemAddAction3617

Configuration-Show SystemAdd Action

AddData

/config/saveMetdataConfig3616

Configuration-Save MetadataConfiguration

AddData

/config/isDirectoryValid3637

Configuration-Check ifDirectory isValid

AddData

/config/checkPrivacyMasterRole3638

Configuration-Check Role inPrivacy Master

AddData

/config/checkMaskingConfig3639

Configuration-Check MaskingConfiguration

AddData

/config/changeLineFilterOrder3621

Configuration-Change Orderof Line Filter

AddData

/config/uploadFile3653

Configuration-Upload File

AddData

/config/previewResourceRiskLevels3632

Configuration-Preview RiskLevels forResources

AddData

/config/scheduleLookupImport3635

Configuration-ScheduleLookup Import

AddData

/config/adminaccess3588

Configuration-ShowAdministrativeAccess




AddData

/config/showAllJobs1994

Configure-Tasks[showslist of all jobs]

AddData

/config/deleteJob1995

Configure-Tasks[deletejob]

AddData

/manageData/beforeInterceptor4135

Manage Data-BeforeInterceptor

AddData

/manageData/listAddUsersToProfile4144

Manage Data-List Add UsersTo Profile

AddData

/manageData4143

Manage Data

AddData



AddData

/manageData/afterInterceptor4141

Manage Data-AfterInterceptor

AddData

/config/scheduleMetadataImport3633

Configuration-ScheduleMetadataImport

AddData

/manageData/isResourceGroupNameDuplicate4140

Manage Data-Check ifResourceGroup Name isDuplicate




AddData

/manageData/searchProfilesAJAX4138

Manage Data-Search Profilesusing AJAX

AddData

/manageData/getUpdatedToken4137

Manage Data-Get UpdatedToken

AddData

/manageData/isNameDuplicate4136

Manage Data-Check if Nameis Duplicate

AddData

/config/savejsecUser3768

Configuration-Save Jsec User

AddData

/config/resetSystemWorkflow3766

Configuration-Reset SystemWorkflow

AddData

/peer/showUsersWithoutAccessForOutliers4226

Peer-ShowUsers WithoutAccess ForOutliers

AddData

/config/getPolicyMasterForSelectedType3765

Configuration-Get PolicyMaster ForSelected Type

AddData

/config/testDbConnection3636

Configuration-Test DBConnection

AddData



AddData

/config/saveAction3663

Configuration-Save Action




AddData

/config/controlNode3634

Configuration-Control Node

AddData

/config/saveSystemWorkflow3661

Configuration-Save SystemWorkflow

AddData

/config/getUpdatedToken3586

Configuration-Get UpdatedToken

AddData

/config/getDecryptedUserValues3585

Configuration-Get DecryptedValues forUsers

AddData

/config/setAudit3584

Configuration-Set Audit

AddData

/config/saveDownloadFiles3583

Configuration-SaveDownloadedFiles

AddData

/config/deleteData3582

Configuration-Delete Data

AddData

/config/checkDataToDecrypt3581

Configuration-Check Data toDecrypt

AddData

/config/previewUserRiskLevels3580

Configuration-Preview UserRisk Levels

AddData

/config/scheduleGenerateUserCasesJob3577

Configuration-ScheduleGenerate UserCases Job




AddData

/config/getSchedules3587

Configuration-Get Schedules

AddData

/config/showScheduleHostnameLookup3589

Configuration-ScheduleHostnameLookup

AddData

/config/getEncryptedUserValues3575

Configuration-Get Values forEncryptedUser

AddData

/config/uploadLicense3574

Configuration-Upload License

AddData

/config/showSavedJobs3573

Configuration-Show SavedJobs

AddData

/config/getFileName3572

Configuration-Get File Name

AddData

/config/testLdapConnection3571

Configuration-Test LDAPConnection

AddData

/config/updateIDPMetadata3662

Configuration-Update IDPMetadata

AddData

/config/showWorkflowDetails3569

Configuration-ShowWorkflowDetails

AddData

/config/showGenerateUserCases3570

Configuration-Show GenerateUser Cases




AddData

/config/downloadAttachment3576

Configuration-DownloadAttachment

AddData

/config/encryptData3578

Configuration-Encrypt Data

AddData

/config/activateKey3579

Configuration-Activate Key

AddData

/config/showGeoImportConfig3614

Configuration-ShowConfigurationforGeolocationImport

AddData

/config/getMetadataAsString3659

Configuration-Get Metadataas String

AddData

/config/deleteStatus3657

Configuration-Delete Status

AddData

/config/showMaskingJobDetails3613

Configuration-Show JobDetails forMasking

AddData

/config/jsecUsers3660

Configuration-Jsec Users

AddData

/config/isEmailTemplateNameDuplicate3656

Configuration-Check if EmailTemplateName isDuplicate

AddData

/config/testRemoteConnection3655

Configuration-Test RemoteConnection




AddData

/config/showRegisterUser3654

Configuration-View Registeruser

AddData

/config/scheduleIndxServiceJob3652

Configuration-ScheduleIndexingService Job

AddData

/config/saveNetworkClassificationImportConfig3651

Configuration-Save ImportConfigurationfor NetworkClassification

AddData

/config/deleteWorkFlowIns3650

Configuration-DeleteWorkflowLines

AddData

/config/showScheduleNetClassificationImportJob3640

Configuration-Show ScheduleImport Job forNetworkClassification

AddData

/config/previewActivityRiskLevels3642

Configuration-PreviewActivity RiskLevels

AddData

/config/userSearchAjax3648

Configuration-Search Userthrough AJAX

AddData

/config/isduplicatenodehttpurl3646

Configuration-Check if NodeHTTP-URL isDuplicate




AddData

/config/showMetaDataImportJob3645

Configuration-Show MetadataImport Job

AddData

/config/checkForEncryptedData3643

Configuration-Check forEncryptedData

AddData

/config/saveMaskingSetting3649

Configuration-Save Settingsfor Masking

AddData

/config/scheduleNetworkClassificationImport3641

Configuration-ScheduleImport Job forNetworkClassification

AddData

/config/showJobDetails3615

Configuration-Show JobDetails

Analytics

Category URL ID Descriptio

n

Analytics

/suspectActivities/loadPGOutliersAttrs3474

SuspectActivities-Load PGOutliersAttributes




n

Analytics

/suspectActivities/showUsersWithoutAccessByJobId3497

SuspectActivities-Show UsersWithoutAccess ByJob-Id

Analytics

/suspectActivities/showResourcesForBehaviorBasedOutliers

3473

SuspectActivities-ShowResourcesForBehaviorBasedOutliers

Analytics

/suspectActivities/showSuspect3472

SuspectActivities-ShowSuspect

Analytics

/suspectActivities/showConfigModes3469

SuspectActivities-Show ConfigModes

Analytics

/suspectActivities/showPolicyManagement3470

SuspectActivities-Show PolicyManagement

Analytics

/suspectActivities/showConfigureAccessOutlierJob3481

SuspectActivities-ShowConfigureAccessOutlier Job




n

Analytics

/suspectActivities/runPolicy3475

SuspectActivities-Run Policy

Analytics

/suspectActivities/showConfigureActivityOutlierJob3471

SuspectActivities-ShowConfigureActivityOutlier Job

Analytics

/suspectActivities/showMessageDetails3476

SuspectActivities-ShowMessageDetails

Analytics

/suspectActivities/beforeInterceptor3496

SuspectActivities-BeforeInterceptor

Analytics

/suspectActivities/saveChildPolicy3478

SuspectActivities-Save ChildPolicy

Analytics

/suspectActivities/isPolicyDuplicate3479

SuspectActivities-Check ifPolicy isDuplicate

Analytics

/suspectActivities/searchVariableOnGroupAJAX3402

SuspectActivities-SearchVariable onGroup AJAX




n

Analytics

/suspectActivities/showResourcesForActivityOuliers3480

SuspectActivities-ShowResourcesFor ActivityOuliers

Analytics

/suspectActivities/deletePolicyViolations3482

SuspectActivities-DeletePolicyViolations

Analytics

/suspectActivities/showAddChecksDialog3483

SuspectActivities-Show AddChecksDialog

Analytics

/suspectActivities/updateIncludeInAnalysisForActivityAttributes

3484

SuspectActivities-UpdateInclude InAnalysis ForActivityAttributes

Analytics

/suspectActivities/showWlList3498

SuspectActivities-Show WlList

Analytics

/suspectActivities/checkvaliddirective3485

SuspectActivities-Check ValidDirective




n

Analytics

/suspectActivities/showManageSuspectActivities3486

SuspectActivities-ShowManageSuspectActivities

Analytics

/suspectActivities/loadSuspectActivitiesQueueChart3477

SuspectActivities-LoadSuspectActivitiesQueueChart

Analytics

/suspectActivities/showFunctionConfig3499

SuspectActivities-ShowFunctionConfig

Analytics

/resource/showEntityDetailsForActivityOutliers4583

Showresourceentitydetails foractivityoutliers

Analytics

/suspectActivities/showRunPolicy1945

Detect-PolicyViolations[show runpolicyscreen]

Analytics

/suspectActivities/savePolicyCategory3487

SuspectActivities-Save PolicyCategory




n

Analytics

/suspectActivities/showEditHqlPolicy3504

SuspectActivities-Show EditHQL Policy

Analytics

/suspectActivities/addCustomCheck3505

SuspectActivities-Add CustomCheck

Analytics

/suspectActivities/showAddOwnerRemediator3401

SuspectActivities-Show AddOwnerRemediator

Analytics

/suspectActivities/resourceGroupBasedPolices4593

Displayresourcegroup basedpolices forsuspectactivities

Analytics

/resource/showEntitiesWithActivityByJobId4584

Showresourceentities withactivity byjob id

Analytics

/resource/showEntitiesWithoutActivityByJobId4582

Showresourceentities withactivity byjob id




n

Analytics

/activityIP/showEntitiesWithoutActivityByJobId4581

Showactivity ipentitieswithoutactivity byjob id

Analytics

/activityIP/showEntityDetailsForActivityOutliers4580

Showactivity ipentitydetails foractivityoutliers

Analytics

/activityIP/showEntitiesWithActivityByJobId4579

Showactivity ipentities withactivity byjob id

Analytics

/suspectActivities/searchPolicyJobAJAX3400

SuspectActivities-SearchPolicy JobthroughAJAX

Analytics

/suspectActivities/getAllColumns4572

Show allcolummnsfor Suspectactivities

Analytics

/suspectActivities/showAccessOutlierJobs1933

Analytics-AccessOutliersJobs




n

Analytics

/suspectActivities/showResourcesForAccessOuliers1935

Detect-AccessOutliers[showsresourcesfor accessoutliers]

Analytics

/suspectActivities/scheduleAnomalyDetectionJob1936

Detect-AccessOutliers-ScheduleAccessOutliers Job[showscreateaccessoutlier jobscreen]

Analytics

/suspectActivities/runAccessOutlierJob1937

Detect-AccessOutliers-ScheduleAccessOutliers Job[scheduleaccessoultier job]




n

Analytics

/suspectActivities/detectSuspect1938

Detect-ActivityOutliers-ScheduleActivityOutliers Job[showscreateactivityoutlier jobscreen]

Analytics

/suspectActivities/runActivityOutlierJob1939

Detect-ActivityOutliers-ScheduleActivityOutliers Job[scheduleactivityoutlier job]

Analytics

/suspectActivities/showSavedPolicies1940

Detect-PolicyViolations[shows listpolicies]

Analytics

/suspectActivities/showCreatePolicy1941

Detect-PolicyViolations-CreatePolicy[showscreatepolicyscreen]




n

Analytics

/suspectActivities/showCreateHQLPolicy1942

Detect-PolicyViolations-CreatePolicy WithDirect HQL[showscreatepolicyDirect HQLscreen]

Analytics

/suspectActivities/savePolicy1943

Detect-PolicyViolations[save valuesfor policyrecievedfrom createpolicyscreen]

Analytics

/suspectActivities/showEditPolicy1944

Detect-PolicyViolations[shows editpolicyscreen]

Analytics

/suspectActivities/showCasesPanel1946

Respond-Incidents-Assigned ToMe/Assigned To Group[showscassesassigned]




n

Analytics

/suspectActivities/showPeerGroupBasedJobWizard3488

SuspectActivities-Show PeerGroupBased JobWizard

Analytics

/analytics/showTrasactionLevels3206

Analytics-ShowTrasactionLevels

Analytics

/suspectActivities/showEditCompositePolicy3490

SuspectActivities-Show EditCompositePolicy

Analytics

/analytics/saveBehDefaultConfig3186

Analytics-SaveBehaviorDefaultConfiguration

Analytics

/analytics/showUserDetails3185

Analytics-Show UserDetails

Analytics

/analytics/listUsers3184

Analytics-Show Users

Analytics

/analytics/showConfig3183

Analytics-ShowConfiguration




n

Analytics

/analytics/showBehaviorProfileConfig3182

Analytics-ShowBehaviorProfileConfiguration

Analytics

/analytics/searchActivtyTrasactionAJAX3181

Analytics-SearchActivityTransaction

Analytics

/reviews/showReviews3164

Respond-ActivityReview-[Shows Listof ActivityReview Jobswith filters]

Analytics

/analytics/listUsersWithProfiles3200

Analytics-List allUsers withProfiles

Analytics

/analytics/getResources3201

Analytics-GetResources

Analytics

/analytics/showDashboard3202

Analytics-ShowDashboard

Analytics

/suspectActivities/saveAccessOutliers3369

SuspectActivities-Save AccessOutliers




n

Analytics

/certifications/showAccessReviewJobs3218

Certifications-ShowAccessReview Jobs

Analytics

/analytics/scheduleBehaviorProfileJob3207

Analytics-ScheduleBehaviorProfile Job

Analytics

/analytics/showUserSuspect3208

Analytics-Show UserSuspectAnalysis

Analytics

/analytics/behaviorProfileJobs3209

Analytics-ShowBehaviorProfile Jobs

Analytics

/analytics/selectedUsers3210

Analytics-ShowSelectedUsers

Analytics

/analytics/showAccountSelectionDialog3211

Analytics-ShowAccountSelectionDialog

Analytics

/analytics/showJobStatus3212

Analytics-Show JobStatus

Analytics

/analytics/3213

Analytics




n

Analytics

/analytics/updateIncludeInAnalysisForActivityAttributes

3214

Analytics-UpdateInclude InAnalysis ForActivityAttributes

Analytics

/analytics/manageProfiles3215

Analytics-ManageProfiles

Analytics

/analytics/showManageSuspectActivities3216

Analytics-Show andManageSuspectActivities

Analytics

/suspectActivities/showManageUserBehavior3503

SuspectActivities-ShowManageUserBehavior

Analytics

/suspectActivities/reloadAutoComplete3368

SuspectActivities-Reload AutoComplete

Analytics

/suspectActivities/showMultiEditPolicy3367

SuspectActivities-Show MultiEdit Policy




n

Analytics

/suspectActivities/showUserDetailsForActivityOutliers

3366

SuspectActivities-Show UserDetails ForActivityOutliers

Analytics

/suspectActivities/showLevelChecks3491

SuspectActivities-Show LevelChecks

Analytics

/suspectActivities/searchVariableAJAX3492

SuspectActivities-SearchVariablethroughAJAX

Analytics

/suspectActivities/showUserRiskDetails3493

SuspectActivities-Show UserRisk Details

Analytics

/suspectActivities/showUserSuspect3494

SuspectActivities-Show UserSuspect

Analytics

/suspectActivities/saveTier2Policy3495

SuspectActivities-SaveTier2Policy




n

Analytics

/suspectActivities/saveOutlierPoliciesAsDefaultPolicyTemplate

3457

SuspectActivities-SaveOutlierPolicies AsDefaultPolicyTemplate

Analytics

/suspectActivities/showVariableSelection3375

SuspectActivities-ShowVariableSelection

Analytics

/suspectActivities/getSysData3371

SuspectActivities-Get SystemData

Analytics

/monitor/showAccessReviewJobs3046

Detect-AccessReviews

Analytics

/analytics3199

EnableAnalyticsView

Analytics

/analytics/getBehaviorNames3198

Analytics-GetBehaviorNames

Analytics

/analytics/getUpdatedToken3197

Analytics-GetUpdatedToken




n

Analytics

/analytics/showResourceProfileAndWindows3196

Analytics-ShowResourceProfile andWindows

Analytics

/analytics/saveBPConfig3194

Analytics-SaveBehaviorProfileConfig

Analytics

/analytics/showActivityAttributes3193

Analytics-ShowActivityAttributes

Analytics

/analytics/updateIncludeInAnalysisForTransactionLevels

3192

Analytics-UpdateInclude inAnalysis ForTransactionLevels

Analytics

/analytics/beforeInterceptor3191

Analytics-Call BeforeInterceptor

Analytics

/analytics/getDateTime3190

Analytics-Get Dateand Time

Analytics

/analytics/showAddUsersDialog3189

Analytics-Show AddUser Dialog

Analytics

/analytics/showAnalytics3188

Analytics-ShowAnalytics




n

Analytics

/analytics/showManageUserBehavior3187

Analytics-ShowManageUserBehavior

Analytics

/suspectActivities/searchAttributeValue3364

SuspectActivities-SearchAttributeValue

Analytics

/suspectActivities/getPolicyFunctions3365

SuspectActivities-Get AllPolicyFunctions

Analytics

/suspectActivities/saveCompositePolicy3489

SuspectActivities-SaveCompositePolicy

Analytics

/suspectActivities/saveThreatIndicator3502

SuspectActivities-Save ThreatIndicator

Analytics

/suspectActivities/detectAnomalies3405

SuspectActivities-DetectAnomalies

Analytics

/suspectActivities/showSuspectEvents3500

SuspectActivities-ShowSuspectEvents




n

Analytics

/suspectActivities/showSuspectChecks3393

SuspectActivities-ShowSuspectChecksActivities

Analytics

/suspectActivities/saveSuspectPolicy3372

SuspectActivities-SaveSuspectPolicy

Analytics

/suspectActivities/listUsers3394

SuspectActivities-List allUsers

Analytics

/suspectActivities/createCompositePolicy3395

SuspectActivities-CreateCompositePolicy

Analytics

/monitor/showBehaviorProfileJobs1949

Detect-Behavior

Analytics

/suspectActivities/getEntitiesList3397

SuspectActivities-Get EntitiesList

Analytics

/suspectActivities/getUpdatedToken3398

SuspectActivities-GetUpdatedToken




n

Analytics

/monitor/showPolicyManagement1950

Detect-PolicyViolations

Analytics

/suspectActivities/showAccessOutliers1934

Detect-AccessOutliers[showsaccessoutliers]

Analytics

/monitor/showActivityOutlierJobs1948

Detect-ActivityOutliers

Analytics

/suspectActivities/showDirectiveDetails3392

SuspectActivities-ShowDirectiveDetails

Analytics

/suspectActivities/savePgBasedOutlierPolicy3466

SuspectActivities-Save Pg-BasedOutlierPolicy

Analytics

/suspectActivities/showUserDetailsForAccessOutliers

3413

SuspectActivities-Show UserDetails ForAccessOutliers

Analytics

/suspectActivities/updatePolicies3412

SuspectActivities-UpdatePolicies




n

Analytics

/suspectActivities/showAllPolicyJobs3411

SuspectActivities-Show AllPolicy Jobs

Analytics

/suspectActivities/updatePolicyAttributes3410

SuspectActivities-UpdatePolicyAttributes

Analytics

/suspectActivities/showAssignToUsers3447

SuspectActivities-Show Assignto Users

Analytics

/suspectActivities/searchPoliciesAJAX3448

SuspectActivities-SearchPoliciesAJAX

Analytics

/suspectActivities/showSuspectPoliciesList3449

SuspectActivities-ShowSuspectPolicies List

Analytics

/suspectActivities/chkForSqlClauses3450

SuspectActivities-Check ForSQL Clauses

Analytics

/suspectActivities/showSuspectExclusionRules3451

SuspectActivities-ShowSuspectExclusionRules




n

Analytics

/suspectActivities/getNonCompositePolicies3452

SuspectActivities-Get NonCompositePolicies

Analytics

/suspectActivities/displayAllAttributeValues3414

SuspectActivities-Display AllAttributeValues

Analytics

/suspectActivities/saveThreatIndicatorGeneric3453

SuspectActivities-Save ThreatIndicatorGeneric

Analytics

/suspectActivities/showDatasourceList3391

SuspectActivities-ShowDatasourcesList

Analytics

/suspectActivities/saveWatchList3389

SuspectActivities-Save WatchList

Analytics

/analytics/loadSearchBar3205

Analytics-LoadAnalyticsSearch Bar




n

Analytics

/suspectActivities/saveSCBasedOutlierPolicy3373

SuspectActivities-Save SCBasedOutlierPolicy

Analytics

/reviews/showActivityReviewWizard1956

Respond-ActivityReviews[shows listof activityreviewtable]

Analytics

/reviews/activityReviewsList1955

Respond-ActivityReviews[shows listof activityreview]

Analytics

/analytics/generateProfiles1952

Detect-Behavior-ScheduleBehaviorProfile Job[showsschedulebehaviorprofilescreen]

Analytics

/analytics/showJobsForBehaviorProfiles1951

Detect-Behavior[shows listof behaviorjob]




n

Analytics

/incidents/showCaseManagement1953

Respond-Incidents

Analytics

/suspectActivities/showActivityOutliersJobs3396

SuspectActivities-ShowActivityOutliersJobs

Analytics

/reviews/createActivityReview1957

Respond-ActivityReviews[showscreateactivityreviewscreen]

Analytics

/suspectActivities/getDateTime3387

SuspectActivities-Get Dateand Time

Analytics

/suspectActivities/assignToUserList3390

SuspectActivities-Assign toUsers List

Analytics

/suspectActivities/saveQuickAlertPolicy3376

SuspectActivities-Save QuickAlert Policy

Analytics

/suspectActivities/listUsersForOwnerRemediator3378

SuspectActivities-List UsersFor OwnerRemediator




n

Analytics

/suspectActivities/showPreviewPolicyResults3379

SuspectActivities-ShowPreviewPolicyResults

Analytics

/suspectActivities/showEditTier2Policy3380

SuspectActivities-Show EditTier 2Policy

Analytics

/suspectActivities/showSuspectCheckDetails3381

SuspectActivities-ShowSuspectCheckDetails

Analytics

/suspectActivities/showBehaviorBasedOutliersJobStatus

3382

SuspectActivities-ShowBehaviorBasedOutliers JobStatus

Analytics

/suspectActivities/saveRiskTypeGeneric3383

SuspectActivities-Save RiskTypeGenericActivities




n

Analytics

/suspectActivities/getChildPolicies3385

SuspectActivities-Get Policieson ChildNodes

Analytics

/suspectActivities/showUsersWithoutActivityByJobId

3386

SuspectActivities-Show UsersWithoutActivity ByJobId

Analytics

/suspectActivities/getSolrObjectattrsForPolicy3388

SuspectActivities-Get SolrObjectAttributesFor Policy

Analytics

/suspectActivities/saveDirectiveDetails3399

SuspectActivities-SaveDirectiveDetails

Analytics

/suspectActivities/showAddThreatIndicator3377

SuspectActivities-Show AddThreatIndicator

Analytics

/suspectActivities/getWatchlistEntitiesList3454

SuspectActivities-GetWatchlistEntities List




n

Analytics

/suspectActivities/showActivityOutlierDetailsForUserByJobId

3455

SuspectActivities-ShowActivityOutlierDetails ForUser ByJob-Id

Analytics

/suspectActivities/showEditQuickAlertPolicy3456

SuspectActivities-Show EditQuick AlertPolicy

Analytics

/suspectActivities/showDashboard3429

SuspectActivities-ShowDashboard

Analytics

/suspectActivities/showActivityOutliers3430

SuspectActivities-ShowActivityOutliers

Analytics

/suspectActivities/saveAsDefaultPolicyTemplate3431

SuspectActivities-Save AsDefaultPolicyTemplate

Analytics

/suspectActivities/addChecksFromLevel3433

SuspectActivities-Add ChecksFrom Level




n

Analytics

/suspectActivities/getDeviationFieldsForPolicy3417

SuspectActivities-GetDeviationFields ForPolicy

Analytics

/suspectActivities/showActivityOutliersJobStatus3434

SuspectActivities-ShowActivityOutliersJob-Status

Analytics

/suspectActivities/getColumns3435

SuspectActivities-GetColumns

Analytics

/suspectActivities/updateCase3436

SuspectActivities-Update Case

Analytics

/suspectActivities/showAccessOutliersJobStatus3437

SuspectActivities-ShowAccessOutliersJob-Status

Analytics

/suspectActivities/showOutputFieldMapping3438

SuspectActivities-ShowOutputFieldMapping




n

Analytics

/suspectActivities/showAddRiskType3428

SuspectActivities-Show AddRisk Type

Analytics

/suspectActivities/advancedSearchAddUser3439

SuspectActivities-AdvancedSearch AddUser

Analytics

/suspectActivities/showEditChildPolicy3441

SuspectActivities-Show EditChild Policy

Analytics

/suspectActivities/saveCaseCustomValues3442

SuspectActivities-Save CaseCustomValues

Analytics

/suspectActivities/assignToUser3418

SuspectActivities-Assign toUser

Analytics

/suspectActivities3443

SuspectActivities

Analytics

/suspectActivities/showUsersWithAccessByJobId3444

SuspectActivities-Show UsersWith AccessBy Job-Id

Analytics

/suspectActivities/getResources3445

SuspectActivities-GetResources




n

Analytics

/suspectActivities/saveActivityOutliers3465

SuspectActivities-SaveActivityOutliers

Analytics

/suspectActivities/showPolicyJobStatus3467

SuspectActivities-Show PolicyJob-Status

Analytics

/monitor/showAccessOutlierJobs1947

Detect-AccessOutliers

Analytics

/suspectActivities/showOutlierDetailsForUserByJobId

3468

SuspectActivities-ShowOutlierDetails ForUser ByJob-Id

Analytics

/suspectActivities/saveAccessOutlierConfig3440

SuspectActivities-Save AccessOutlierConfig

Analytics

/suspectActivities/deletePolicy3427

SuspectActivities-DeletePolicy

Analytics

/suspectActivities/showAddUsersDialog3426

SuspectActivities-Show AddUsersDialog




n

Analytics

/suspectActivities/showPolicyJobDetails3425

SuspectActivities-Show PolicyJob Details

Analytics

/suspectActivities/showGraph3409

SuspectActivities-Show Graph

Analytics

/suspectActivities/showSuspectChecksBasedJobWizard

3458

SuspectActivities-ShowSuspectChecksBased JobWizard

Analytics

/suspectActivities/showQuickAlertPolicy3459

SuspectActivities-Show QuickAlert Policy

Analytics

/suspectActivities/showUsersWithActivityByJobId3408

SuspectActivities-Show UsersWithActivity ByJobId

Analytics

/suspectActivities/showClosedCaseDetails3407

SuspectActivities-ShowClosed CaseDetails




n

Analytics

/suspectActivities/showActivityOutliersByJob3406

SuspectActivities-ShowActivityOutliers ByJob

Analytics

/suspectActivities/getResourceAttributes3460

SuspectActivities-GetResourceAttributes

Analytics

/suspectActivities/getFunctionParams3461

SuspectActivities-GetFunctionParams

Analytics

/suspectActivities/selectedUsers3462

SuspectActivities-SelectedUsers

Analytics

/suspectActivities/getSubTreeItems3404

SuspectActivities-Get SubTree Items

Analytics

/suspectActivities/previewPolicyResults3403

SuspectActivities-PreviewPolicyResults

Analytics

/suspectActivities/saveHQLPolicy3463

SuspectActivities-Save HQLPolicy




n

Analytics

/suspectActivities/updateTaskStatus3464

SuspectActivities-Update TaskStatus

Analytics

/suspectActivities/searchPolicyJob3415

SuspectActivities-SearchPolicy Job

Analytics

/suspectActivities/showAllJobsForPolicy3416

SuspectActivities-Show AllJobs ForPolicy

Analytics

/suspectActivities/showCreateTier2Policy3446

SuspectActivities-ShowCreate Tier2 Policy

Analytics

/suspectActivities/showBehaviorBasedOutliers3432

SuspectActivities-ShowBehaviorBasedOutliers

Analytics

/suspectActivities/showAllJobsOfPolicy3422

SuspectActivities-Show AllJobs ofPolicy




n

Analytics

/suspectActivities/showConfig3421

SuspectActivities-ShowConfiguration

Analytics

/suspectActivities/3423

ShowSuspectActivities

Analytics

/suspectActivities/getSuspectChecksList3420

SuspectActivities-Get SuspectChecks List

Analytics

/suspectActivities/saveActivityOutlierConfig3419

SuspectActivities-SaveActivityOutlierConfiguration

Analytics

/suspectActivities/showAccessOutliersByJob3424

SuspectActivities-ShowAccessOutliers ByJob

Analytics

/suspectActivities/createCompositeChildPolicy3501

SuspectActivities-CreateCompositeChild Policy




n

Analytics

/suspectActivities/removeChecksFromLevel3384

SuspectActivities-RemoveChecksFrom Level

Analytics

/analytics/reloadAutoComplete3203

Analytics-Reload AutoComplete

Analytics

/monitor/beforeInterceptor3252

Monitor-BeforeInterceptor

Analytics

/activityIP/list4063

Activity IP-Show List

Analytics

/activityIP/showBehaviorActivityDetails4064

Activity IP-ShowBehaviorActivityDetails

Analytics

/activityIP/showBehavior4065

Activity IP-ShowBehavior

Analytics

/activityIP/saveActivityOutlierPolicy4066

Activity IP-SaveActivityOutlierPolicy

Analytics

/activityIP/showActivityOutlierDetailsForActivityIPByJobId

4067

Activity IP-ShowActivityOutlierDetails ForActivity IPBy Job-Id




n

Analytics

/activityIP/4068

ShowActivity IP

Analytics

/activityIP/showActivityOutliers4062

Activity IP-ShowActivityOutliers

Analytics

/activityIP/getActivityIPList4070

Activity IP-Get ActivityIP List

Analytics

/activityIP/showActivityOutliersByJob4072

Activity IP-ShowActivityOutliers ByJob

Analytics

/suspectActivities/showOpenCaseDetails3370

SuspectActivities-Show OpenCase Details

Analytics

/activityIP/showResourcesForActivityOuliers4055

Activity IP-ShowResourcesFor ActivityOuliers

Analytics

/activityIP/showResourceBehaviorSummary4058

Activity IP-ShowResourceBehaviorSummary

Analytics

/suspectActivities/getOjectAttributesForPolicy3374

SuspectActivities-Get ObjectAttributesFor Policy




n

Analytics

/analytics/isScheduleJobNameDuplicate3204

Analytics-Check forDuplicateScheduleNames

Analytics

/activityIP/showActivityOutliersJobStatus4071

Activity IP-ShowActivityOutliersJob-Status

Analytics

/activityIP/listActivityIPClassifications4061

Activity IP-List ofActivity IPClassifications

Analytics

/activityIP4073

EnableActivity IPView

Analytics

/activityIP/showBehaviorConfig4059

Activity IP-ShowBehaviorConfiguration

Analytics

/activityIP/searchAJAX4060

Activity IP-SearchthroughAJAX

Analytics

/monitor3254

EnableAnalytics

Analytics

/monitor/3255

Monitor




n

Analytics

/reviews/beforeInterceptor3345

Reviews-BeforeInterceptor

Analytics

/reviews3346

Analytics-Reviews

Analytics

/reviews/getUpdatedToken3347

Reviews-GetUpdatedToken

Analytics

/reviews/showActivityReviews3348

Reviews-ShowActivityReviews

Analytics

/monitor/afterInterceptor3253

Monitor-AfterInterceptor

Analytics

/reviews/3350

Reviews

Analytics

/riskModeler/showRiskModeler3079

Configure-ThreatModel-ShowThreatModel List

Analytics

/reviews/showDashboard3349

Reviews-showDashboard

Analytics

/analytics/advancedSearchAddUser3195

Analytics-AdvanceUser AddSearch




n

Analytics

/activityIP/saveActivityOutliers4069

Activity IP-SaveActivityOutliers

Analytics

/activityIP/showUserDetailsForActivityOutliers4054

Activity IP-Show UserDetails ForActivityOutliers

Analytics

/activityIP/showActivityOutliersJobWizard4056

Activity IP-ShowActivityOutliers JobWizard

Analytics

/activityIP/getUpdatedToken4057

Activity IP-GetUpdatedToken



Application Statistics

ApplicationStatistics

/stats/terminateQuery 3841Application Statistics-TerminateQuery


/stats/applicationStatistics 3840 Show Application Statistics


/stats 3843 Application Statistics


/stats/ 3842 Show Statistics View

Configure

Configure

/settings/addHolidays3829

Settings-AddHolidays

Configure

/clustering3564

Enable ClusteringView

Configure

/settings/uninstallLicense3827

Settings-UninstallLicense

Configure

/settings/installLicense3833

Settings-InstallLicense

Configure

/settings/showHouseKeeping3832

Settings-ShowHouseKeeping

Configure

/settings/holidays3835

Settings-Holidays

Configure

/settings/showSyslogSettings3831

Settings-ShowSyslog Settings

Configure

/settings/saveSafeDomains3830

Settings-SaveSafe Domains

Configure

/settings/showAddHolidaysDialog3828

Settings-AddHolidays Dialog



Configure

/connectionType/editConnector3787

Connection Type-Edit Connector

Configure

/settings/showModuleList1965

Configure-Logging-Modules[shows list ofmodules]

Configure

/config/showCreateWorkflow3658

Configuration-Show CreateWorkflow

Configure

/connectionType/deleteClientSecret3782

Connection Type-Delete ClientSecret

Configure

/connectionType/testSplunkConnection3788

Connection Type-Test SplunkConnection

Configure

/connectionType/showConnectionProperties3786

Connection Type-Show ConnectionProperties

Configure

/connectionType3785

ConfigureConnection Type

Configure

/connectionType/uploadSecret3784

Connection Type-Upload Secret

Configure

/connectionType/displayConnectors3783

Connection Type-DisplayConnectors

Configure

/settings/showHouseKeepingJobs3836

Settings-ShowHouseKeepingJobs

Configure

/settings/removeHolidaysFromYear3809

Settings-RemoveHolidays FromYear

Configure

/settings/3837

Enable SettingsView



Configure

/settings/syslogConf3822

Settings-SyslogConfiguration

Configure

/settings/saveUserPreferencesOfMenus3839

Settings-SaveUser PreferencesOf Menus

Configure

/settings/saveArchiveSettings3817

Settings-SaveArchive Settings

Configure

/settings/showLdapAuthenSettings3823

Settings-ShowLDAPAuthenticationSettings

Configure

/connectionType/index3781

Show ConnectionType

Configure

/settings/index3821

Display Settings

Configure

/settings/saveLdapAuthenSettings3820

Settings-SaveLDAPAuthenticationSettings

Configure

/settings/scheduleHouseKeepingJob3819

Settings-ScheduleHouseKeepingJob

Configure

/settings/showEncryptDecryptText3818

Settings-ShowEncryptionDecryption Text

Configure

/settings/saveproductdescription3816

Settings-SaveProductDescription

Configure

/settings/saveSyslogProperties3825

Settings-SaveSyslog Properties

Configure

/settings/controlSyslog3838

Settings-ControlSyslog



Configure

/settings/beforeInterceptor3815

Settings-BeforeInterceptor

Configure

/settings/getUpdatedToken3813

Settings-GetUpdated Token

Configure

/settings/saveDNSServers3812

Settings-SaveDNS Servers

Configure

/settings/showArchival3811

Settings-ShowArchival Settings

Configure

/settings/showLicDetails3810

Settings-ShowInstalled LicenseDetails

Configure

/settings/deleteSmtp3824

Settings-DeleteSMTP

Configure

/settings/removeYearFromHolidaySettings3826

Settings-RemoveYear FromHoliday Settings

Configure

/settings/testSmtpServer3808

Settings-TestSMTP Server

Configure

/settings3834

Show Settings

Configure

/settings/saveSystemConfiguration1963

Configure-System[saves systemconfiguration]

Configure

/settings/saveAppSettings3814

Settings-SaveApplicationSettings

Configure

/connectionType/3790

Connection Type

Configure

/email/queuedMailsList3797

Email Template-Queued MailsList



Configure

/connectionType/getOauthTokens3779

Connection Type-Get OauthTokens

Configure

/certifications3230

Certifications

Configure

/connectionType/authenticateApi4594

Allow apiauthentication forconnection types

Configure

/certifications/getResourcesForCertification3217

Certifications-Get ResourcesFor Certification

Configure

/certifications/saveManualCertOutliers3219

Certifications-Save Manual CertOutliers

Configure

/certifications/runCertificationJob3220

Certifications-Run CertificationJob

Configure

/certifications/scheduleCertificationJob3221

Certifications-ScheduleCertification Job

Configure

/certifications/showCertJobStatus3222

Certifications-ShowCertifications JobStatus

Configure

/certifications/showManualCertUsersByJob3223

Certifications-Show ManualCertificationUsers By Job

Configure

/certifications/showResourcesForManualCert3224

Certifications-Show ResourcesFor ManualCertifications

Configure

/settings/testWS4596

Settings-Testwebsocket



Configure

/certifications/3225

EnableCertificationsView

Configure

/certifications/showCertConfiguration3227

Certifications-ShowCertificationsConfiguration

Configure

/certifications/getUpdatedToken3228

Certifications-Get UpdatedToken

Configure

/certifications/showManualCertByJob3229

Certifications-Show ManualCertifications ByJob

Configure

/config/showConfigureRiskLevels1967

Configure-Criticality

Configure

/connectionType/getGeneratedTokens4595

Allow tokengeneration forconnection types

Configure

/resource/getXMLDataController4559

Show XML datafor resourcegroup

Configure

/clustering/3567

Clustering

Configure

/clustering/autoUpdate3566

Clustering-AutoUpdate

Configure

/clustering/isNodeUpByPolicy3565

Clustering-Checkby Policy of theNode is Up

Configure

/certifications/saveCertConfig3226

Certifications-SaveCertificationsConfig



Configure

/connectionType/checkDBConnection3780

Connection Type-Check DatabaseConnection

Configure

/email/getUpdatedToken3801

Email Template-Get UpdatedToken

Configure

/email/showEmailTemplateVariables3793

Email Template-Show EmailTemplateVariables

Configure

/connectionType/generateOauthCode3778

Connection Type-Generate OauthCode

Configure

/connectionType/getSplunkSavedSearches3777

Connection Type-Get SavedSearches fromSplunk

Configure

/config/showWorkflowList3737

Configuration-ShowWorkflowList

Configure

/connectionType/beforeInterceptor3776

Connection Type-BeforeInterceptor

Configure

/connectionType/getUpdatedToken3791

Connection Type-Get UpdatedToken

Configure

/settings/showEncryptionMasking3807

Settings-ShowEncryptionMasking Settings

Configure

/email/showEmailTemplatesList1972

Configure-EmailTemplates[showslist of emailtemplates]



Configure

/settings/showWeekEndDialog3806

Settings-ShowWeek EndSettings Dialog

Configure

/settings/updateHolidayList3805

Settings-UpdateHoliday List

Configure

/settings/showSystemConfiguration1962

Configure-System

Configure

/email3804

Configure EmailTemplate

Configure

/email/index3803

Show EmailTemplate

Configure

/email/updateEmailQueue3802

Email Template-Update EmailQueue

Configure

/email/beforeInterceptor3800

Email Template-BeforeInterceptor

Configure

/connectionType/filterConnections3792

Connection Type-FilterConnections

Configure

/email/deleteEmails3799

Email Template-Delete Emails

Configure

/email/3798

Enable Email

Configure

/clustering/manualSync3563

Clustering-SyncNodes Manually

Configure

/email/editEmailTemplate3795

Email Template-Edit EmailTemplate

Configure

/email/fetchMailBody3794

Email Template-Fetch Mail Body



Configure

/config/showThreatLibrary3709

Configuration-Show ThreatLibrary

Configure

/clustering/beforeInterceptor3557

Clustering-BeforeInterceptor

Configure

/connectionType/regConnector3789

Connection Type-RegisterConnector

Configure

/accessControl/showEditUser1984

Configure-AccessControl[show edituser screen]

Configure

/clustering/isNodeUpOnly3540

Clustering-OnlyCheck if theNode is Up

Configure

/clustering/showEditNode3560

Clustering-ShowEdit Node

Configure

/clustering/syncDatasource3559

Clustering-SyncDatasources

Configure

/clustering/authnticatenode3558

Clustering-AuthenticateNode

Configure

/connectionType/getPolicyOutputConnections

3775

Connection Type-Get PolicyOutputConnections

Configure

/clustering/forceHealthCheck3556

Clustering-ForceHealth Check

Configure

/clustering/showNodesWithStatus3555

Clustering-ShowAll Nodes withStatus

Configure

/clustering/getNodeThreadConfig3554

Clustering-GetConfiguration ofNode Thread



Configure

/clustering/mergeDeleteNodeData3553

Clustering-MergeData fromDeleted Node

Configure

/clustering/removeResourcesFromNode3539

Clustering-Remove SelectedResources fromthe Node

Configure

/clustering/getUpdatedToken3552

Clustering-GetUpdated Token

Configure

/clustering/showDatasourcesForNode3550

Clustering-ShowList ofDatasources forNode

Configure

/clustering/showResourcesForNode3549

Clustering-ShowList of Resourcesfor Node

Configure

/clustering/deleteNode3548

Clustering-DeleteNode

Configure

/clustering/showCreateNode3547

Clustering-CreateNode

Configure

/clustering/isNodeUpByRg3546

Clustering-Checkby ResourceGroup if theNode Status if Up

Configure

/accessControl/showUsersOfRole3527

Access Control-Show Users forDifferent Roles

Configure

/clustering/clusterNodeList3545

Clustering-ViewCluster NodesList

Configure

/clustering/toggleClustering3544

Clustering-ToggleClustering On orOff



Configure

/clustering/showClusterNodeDetails3543

Clustering-ShowCluster NodeDetails

Configure

/clustering/showAddResourcesToNodeDialog3551

Clustering-Dialogfor AddResources toNode

Configure

/clustering/testNodeDbConnectionWithMaster

3542

Clustering-TestDatabaseConnection ofSelected Nodewith Master

Configure

/uf/listUF3027

Configure-UniversalForwarder-Showslist of UF

Configure

/clustering/saveNodeThreadConfig3538

Clustering-Savethe ThreadConfiguration ofNode

Configure

/connectionType/addUpdateConnectionType1978

Configure-ConnectionTypes[showscreate/editconnection typescreen]

Configure

/clustering/saveNode3561

Clustering-SaveNode

Configure

/clustering/isNodeUp3532

Clustering-Identify if theNode is Runningor not

Configure

/clustering/isNodeUpByName3536

Clustering-Checkby Name if theNode is Up



Configure

/email/showEmailTemplates1971

Configure-EmailTemplates

Configure

/email/deleteEmailTemplate1973

Configure-EmailTemplates[deletes emailtemplate]

Configure

/email/createEmailTemplate1974

Configure-EmailTemplates[showscreate emailtemplate screen]

Configure

/accessControl3529

Access Control

Configure

/email/saveEmailTemplate1975

Configure-EmailTemplates[savevalues for emailtemplaterecieved fromcreate/edit emailtemplate screen]

Configure

/clustering/manualSyncNode3537

Clustering-Syncthe NodeManually

Configure

/accessControl/showAddUsersSearch3530

Access Control-Show Add UsersSearch

Configure

/accessControl/changePassword1983

Configure-AccessControl[updatepasswordrecieved fromchange passwordscreen]

Configure

/connectionType/showConnectionTypes1976

Configure-ConnectionTypes



Configure

/accessControl/showChangePassword1982

Configure-AccessControl[showschange passwordscreen]

Configure

/connectionType/saveConnectionTypes1979

Configure-ConnectionTypes[save/updatevalues ofconnection typerecieved formcreate/editscreen]

Configure

/clustering/toggleNode3533

Clustering-TurnOn or Turn Offthe Node

Configure

/clustering/testNodeDbConnection3534

Clustering-Testthe Connection ofthe NodeDatabase

Configure

/connectionType/showConnectionList1977

Configure-ConnectionTypes[shows listof connections]

Configure

/clustering/getNodeName3535

Clustering-GetNode Name

Configure

/accessControl/manageUsers1980

Configure-AccessControl

Configure

/accessControl/assignUserToRole3531

Access Control-Assign Users toRole

Configure

/clustering/addResourcesToNode3541

Clustering-AddSelectedResources to theNode



Configure

/accessControl/list1981

Configure-AccessControl[shows listof users]

Configure

/accessControl/showSearch3514

Access Control-Show Search

Configure

/accessControl/showUserCreate1986

Configure-AccessControl[showscreate userscreen]

Configure

/accessControl/userUpdateDelete1985

Configure-AccessControl[updatevalues of userrecied from useredit screen]

Configure

/accessControl/showManageGroup3524

Access Control-Manage Groups

Configure

/accessControl/updateRole3523

Access Control-Update Role

Configure

/accessControl/savePasswordProperties3522

Access Control-Save PasswordProperties

Configure

/accessControl/searchGroupAJAX3521

Access Control-Search Group

Configure

/accessControl/groupList3520

Access Control-List of Groups

Configure

/accessControl/userSave3519

Access Control-Save User

Configure

/accessControl/updatedCheckboxField3518

Access Control-Show UpdatedCheckbox Field



Configure

/accessControl/showRoleCreate1987

Configure-AccessControl-ManageRoles[showscreate rolescreen]

Configure

/accessControl/addUserList3517

Access Control-Add User List

Configure

/accessControl/getUpdatedToken3515

Access Control-Get UpdatedToken

Configure

/accessControl/index3512

Access Control-Index

Configure

/accessControl/showSearchGroup3511

Access Control-Show SearchGroup

Configure

/accessControl/searchAJAX3510

Access Control-Search

Configure

/accessControl/showOrgDetails3509

Access Control-ShowOrganizationDetails

Configure

/accessControl/quickSaveGroup3508

Access Control-Quick SaveGroup

Configure

/accessControl/checkUserNameDuplication3506

Access Control-Check Duplicatesfor User Names

Configure

/accessControl/3528

Enable AccessControl

Configure

/accessControl/checkRoleNameDuplication3507

Access Control-Check Duplicatesfor Role Names

Configure

/accessControl/deleteGroup3516

Access Control-Delete Group



Configure

/accessControl/saveRole1988

Configure-AccessControl-ManageRoles[save valuesof role recievedform create rolescreen]

Configure

/accessControl/saveGroup3513

Access Control-Save Group

Configure

/clustering/showClustering3057

Configure-Clustering

Configure

/settings/showApplicationSettings3009

Configure-Settings-ApplicationSettings

Configure

/accessControl/showSearchRole1989

Configure-AccessControl-ManageRoles[showserach rolescreen]

Configure

/config/showWorkflows3051

Configure-Workflows

Configure

/accessControl/validatePassword3526

Access Control-ValidatePassword

Configure

/accessControl/roleList1990

Configure-AccessControl-ManageRoles[shows listof roles]

Configure

/accessControl/roleDelete1992

Configure-AccessControl-ManageRoles[deletesrole]

Configure

/config/showCriticalityJobs1968

Configure-Criticality[showslist critcality job]



Configure

/clustering/listResources3562

Clustering-ListAll Resources

Configure

/accessControl/showPasswordControlProperties

2063

Configure-AccessControl-PasswordControl

Configure

/uf/showUF2065

Configure-UniversalForwarder

Configure

/accessControl/showRoleUpdate1991

Configure-AccessControl-ManageRoles[updatevalues of rolerecieved fromedit role screen]

Configure

/settings/customizeMenu3010

Configure-Settings-Customize Menu

Configure

/accessControl/beforeInterceptor3525

Access Control-BeforeInterceptor

Configure

/email/queuedEmails3060

Configure-Queued emails

Configure

/settings/showDNSServers3011

Configure-Settings-DNSServers

Configure

/settings/holidayMetaList3012

Configure-Settings-Holidays

Configure

/settings/showAddLicense3014

Configure-Settings- InstallLicense



Configure

/uf/showRegisterUF3018

Configure-UniversalForwarder-Create/edit UFscreen

Configure

/settings/showAppLogs3008

Configure-Settings-Application Logs

Configure

/settings/showLogging3015

Configure-Settings- Logging

Configure

/settings/showSafeDomainList3016

Configure-Settings-SafeDomains

Dashboard

Dashboard

/highRiskUsers/showHighRiskUsersChart4031

HighRisk UsersChart

Dashboard

policy_category:FRAUD4622

Dashboard-SecurityDashbaord-FRAUD

Dashboard

policy_category:SECURITY POLICY VIOLATION4623

Dashboard-SecurityDashbaord-SECURITYPOLICYVIOLATION

Dashboard

policy_category:ACCOUNT MISUSE4624

Dashboard-SecurityDashbaord-ACCOUNTMISUSE



Dashboard

policy_category:EXPLOIT4625

Dashboard-SecurityDashbaord-EXPLOIT

Dashboard

policy_category:MALWARE4626

Dashboard-SecurityDashbaord-MALWARE

Dashboard

/highRiskUsers/showHighRiskAccessAccountCount

4026

HighRiskAccess AccountCount

Dashboard

/incidents/getCaseCount4045

Incidents-GetCase Count

Dashboard

/incidents/getCaseHistory4043

Incidents-GetCase History

Dashboard

/highRiskUsers/showEntityCounts4028

High RiskUsers-EntityCounts

Dashboard

/highRiskUsers/showRiskScoreTrend4029

High RiskUsers-ShowRisk ScoreTrend

Dashboard

policy_category:IDENTITY ISSUE4621

Dashboard-SecurityDashbaord-IDENTITYISSUE

Dashboard

/highRiskUsers/showHighRiskUsersList4030

HighRisk UsersList

Dashboard

/incidents/showCaseComments4046

Incidents-ShowCaseComments



Dashboard

policy_category:TRAFFIC ANOMALY4620

Dashboard-SecurityDashbaord-TRAFFICANOMALY

Dashboard

/highRiskUsers/getUpdatedToken4027

High RiskUsers-GetUpdated Token

Dashboard

policy_category:INSIDER THREAT4618

Dashboard-SecurityDashbaord-INSIDERTHREAT

Dashboard

/dashboard/updateTaskAssistantPref4001

Dashboard-Update TaskAssistantPreferences

Dashboard

/highRiskUsers4032

High RiskUsers

Dashboard

/dashboard/showHistogramForAccessScanner4000

Dashboard-Histogram ForAccess Scanner

Dashboard

/dashboard/showHighRiskResourcesChart4002

HighRiskResourcesChart

Dashboard

/dashboard/showAccessPoliciesForUser4003

Dashboard-Access PoliciesFor User

Dashboard

/dashboard/saveUserPreferences4004

Dashboard-Save UserPreferences

Dashboard

/executiveDashboard/showCaseStatusChart4006

ExecutiveDashboard-Show CaseStatus Chart



Dashboard

/dashboard/showHighRiskUsersByCategory3989

HighRisk UsersBy Category

Dashboard

/highRiskUsers/followEntity4025

High RiskUsers-FollowEntity

Dashboard

/incidents/4047

Incidents

Dashboard

/incidents/searchJira4048

Incidents-Search JIRA

Dashboard

/highRiskUsers/getPoliciesByType4585

Show high riskusers policiesby type

Dashboard

/highRiskUsers/getCriticality4586

Show high riskusers criticality

Dashboard

/export/getViolators4588

Show exportviolators

Dashboard

/highRiskUsers/returnTypes4597

Show high riskusers returntypes

Dashboard

policy_category:CONFIGURATION ERROR4619

Dashboard-SecurityDashbaord-CONFIGURATION ERROR

Dashboard

/incidents/getUpdatedToken4033

Incidents-GetUpdated Token

Dashboard

/dashboard/showRiskyUsersForPeer3940

Dashboard-Risky UsersFor Peer

Dashboard

/incidents/getIncidentListByCategory4035

Incidents-GetIncident List ByCategory



Dashboard

/dashboard/showUserHRASCDetails3942

Dashboard-Show User HRASC Details

Dashboard

/dashboard/showPolicyTree3943

Dashboard-Show PolicyTree

Dashboard

/dashboard/showResourceThreatsList3944

Dashboard-Show ResourceThreats List

Dashboard

/dashboard/createCase3945

Create Case

Dashboard

/dashboard/removeFromWhitelist3946

Dashboard-Remove FromWhitelist

Dashboard

/dashboard/fetchVisualData3947

Dashboard-Fetch VisualData

Dashboard

/dashboard/showHistogram3941

Dashboard-ShowHistogram

Dashboard

/dashboard/drillDowncorrelationResults3932

Dashboard-FilterCorrelationResults

Dashboard

/dashboard/showEventScannerWidget3931

Dashboard-Show EventScannerWidget

Dashboard

/dashboard/loadSecurityControlCenter3929

Dashboard-Load SecurityControl Center



Dashboard

/dashboard/showResourceStatisticsDetails3914

Dashboard-ResourceStatisticsDetails

Dashboard

/dashboard/showPeerStatisticsDetails3915

Dashboard-Peer StatisticsDetails

Dashboard

/dashboard/showPoliciesWidget3999

Dashboard-Policies Widget

Dashboard

/dashboard/showCorrelationResults3916

Dashboard-CorrelationResults

Dashboard

/dashboard/showRiskyUsersForResource3948

Dashboard-Show RiskyUsers ForResource

Dashboard

/dashboard/getOtherPoliciesList3939

Get OtherPolicies List

Dashboard

/dashboard/listSelectOrganization3938

ListOrganizations

Dashboard

/dashboard/loadAccessReviewProgressByTypeChart

3937

Dashboard-Load AccessReviewProgress ByType Chart

Dashboard

/incidents/showCaseCommentsByScreenId4036

Incidents-ShowCaseComments ByScreen Id

Dashboard

/incidents/showJiraSearch4037

Incidents-ShowJira Search

Dashboard

/incidents/sendCaseNotification4038

Incidents-SendCaseNotification



Dashboard

/incidents/showJiraCaseComments4039

Incidents-ShowJira CaseComments

Dashboard

/incidents/showIncidentsWidget4040

IncidentsWidget

Dashboard

/incidents/showIncidentsByUserGroupChart4041

Show IncidentsBy User GroupChart

Dashboard

/incidents/showCaseDetails4042

Incidents-ShowCase Details

Dashboard

/incidents4044

Show IncidentsWidget

Dashboard

/dashboard/showAccessReviewsWidget3912

Dashboard-AccessReviewsWidget

Dashboard

/dashboard/showThreatPolicyCounts3988

Dashboard-Threat PolicyCounts

Dashboard

/dashboard/showUserHRASCChart3986

Dashboard-User HRASCChart

Dashboard

/dashboard/getCasesForEntity3933

Dashboard-GetCases ForEntity

Dashboard

/dashboard/certifyHighRiskAccessActivity3934

CertifyHighRiskAccess Activity

Dashboard

/dashboard3935

GrantDashboardAccess

Dashboard

/dashboard/3936

Dashboard



Dashboard

/incidents/showIncidentsTrendChart4034

IncidentsTrend Chart

Dashboard

/dashboard/showHighRiskResourceDetails3998

HighRiskResourceDetails

Dashboard

/adminDashboard/setEventColor3873

AdministrativeDashboard-SetEvent Color forStatus

Dashboard

/dashboard/loadPoliciesList3996

Dashboard-Load PoliciesList

Dashboard

/dashboard/loadActivityImportHistoryChartByResource

3909

Dashboard-Load ActivityImport HistoryChart ByResource

Dashboard

/adminDashboard/loadActivityAccountSummary3900

AdministrativeDashboard-Load ActivityAccountSummary

Dashboard

/adminDashboard/3890

EnableAdministrativeDashboard

Dashboard

/adminDashboard/loadPeerGroupSummary3883

AdministrativeDashboard-Load PeerGroupSummary

Dashboard

/adminDashboard/beforeInterceptor3888

AdministrativeDashboard-BeforeInterceptor



Dashboard

/adminDashboard/loadPercentageAdminSummary3870

AdministrativeDashboard-LoadPercentageChange inImportsSummary

Dashboard

/adminDashboard/loadJobDurationChart3908

AdministrativeDashboard-View JobDuration Trend

Dashboard

/adminDashboard/loadUserEntSummary3871

AdministrativeDashboard-Load UserEntitySummary

Dashboard

/adminDashboard3874

ShowAdministrativeDashboard

Dashboard

/adminDashboard/loadActivityImportHistoryLineChart

3875

AdministrativeDashboard-Load ActivityImport HistoryLine Chart

Dashboard

/adminDashboard/loadActivityTransSummary3876

AdministrativeDashboard-Load ActivityTransactionSummary

Dashboard

/adminDashboard/index3877

ViewAdministrativeDashboard



Dashboard

/adminDashboard/loadLicInfoDetails3878

AdministrativeDashboard-View Details ofInstalledLicenses

Dashboard

/email/emailQueueCount3796

EmailTemplate-Email QueueCount

Dashboard

/adminDashboard/loadResourceActivityAccountCount

3872

AdministrativeDashboard-Load ResourceActivityAccount Count

Dashboard

/dashboard/sendReminder3910

Dashboard-Enable SendReminder

Dashboard

/adminDashboard/wrapTitle3907

AdministrativeDashboard-Title

Dashboard

/adminDashboard/loadPeerCountChart3891

AdministrativeDashboard-View PeerCreation CountTrends

Dashboard

/dashboard/showPolicyDetailsForUserByResource

3917

Dashboard-Policy DetailsFor User ByResource

Dashboard

/adminDashboard/loadJobSummary_Backup3898

AdministrativeDashboard-Display JobsSummary



Dashboard

/adminDashboard/getJobType3892

AdministrativeDashboard-GetJob Type

Dashboard

/adminDashboard/loadAccessAccountSummary3893

AdministrativeDashboard-Load AccessAccountSummary

Dashboard

/adminDashboard/loadResourceAcsEntCount3894

AdministrativeDashboard-Load ResourceAccess EntityCount

Dashboard

/adminDashboard/loadJobAdminSummary3895

AdministrativeDashboard-ViewAdministrativeJob Summary

Dashboard

/adminDashboard/loadCorrelatedAccountChart3906

AdministrativeDashboard-LoadCorrelatedAccount Chart

Dashboard

/adminDashboard/loadEvents3896

AdministrativeDashboard-Load Events

Dashboard

/adminDashboard/assignSelectedUserToResource3899

AdministrativeDashboard-Assign SelectedUser toResource

Dashboard

/adminDashboard/loadIpAddrSummary3905

AdministrativeDashboard-View IPAddressSummary



Dashboard

/adminDashboard/loadJobGroupCountSummaryByDate

3901

AdministrativeDashboard-View ImportCountSummary forJob Groups ByDate

Dashboard

/adminDashboard/loadJobSummary3902

AdministrativeDashboard-View JobsSummary

Dashboard

/adminDashboard/loadResourceActTransCount3903

AdministrativeDashboard-Load ResourceAccountTransactionCount

Dashboard

/adminDashboard/getJobDetails3904

AdministrativeDashboard-GetJob Details

Dashboard

/adminDashboard/loadResourceAccessAccountCount

3897

AdministrativeDashboard-Load ResourceAccess AccountCount

Dashboard

/adminDashboard/getUpdatedToken3879

AdministrativeDashboard-GetUpdated Token

Dashboard

/adminDashboard/loadResourceSummary3880

AdministrativeDashboard-Load ResourceSummary

Dashboard

/adminDashboard/loadPolicyexCountChart3881

AdministrativeDashboard-View Policy ExChart



Dashboard

/highRiskUsers/4019

Show High RiskUsers

Dashboard

/highRiskUsers/showHighRiskActivityAccountCount

4020

HighRiskActivityAccount Count

Dashboard

/highRiskUsers/showThreatPolicyCounts4021

High RiskUsers-ThreatPolicy Counts

Dashboard

/highRiskUsers/showRiskyUserPolicies4022

High RiskUsers-RiskyUser Policies

Dashboard

/executiveDashboard/getUpdatedToken4008

ExecutiveDashboard-GetUpdated Token

Dashboard

/highRiskUsers/showHighRiskActivityIPCount4024

HighRiskActivity IPCount

Dashboard

/highRiskUsers/beforeInterceptor4018

High RiskUsers-BeforeInterceptor

Dashboard

/executiveDashboard/showCasesByGroupChart4007

ExecutiveDashboard-Show Cases ByGroup Chart

Dashboard

/dashboard/showRiskyUsersForGroupOwner3990

Dashboard-Show RiskyUsers ForGroup Owner

Dashboard

/dashboard/showViolatorsByPolicyCategories3991

Dashboard-Show ViolatorsBy PolicyCategories



Dashboard

/dashboard/loadTaskAssistantList3992

Dashboard-Load TaskAssistant List

Dashboard

/dashboard/showUserStatisticsDetails3993

Dashboard-User StatisticsDetails

Dashboard

/dashboard/showViolationAdditionalDetails3994

Dashboard-Show ViolationAdditionalDetails

Dashboard

/dashboard/loadResourceConfigPoliciesDetails3995

Dashboard-Load ResourceConfigurationPolicies Details

Dashboard

/executiveDashboard/showHighRiskSuspectChecksChart

4005

ExecutiveDashboard-HighRiskSuspect ChecksChart

Dashboard

/highRiskUsers/showHighRiskUsersCount4017

High RiskUsers Count

Dashboard

/highRiskUsers/showHistogram4016

High RiskUsers-ShowHistogram

Dashboard

/executiveDashboard/4015

ExecutiveDashboard

Dashboard

/adminDashboard/loadEventSummary3882

AdministrativeDashboard-View EventsSummary

Dashboard

/adminDashboard/loadUserSummary3884

AdministrativeDashboard-Load UsersSummary



Dashboard

/adminDashboard/loadGraphTrendDetails3885

AdministrativeDashboard-View Details ofTrend Graphs

Dashboard

/adminDashboard/loadResourceEventCount3886

AdministrativeDashboard-Load ResourceEvent Count

Dashboard

/adminDashboard/loadAccessImportHistoryLineChart

3887

AdministrativeDashboard-Load AccessImport HistoryLine Chart

Dashboard

/adminDashboard/loadSecAppDetails3889

AdministrativeDashboard-View SecuronixApplicationDetails

Dashboard

/dashboard/showAccessScannerWidget3911

Dashboard-Access ScannerWidget

Dashboard

/dashboard/getUserForPeers3984

Dashboard-GetUser for Peers

Dashboard

/dashboard/updateHighRiskObject3913

Dashboard-UpdateHighRiskObject

Dashboard

/executiveDashboard/beforeInterceptor4009

ExecutiveDashboard-BeforeInterceptor



Dashboard

/executiveDashboard/highRiskAggregateResources

4010

ExecutiveDashboard-HighRiskAggregateResources

Dashboard

/executiveDashboard4011

ExecutiveDashboard-Enable View

Dashboard

/executiveDashboard/showHighRiskThreatChart4012

ExecutiveDashboard-HighRiskThreat Chart

Dashboard

/executiveDashboard/showPoliciesByVioltionCount

4013

ExecutiveDashboard-Policies ByVioltaion Count

Dashboard

/executiveDashboard/highRiskAggregateUsers4014

ExecutiveDashboard-HighRiskAggregateUsers

Dashboard

/dashboard/showRiskyUsersForAccessValue3997

Risky UsersFor AccessValue

Dashboard

/dashboard/showJobEventDetails3918

Dashboard-JobEvent Details

Dashboard

/highRiskUsers/showHighRiskUsersWidget4023

HighRiskUsersWidget

Dashboard

/dashboard/loadResourceOutlierAccessDetails3920

Dashboard-Load ResourceOutlier AccessDetails

Dashboard

/riskModeler/showRunThreatModel3355

Risk Modeler-Show RunThreat Model



Dashboard

DEFAULTWORKFLOW:CLAIM3161

Dashboard-SecurityDashbaord-BulkAction:CLAIM

Dashboard

DEFAULTWORKFLOW:CLOSE AS FIXED3160

Dashboard-SecurityDashbaord-BulkAction:CLOSEAS FIXED

Dashboard

DEFAULTWORKFLOW:ASSIGN TO ANALYST3159

Dashboard-SecurityDashbaord-BulkAction:ASSIGNTO ANALYST

Dashboard

/dashboard/showThreatDetails3157

Dashboard-SecurityDashbaord-Threats-ShowsThreat Details

Dashboard

/riskModeler/showThreatModelList3354

Risk Modeler-Show ThreatModel List

Dashboard

/dashboard/deletePolicyViolation3168

Dashboard-SecurityDashboard-DeleteViolations

Dashboard

/dashboard/showHighRiskOutlierActivityUserList3155

Dashboard-SecurityDashbaord-Threats-HighRisk Outlier Lis



Dashboard

/dashboard/showHighRiskActivitiesSuspectChecksChart

3153

Dashboard-SecurityDashbaord-Threats-Threats BySuspect ChecksChart

Dashboard

/dashboard/showHighRiskActivitiesByThreatChart

3152

Dashboard-SecurityDashbaord-Threats-Threats ByCriticalityChart

Dashboard

/dashboard/showHighRiskActivitiesByResourceChart

3151

Dashboard-SecurityDashbaord-Threats-Threats ByResource Chart

Dashboard

/riskModeler/saveRiskModel3363

Risk Modeler-Save RiskModel

Dashboard

/dashboard/showAccessValuesForHighRiskAccess3001

Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby AccessValue list]



Dashboard

/dashboard/showHighRiskAccessByGroupOwnerChart

3002

Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby GroupOwner graph]

Dashboard

/dashboard/showHighRiskActivitiesByThreatCategoryChart

3154

Dashboard-SecurityDashbaord-Threats-Threats ByCategory Chart

Dashboard

about_license2073

Dashboard-AdministrativeDashboard-About License

Dashboard

POLICYVIOLATIONSWORKFLOW:Mark AsConcern

3169

Dashboard-SecurityDashbaord-PolicyViolations:Mark As Concern

Dashboard

/dashboard/showActivityOutliersWidget3171

Dashboard-SecurityDashboard-Peer BasedActivities

Dashboard

/export/exportObjectsToRtf3241

Export-ExportObjects to RTF

Dashboard

policy_category:ALERT3124

Dashboard-SecurityDashbaord-ALERT



Dashboard

policy_category:DATA EXFILTRATION3125

Dashboard-SecurityDashbaord-DATAEXFILTRATION

Dashboard

/adminDashboard/loadAccessImportHistory3129

Dashboard-AdministrativeDashboard-Access ImportHistory

Dashboard

/riskModeler3361

Risk ModelerWidget

Dashboard

/riskModeler/getUpdatedToken3360

Risk Modeler-Get UpdatedToken

Dashboard

POLICYVIOLATIONSWORKFLOW:Mark AsNon-Concern

3170

Dashboard-SecurityDashbaord-PolicyViolations:Mark As Non-Concern

Dashboard

/riskModeler/showJobOutput3359

Risk Modeler-Show JobOutput

Dashboard

/riskModeler/searchJobAJAX3357

Risk Modeler-Search JobAJAX

Dashboard

/incidents/showReviews1954

Respond-ActivityReviews

Dashboard

/riskModeler/searchRiskModelJobs3356

Risk Modeler-Search RiskModel Jobs



Dashboard

/executiveDashboard/loadExecutiveDashboard3176

Dashboard-ExecutiveDashboard

Dashboard

/geolocation/showGeolocation3173

Dashboard-GeolocationMap

Dashboard

/incidents/showSendCaseNotification3172

Dashboard-SecurityDashboard-Incidents [SendCaseNotificationEmail]

Dashboard

/riskModeler/runThreatModel3358

Risk Modeler-Run ThreatModel

Dashboard

/adminDashboard/loadActivityImportHistory1824

Dashboard-AdministrativeDashboard-Activity ImportHistory[showsactivity importhistory details]

Dashboard

/adminDashboard/showCorrelationResultsDetails1823

Dashboard-AdministrativeDashboard-CorrelationResults [showscorrelationresults deatails]

Dashboard

/dashboard/accessRequest2005

Access Request



Dashboard

/adminDashboard/loadGlossaryImportHistoryChart

1825

Dashboard-AdministrativeDashboard-GlossaryImport History[shows glossaryimport historydetails]

Dashboard

/dashboard/showHighRiskAccessByAccessValueChart

3000

Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby AccessValue graph]

Dashboard

/riskModeler/3362

Risk Modeler

Dashboard

/export/index3231

Export-index

Dashboard

about_application2072

Dashboard-AdministrativeDashboard-AboutApplication

Dashboard

/dashboard/showHighRiskResourcesList2066

Dashboard-SecurityDashboard-High RiskResources[shows highrisk resources]



Dashboard

/dashboard/showHighRiskUsersChart1805

Dashboard-SecurityDashboard-High RiskUsers [showshigh risk usersgraph]

Dashboard

/export/exportObjectsToCsv3234

Export-ExportObjects to CSV

Dashboard

/adminDashboard/loadSummary2062

Dashboard-AdministrativeDashboard-Summary

Dashboard

/users/showInvestigationWorkbench2058

Dashboard-LaunchInvestigationWorkbench

Dashboard

/dashboard/loadScheduledJobsCalendar2054

Dashboard-JobCalendar[shows jobcalendar]

Dashboard

/dashboard/loadExecutiveDashboard2032

Dashboard-Load ExecutiveDashboard

Dashboard

/export/exportToPdf3232

Export-Exportto PDF

Dashboard

/dashboard/showUsersWithAccessForOutliers3919

Dashboard-Users WithAccess Outliers

Dashboard

/export/exportToXML3233

Export-Exportto XML



Dashboard

/dashboard/showHighRiskUsersList1806

Dashboard-SecurityDashboard-High RiskUsers[showslist of high riskusers]

Dashboard

/dashboard/showHighRiskAccessUsersChart1807

Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessusers graph]

Dashboard

/dashboard/showHighRiskAccessUserList1808

Dashboard-SecurityDashboard-High RiskAccess[showslist of high riskaccess users]

Dashboard

/dashboard/getAccessListByResource2004

AccessRequest-[showsaccess list byresource]

Dashboard

/dashboard/submitAccessRequest2003

AccessRequest-[submit accessrequest]

Dashboard

/adminDashboard/loadCorrelationChart1822

Dashboard-AdministrativeDashboard-CorrelationResults [showscorrelationresults graph]



Dashboard

/adminDashboard/showUserImportHistoryDetails1821

Dashboard-AdministrativeDashboard-User ImportHistory[showsuser importhistory details]

Dashboard

/adminDashboard/loadUserImportHistoryChart1820

Dashboard-AdministrativeDashboard-User ImportHistory[showsuser importhistory graph]

Dashboard

/dashboard/showPolicyDetails1818

Dashboard-SecurityDashboard-User DefinedPolicies[showsdetails of userdefinedpolicies]

Dashboard

/dashboard/showDOSAccounts1817

Dashboard-SecurityDashboard-Possible DOSAttack[showspossible dosaccounts list]

Dashboard

/dashboard/showIncidentsProgress1816

Dashboard-SecurityDashboard-Incidents[shows incidentprogress]



Dashboard

/incidents/showIncidentsList1815

Dashboard-SecurityDashboard-Incidents[shows list ofincidents]

Dashboard

/incidents/showIncidentsChart1814

Dashboard-SecurityDashboard-Incidents[showsincidentsgraph]

Dashboard

/dashboard/highRiskAccountsFromMultipleIP1813

Dashboard-SecurityDashboard-High RiskAccounts[shows list ofhigh riskaccounts]

Dashboard

/dashboard/showDLPPeersList1812

Dashboard-SecurityDashboard-DLP Alerts[shows list ofDLP alerts]

Dashboard

/dashboard/showDLPPeersListGraph1811

Dashboard-SecurityDashboard-DLP Alerts[shows DLPalerts graph]



Dashboard

/dashboard/showHighRiskActivitiesList1810

Dashboard-SecurityDashboard-High RiskActivities[shows list ofhigh riskactivities]

Dashboard

/dashboard/showHighRiskActivitiesChart1809

Dashboard-SecurityDashboard-High RiskActivities[shows highrisk activitiesgraph]

Dashboard

/dashboard/showGroupOwnersForHighRiskAccess

3003

Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby GroupOwner list]

Dashboard

/dashboard/showHighRiskAccessPeerChart3004

Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby Peer graph]

Dashboard

/adminDashboard/loadAdministrativeDashboard1819

Dashboard-AdministrativeDashboard



Dashboard

/dashboard/showHighRiskAccessByResourceChart

3006

Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby Resourcegraph]

Dashboard

/dashboard/updateCase3978

Update Case

Dashboard

/dashboard/showEntityCounts3979

Dashboard-Entity Counts

Dashboard

/dashboard/loadResourceAccessPoliciesDetails3980

Dashboard-Load ResourceAccess PoliciesDetails

Dashboard

/dashboard/showViolationsChartData3981

Dashboard-ViolationsChart Data

Dashboard

/dashboard/loadResourceAlertsPoliciesDetails3982

Dashboard-Load ResourceAlerts PoliciesDetails

Dashboard

/dashboard/searchUserImportJobAJAX3983

Dashboard-Search UserImport Jobusing AJAX

Dashboard

/dashboard/showRiskyUserAccounts3977

Dashboard-Risky UserAccounts



Dashboard

policy_category:ROGUE ACCESS PRIVILEGES4627

Dashboard-SecurityDashbaord-ROGUEACCESSPRIVILEGES

Dashboard

/dashboard/showCreateCase3921

Enable CreateCase

Dashboard

/dashboard/showHighRiskOutlierActivitiesChart3950

HighRiskOutlierActivities Chart

Dashboard

/dashboard/addToWhiteList3969

Dashboard-AddTo WhiteList

Dashboard

/dashboard/showSearchOrg3967

Dashboard-Show SearchOrganization

Dashboard

/dashboard/showUsersWithoutAccessForOutliers3952

Dashboard-Show UsersWithout AccessOutliers

Dashboard

/dashboard/showCalendarEventList3953

Dashboard-Show CalendarEvents List

Dashboard

/dashboard/showUsersWithActivity3985

Dashboard-Users WithActivity

Dashboard

/dashboard/showSendReminder3976

Dashboard-Show SendReminder

Dashboard

/dashboard/showHighRiskThreatsListByCategory3975

HighRiskThreats List ByCategory



Dashboard

/dashboard/appCorrelationChart3974

Dashboard-AppCorrelationChart

Dashboard

/dashboard/showPeersListForHighRiskAccess3005

Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby Peer list]

Dashboard

/dashboard/showHighRiskResourcesWidget3922

HighRiskResourcesWidget

Dashboard

/dashboard/rejectCert3923

Dashboard-Rejection Cert

Dashboard

/dashboard/loadActivityImportHistoryChartByJob

3924

Dashboard-Load ActivityImport HistoryChart By Job

Dashboard

/dashboard/showHighRiskAccessWidget3925

HighRiskAccess Widget

Dashboard

/dashboard/createAccessCertCases3926

Dashboard-Create AccessCertificationCases

Dashboard

/dashboard/showAccessScannerUsersList3927

Dashboard-Show AccessScanner UsersList

Dashboard

/dashboard/loadDatasourceFilter3928

Dashboard-LoadDatasourceFilter



Dashboard

/dashboard/showUsersWithoutActivity3930

Dashboard-Show UsersWithoutActivity

Dashboard

/dashboard/showUserDetailsForActivityOutliers3987

Dashboard-User DetailsFor ActivityOutliers

Dashboard

/dashboard/assignCertToUser3949

Dashboard-AssignCertificate toUser

Dashboard

/dashboard/loadSecurityDashboard3951

Load SecurityDashboard

Dashboard

/dashboard/loadActivityImportHistoryChart3971

Dashboard-Load ActivityImport HistoryChart

Dashboard

/dashboard/showPolicyTrend3972

Dashboard-Show PolicyTrend

Dashboard

/dashboard/showSuspectEventAdditionalDetails3973

Dashboard-Show SuspectEventAdditionalDetails

Dashboard

/dashboard/beforeInterceptor3954

Dashboard-BeforeInterceptor

Dashboard

/dashboard/loadActivityDashboard3955

Dashboard-Load ActivityDashboard



Dashboard

/dashboard/loadResourceActivityPoliciesDetails3970

Dashboard-Load ResourceActivityPolicies Details

Dashboard

/dashboard/showAddToWhitelist3957

Dashboard-Show Add ToWhitelist

Dashboard

/export/3245

Dashboard-Show Export

Dashboard

/dashboard/showWhitelistSearch3045

Dashboard-Whitelist

Dashboard

/dashboard/showHighRiskAccess3029

Dashboard-SecurityDashboard -High RiskAccess

Dashboard

/dashboard/showCerts3028

Dashboard-SecurityDashboard -ShowCertificationson Dashboard

Dashboard

/export/beforeInterceptor3244

Export-BeforeInterceptor

Dashboard

/dashboard/getUpdatedToken3956

Dashboard-GetUpdated Token

Dashboard

/riskModeler/showThreatModelJobs3353

Risk Modeler-Show ThreatModel Jobs

Dashboard

/export/getMaskingParams3242

Export-GetMaskingParams

Dashboard

/export/exportObjectsToPdf3240

Export-ExportObjects to PDF



Dashboard

/export/exportToRtf3239

Export-Exportto RTF

Dashboard

/export/getReportName3238

Export-GetReport Name

Dashboard

/export3237

Dashboard-Enable Export

Dashboard

/export/exportObjectsToXML3236

Export-ExportObjects to XML

Dashboard

/export/columnCheck3235

Export-ColumnCheck

Dashboard

/dashboard/showResourcesForHighRiskAccess3007

Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby Resourcelist]

Dashboard

/dashboard/showAccessScannerSummary3049

Dashboard-Access Scanner

Dashboard

/dashboard/getTaskAssistantList3050

Dashboard-Task Assistant

Dashboard

/export/exportToCsv3243

Export-Exportto CSV

Dashboard

/riskModeler/configureRiskModel3352

Risk Modeler-Configure RiskModel

Dashboard

/riskModeler/deleteThreatModel3351

Risk Modeler-Delete ThreatModel

Dashboard

/dashboard/showHighRiskAccessUserDetails3959

Show HighRiskAccess UserDetails



Dashboard

/dashboard/showAccessScannerDataSummary3960

Show AccessScanner DataSummary

Dashboard

/dashboard/listViolationActions3961

Dashboard-ListViolationActions

Dashboard

/dashboard/loadResourceOutlierActivitiesDetails3962

Dashboard-Load Details ofResourceOutlierActivities

Dashboard

/dashboard/showDateOfUserImportJob3963

Dashboard-Show Date ofUser ImportJob

Dashboard

/dashboard/showUserDetailsForAccessOutliers3964

Dashboard-Show UserDetails ForAccess Outliers

Dashboard

/dashboard/showPoliciesListForViolatorByPolicyCategory

3958

Dashboard-Show PoliciesList ForViolator ByPolicyCategory

Dashboard

/dashboard/showHighRiskAccessCertProgress3966

Show HighRiskAccessCertificationProgress

Dashboard

/dashboard/switchCorrelationGraph3968

Dashboard-SwitchCorrelationGraph



Dashboard

/dashboard/loadDashboard1804

Dashboard-SecurityDashboard

Dashboard

policy_category:Suspicious Activity4628

Dashboard-SecurityDashbaord-SuspiciousActivity

Dashboard

/dashboard/showHighRiskActivitiesTrendChart3156

Dashboard-SecurityDashbaord-Threats-Threats ByTrend Chart

Dashboard

/dashboard/showPolicyCategoriesWidet3059

Dashboard-PolicyCategoriesWidget

Dashboard

/dashboard/showWhitelistDetails3965

Dashboard-Show WhitelistDetails

Geolocation

Geolocation /geolocation/getFilters 4530 Geolocation-Get Filters

Geolocation /geolocation/listDatasources 4528 Geolocation-List Datasources

Geolocation /geolocation 4529 Show Geolocation

Geolocation /workbench/basicGeoLoc 4541Geolocation-Show BasicGeolocation[Top right quicklink]

Geolocation /geolocation/getUpdatedToken 4533Geolocation-Get UpdatedToken

Geolocation /geolocation/geoLocationData 4531Geolocation-GeolocationData



Geolocation /geolocation/ 4532 Geolocation

Investigation Workbench

InvestigationWorkbench

/workbench/nodelinkdata4616

Show nodelink data


/workbench/getlocation4617

Allow gettinglocation


/workbench/showPolicyViolators4552

InvestigationWorkbench-Show PolicyViolators


/workbench/geoLocation4558

InvestigationWorkbench-ShowGeoLocation


/workbench/4557



/workbench/getChildAccessLevels4556

InvestigationWorkbench-Show AccessLevels forChild Node


/workbench4555

EnableInvestigationWorkbench




/workbench/investigatePeerComparison4554

InvestigationWorkbench-PeerComparisonInvestigation


/workbench/getUpdatedToken4553

InvestigationWorkbench-Get UpdatedToken


/workbench/listAccessValues4551

InvestigationWorkbench-List AccessValues


/workbench/showNewInvestigationWorkbench

4540

InvestigationWorkbench-Show NewWorkbench


/workbench/investigateObject4546

InvestigationWorkbench-ObjectInvestigation


/workbench/networkgeoloc4550

InvestigationWorkbench-ShowNetworkGeolocations


/workbench/initWorkbenchSearch4539

InvestigationWorkbench-SearchInitialization


/workbench/displayScreenshot4544

InvestigationWorkbench-View/Display Screenshot




/workbench/showInvestigationWorkbench4542

ShowInvestigationWorkbench


/workbench/searchObjects4538

InvestigationWorkbench-SearchObjects


/workbench/sourceDestinationPlot4549

InvestigationWorkbench-ShowSources ofDestinationPlot


/workbench/getAssociatedObjects4545

InvestigationWorkbench-GetAssociatedObjects


/workbench/showPolicyViolatorsForPeer4548

InvestigationWorkbench-Show PolicyViolatorAccounts forPeer


/workbench/searchAJAX4543

InvestigationWorkbench-Search



Other

Other SELFAUDITWORKFLOW:Decline 3180This is when user decline theactivity.

Other SELFAUDITWORKFLOW:Confirm 3179This is when user confirmsthe activity.

Other /solr/** 3177 /solr/**

Reports

Reports

/reports/deleteCategory3122

Reports-DeleteCategory

Reports

/reports/showActivityOrphanAccounrtsByResourceReport

3287

Reports-ShowActivityOrphanAccounts ByResourceReport

Reports

/reports/showResourceGroupList3288

Reports-ShowResource-Group List

Reports

/reports/editCategory3123

Reports-EditCategory

Reports

/reports/addCategory3121

Reports-AddCategory

Reports

/export/exportReport3116

Reports-Save AndGenerateAdhocReports



Reports

/reports/deleteReport3119

Reports-DeleteReports

Reports

/reports/showReportScheduler3118

Reports-ScheduleReports

Reports

/reports/editReport3117

Reports-EditReports

Reports

/reports/showRedundantNonUserAccountsReport3286

Reports-ShowRedundantNon UserAccountsReport

Reports

/reports/createReport3120

Reports-CreateReports

Reports

/reports/loadColumns3285

Reports-LoadColumns

Reports

/config/showAuditList3647

Configuration-ShowAudit List

Reports

/reports/getReportParameters3261

Reports-GetReportParameters

Reports

/reports/showDormantAccountsReport3262

Reports-ShowDormantAccountsReport



Reports

/reports/showUserAccessByResourceReport3263

Reports-Show UserAccess ByResourceReport

Reports

/reports/createAdhocReport3113

Reports-CreateAdhocReports

Reports

/reports/deleteAdHocReport3115

Reports-DeleteAdhocReports

Reports

/reports/uploadJrxmlFile3343

Reports-UploadJRXML File

Reports

/reports/showRacfOutlierAnalysisReport3294

Reports-Show RacfOutlierAnalysisReport

Reports

/reports/showUserDetailsReport3326

Reports-Show UserDetailsReport

Reports

/reports/showOutlierAnalysisReportByApplicationPermission

3327

Reports-ShowOutlierAnalysisReport ByApplicationPermission

Reports

/reports/showResourceReport3328

Reports-ShowResourceReport



Reports

/reports/showResourceActivityReportbyUser3329

Reports-ShowResourceActivityReport byUser

Reports

/reports/showHighRiskAccessReport3330

Reports-Show HighRisk AccessReport

Reports

/reports/saveNewCategory3331

Reports-Save NewCategory

Reports

/reports/showAdOutlierAnalysisReport3260

Reports-ShowAdOutlierAnalysisReport

Reports

/reports/showPeerAssignmentRulesReport3264

Reports-Show PeerAssignmentRulesReport

Reports

/reports/selectPeerList3276

Reports-Select PeerList

Reports

/reports/showUserActivityReport3284

Reports-Show UserActivityReport

Reports

/reports/saveUserReport3259

Reports-Save UserReport



Reports

/reports/paginateReports3289

Reports-PaginateReports

Reports

/reports/showReportParameters3291

Reports-ShowReportParameters

Reports

/reports/showResourceList3292

Reports-ShowResourcesList

Reports

/reports/3290

EnableReportsView

Reports

/reports/showAnomalyDetectionRulesbyUser3257

Reports-ShowAnomalyDetectionRules byUser

Reports

/reports/selectResourceGroupList3256

Reports-SelectResourceGroup List

Reports

/reports/showPeerList3258

Reports-Show PeerList

Reports

/reports/listParameters3273

Reports-ListParameters

Reports

/reports/exportSavedReport3114

Reports-RunAdhocReports

Reports

/reports/getUpdatedToken3267

Reports-GetUpdatedToken



Reports

/reports/showPeerActivityReport3268

Reports-Show PeerActivityReport

Reports

/reports/beforeInterceptor3265

Reports-BeforeInterceptor

Reports

/reports/runSubReport3283

Reports-RunSub Report

Reports

/reports/showUserPeerReport3270

Reports-Show UserPeer Report

Reports

/reports/showPeerSuspiciousActivityReport3271

Reports-Show PeerSuspiciousActivityReport

Reports

/reports/showAdhocReportList3272

Reports-Show AdhocReport List

Reports

/reports/selectResourceList3266

Reports-SelectResourcesList

Reports

/reports/showUserActivityReportbyDate3282

Reports-Show UserActivityReport byDate

Reports

/reports/runTopNReport3280

Reports-RunTop NReport

Reports

/reports/scheduledReportList3279

Reports-ScheduledReport List



Reports

/reports/showUserBehaviorProfileReport3278

Reports-Show UserBehaviorProfileReport

Reports

/reports/showSelectUsersDialog3332

Reports-Show SelectUsersDialog

Reports

/reports/showUserAccesAccountReport3275

Reports-Show UserAccesAccountReport

Reports

/reports/showUserSuspiciousActivityReport3274

Reports-Show UserSuspiciousActivityReport

Reports

/reports/showTopHighestActivityUsersReport3281

Reports-ShowHighestUserActivityReport

Reports

/reports/showTopNReportsList3269

Reports-Show Top NReports List

Reports

/reports/showOutlierReports2071

OutlierReports

Reports

/reports/saveTopNReport3277

Reports-SaveTop NReport

Reports

/reports/showResourceReports2069

ResourceReports



Reports

/reports/showHqlQuery3056

Reports-Ad-Hoc Reports

Reports

/reports/showReportList3299

Reports-ShowReports List

Reports

/reports/showAccessOutlierReport3300

Reports-ShowAccessOutlierReport

Reports

/reports/showGroupOwnerByResourceGroupReport3301

Reports-Show GroupOwner ByResourceGroupReport

Reports

/reports/showAnomalyActivitybyUser3302

Reports-ShowAnomalyActivity byUser

Reports

/reports/getResourceGroups3303

Reports-GetResourceGroups

Reports

/reports/showResourceActivityReportbyIP3304

Reports-ShowResourceActivityReport byIP

Reports

/reports/showSharedLoginActivityReport3305

Reports-ShowSharedLoginActivityReport



Reports

/reports/showPeerBehaviorProfileReport3295

Reports-Show PeerBehaviorProfileReport

Reports

/reports/testExportReport3307

Reports-Test ExportReport

Reports

/reports/showhighRiskAccessByPeer3318

Reports-Show HighRisk AccessBy Peer

Reports

/reports/searchParameterValue3317

Reports-SearchParameterValue

Reports

/reports/runReport3055

Reports-RunReport

Reports

/reports/showHighRiskAccessByResourceReport3316

Reports-Show HighRisk AccessBy ResourceReport

Reports

/reports/showGenerateReport3319

Reports-ShowGenerateReport

Reports

/reports/showJRMAnalysisReport3320

Reports-Show JRMAnalysisReport



Reports

/reports/showresourceActivityReportbyDate3314

Reports-ShowResourceActivityReport byDate

Reports

/reports/listUsers3313

Reports-ListAll Users

Reports

/reports/showTerminatedUsersAccountsReport3312

Reports-ShowTerminatedUsersAccountsReport

Reports

/reports/getFilterCondition3311

Reports-GetFilterCondition

Reports

/reports/saveSubReport3310

Reports-Save SubReport

Reports

/reports/showresourceActivityReport3309

Reports-ShowResourceActivityReport

Reports

/reports/showUncorrelatedAccessAccountReport3308

Reports-ShowUncorrelated AccessAccountReport

Reports

/reports/downloadReport3321

Reports-DownloadReport



Reports

/reports/showHighRiskUsersReport3306

Reports-Show HighRisk UsersReport

Reports

/reports/showScheduledReports2070

ScheduleReports

Reports

/reports/showUserHighRiskAccessReport3315

Reports-Show UserHigh RiskAccessReport

Reports

/reports/saveReport3054

Reports-Save Report

Reports

/reports/dashboard3048

Reports-ByCategories

Reports

/reports/generateHQL3298

Reports-generateHQL

Reports

/reports/showPeerGroupReports2068

PeerReports

Reports

/reports/showUserReports2067

UserReports

Third Party Intelligence

Third PartyIntelligence

/tpi/showCreateNewCore 3850Third Party Intelligence-Show Create New Core


/tpi/searchTpi 3849Search Third PartyIntelligence


/tpi 3848Enable Third PartyIntelligence


/tpi/showTpiSearch 3047Dashboard-Third PartyIntelligence




/tpi/saveTPICore 3846Save Third PartyIntelligence Core


/tpi/scheduleTpiExport 3844Schedule Third PartyIntelligence Export


/tpi/searchTpiKB 3847Search Third PartyIntelligence KB


/tpi/getUpdatedToken 3851Third Party Intelligence-Get Updated Token


/tpi/showTpiResultsOfSearchValue 3859Show Third PartyIntelligence Results ofSearch Value


/tpi/saveTPIRecords 3858Save Third PartyIntelligence Records


/tpi/index 3852ShowThird PartyIntelligence


/tpi/showTPIKBSearch 3857Show Third PartyIntelligenceKB Search


/tpi/ 3856Show Third PartyIntelligence


/tpi/scheduleTpiImport 3853Schedule Third PartyIntelligence Import


/tpi/showTpiExtraParams 3855Show Third PartyIntelligence ExtraParameters


/tpi/showCreateNewTPIEntry 3854Show Create New ThirdParty Intelligence Entry


/tpi/beforeInterceptor 3860Third Party Intelligence-Before Interceptor



Views

Views

/organization/showSearchOrg4172

Show SearchOrganization

Views

/peer/showPeerAccess3034

Manage-Peers[shows Peer AccessDetails]

Views

/peer/showPeerBehaviorPanel3035

Manage-Peers[shows PeerBehavior]

Views

/organization/edit3036

Manage-Organizations[shows editorganizationscreen]

Views

/organization/showChildOrganizations3040

Manage-Organizations[shows Child-Organization]

Views

/resource/editAccessAttribute3088

Manage-Resources[Edit AccessAttribute]

Views

/organization/showApplicationsforOrg3038

Manage-Organizations[shows Applicationsof Organization]

Views

/peer/showPeerActivities3033

Manage-Peers[shows PeerActivities]

Views

/resource/showResourceActivities3041

Manage-Resources[shows ResourceActivities]



Views

/organization/showUsersforOrg3037

Manage-Organizations[shows Users ofOrganization]

Views

/users/showUserBehaviorPanel3032

Manage-Users[shows UserBehavior]

Views

/resource/showAddActivityAttributesDialog3084

Manage-Resources[Add ActivityAttributes]

Views

/users/showUserOrgs3030

Manage-Users[showsOrganizations ofUser]

Views

/resource/deleteRGData3083

Manage-Resources[Delete ResourceGroup Data]

Views

/resource/showMonitorAccess3042

Manage-Resources[shows ResourceAccess details]

Views

/resource/removeActivityAttributes3085

Manage-Resources[Remove ActivityAttributes]

Views

/resource/showAddAccessAttributesDialog3086

Manage-Resources[Add AccessAttributes]

Views

/resource/removeAccessAttributes3087

Manage-Resources[Remove AccessAttributes]

Views

/org/showHighRiskOrgApplicationsAggregateList

3139

Dashboard-Organization-ShowHigh RiskOrganizationAggregateApplications



Views

/org/showHighRiskOrgUsersAggregateList3141

Dashboard-Organization-ShowHigh RiskOrganizationAggregate Users

Views

/org/showHighRiskUsersForOrgByCategory3150

Dashboard-Organization-ShowHigh Risk Users InOrganization ByCategory

Views

/org/listHighRiskOrgs3142

Dashboard-Organization-ShowHigh RiskOrganizations

Views

/organization/save4164

Organization-Save

Views

/organization/listOrganizations4169

Organization-ListOrganizations

Views

/users/showUserActivities3031

Manage-Users[shows UserActivities]

Views

/resource/showResourceBehaviorPanel3043

Manage-Resources[shows ResourceBehavior]

Views

/resource/delete3076

Manage-Resources[Delete Resource]

Views

/resource/deleteResourceGroup3078

Manage-Resources[Delete ResourceGroup]

Views

/organization/showAddResourcegroupToOrg3106

Manage-Organizations[AddResource Groups toOrganization]



Views

/organization/removeResourcegroupsFromOrg3107

Manage-Organizations[Remove ResourceGroups fromOrganization]

Views

/watchList/showCreateEditWatchlist3108

Manage-Watchlist[Show CreateWatchlist]

Views

/watchList/deleteWL3109

Manage-Watchlist[Remove Watchlist]

Views

/watchList/addMembers3110

Manage-Watchlist[Add Members toWatchlist]

Views

/watchList/removeWLMembers3111

Manage-Watchlist[Remove Membersfrom Watchlist]

Views

/resource/reCorrelateAccounts3112

Manage-Resource[ShowResource:Recorelate Accounts ]

Views

/org/showHighRiskOrgsWidget3131

Dashboard-Organization-ShowHigh RiskOrgnization Widget

Views

/org/showOrgHierarchy3132

Dashboard-Organization-ShowOrganizationHierarchy

Views

/org/showOrgLevel23133

Dashboard-Organization-ShowOrganization Level2



Views

/org/showOrgLevel33134

Dashboard-Organization-ShowOrganization Level3

Views

/org/showHighRiskOrgTrendingChart3135

Dashboard-Organization-ShowOrganizationTrending Chart

Views

/org/showHighRiskOrgResourcesList3136

Dashboard-Organization-ShowHigh RiskOrganizationResources

Views

/org/showHighRiskOrgResourcesAggregateList3137

Dashboard-Organization-ShowHigh RiskOrganizationAggregateResources

Views

/org/showHighRiskOrgApplicationsList3138

Dashboard-Organization-ShowHigh RiskOrganizationApplications

Views

/resource/edit3091

Manage-Resources[Edit Resource]

Views

/resource/deleteResourceData3090

Manage-Resources[Delete ResourceData]

Views

/resource/editActivityAttribute3089

Manage-Resources[Edit ActivityAttribute]



Views

/organization/showResourcesforOrg3039

Manage-Organizations[shows Resourcesof Organization]

Views

/organization/showAddUsersDialog3071

Manage-Organization[AddUsers toOrganization]

Views

/organization/removeUsersFromOrg3072

Manage-Organizations[Remove UsersFrom Organization]

Views

/peer/deletePeerType3073

Manage-Peers[Delete Peer Type]

Views

/peer/showAddUsersDialog3074

Manage-Peers[AddUsers to Peer]

Views

/peer/removeUsersFromPeer3075

Manage-Peers[Remove UsersFrom Peer]

Views

/users/delete3077

Manage-Users[Delete User]

Views

/reports/runTopNReports3044

Manage-Resources[Top N Charts]

Views

/organization/showJobForAssignmentRules4174

Organization-ShowJob for AssignmentRules

Views

/manageData/showOrgSearch2030

Manage-Organizations

Views

/organization/isNameDuplicate4177

Organization-Checkif Name isDuplicate



Views

/resource/showResourceGroupDetails2035

Manage-Resource-Resource name link[shows resourcedetails]

Views

/org/4051

Show OrganizationView

Views

/org4052

EnableOrganization View

Views

/org/showOrgRiskHistoryChart4053

Organization-ShowOrganization RiskHistory Chart

Views

/org/showHighRiskOrgs2031

Dashboard-SecurityDashboard-HighRisk Organizations

Views

/organization/showCreateOrgDialog3105

Manage-Organizations[ShowCreateOrganization]

Views

/manageData/showAppSearch2029

Manage-Applications

Views

/lookupTable/deleteLookupTableEntry4117

Delete LookupTable Entry

Views

/resource/importResources2006

Manage-Resources[shows importresource screen]

Views

/lookupTable/autocompleteSearch4118

LookupTable-AutocompleteSearch

Views

/lookupTable/getMaxRows4120

LookupTable-GetMax Rows

Views

/organization/listSelectOrganization4155

List SelectOrganization



Views

/lookupTable/index4121

View LookupTable

Views

/lookupTable/listLookupTableData4122

List Lookup TableData

Views

/lookupTable/filterLookupTables4123

Filter LookupTables

Views

/lookupTable/4124

Show LookupTable

Views

/lookupTable/createLookuptable4125

Create LookupTable

Views

/lookupTable/listLookupTables4126

ListLookupTables

Views

/lookupTable4127

EnableLookupTable View

Views

/organization/addChildOrganizationsList4145

Add ChildOrganizations List

Views

/organization/showAssignmentRules4147

Organization-ShowAssignment Rules

Views

/organization/resumeJob4149

Organization-Resume Job

Views

/organization/loadCAssociationRule4150

Organization-ShowAssociation Rule

Views

/organization/showAddOrg4151

Show AddOrganization

Views

/organization/showSchedulePeerAssignmentRule

4152

Organization-ShowSchedule PeerAssignment Rule

Views

/org/getUpdatedToken4050

Organization-GetUpdated Token

Views

/org/beforeInterceptor4049

Organization-Before Interceptor



Views

/org/updateOrgRiskScores3143

Dashboard-Organization-UpdateOrganization RiskScore

Views

/lookupTable/updateRowValues4119

LookupTable-Update Row Values

Views

/organization/4178

Views-ShowOrganization

Views

/organization/reRunJob4179

Organization-reRunJob

Views

/organization/treeView4181

Organization-TreeView

Views

/organization4182

View-EnableOrganization View

Views

/organization/listUsersNotInOrg4183

List Users Not InOrganization

Views

/organization/showOrgResourceGroups4184

Show OrganizationResource Groups

Views

/organization/list4185

Organization-List

Views

/peer/peerSearchAjax4224

Peer Search Ajax

Views

/resource/quickSearchResourceGroupAJAX4244

Quick SearchResource Groupusing AJAX

Views

/resource/getAccessLastRunData4279

Resource-GetAccess Last RunData

Views

/resource/listResourceTypes4285

List ResourceTypes

Views

/resource/loadResourcesGroups4334

Load ResourcesGroups



Views

/organization/searchAJAX4175

Organization-Search usingAJAX

Views

/resource/getActivityLastRunData4404

Resource-GetActivity Last RunData

Views

/users/userSearchAjax4477

Users-Search Users

Views

/watchList/listWatchList4509

Watchlist-List ofWatchLists

Views

/watchList/saveWatchList4520

Watchlist-SaveWatchList

Views

/manageData/manageWatchlist3058

Manage-Watchlists

Views

/whiteList/4526

Views-EnableWhitelist

Views

/whiteList/showWhitelist4527

Views-ShowWhitelist

Views

/org/showPendingAssignments3147

Dashboard-Organization-ShowPendingAssignments

Views

/org/showPendingAssignmentsList3148

Dashboard-Organization-ShowPendingAssignments ListView

Views

/org/showHighRiskOrgsByCategory3149

Dashboard-Organization-ShowHigh RiskOrganization ByCategory

Views

/organization/searchTreeElement4163

Organization-Search TreeElement



Views

/organization/listApplicationNotInOrganisation4161

List Application NotIn Organisation

Views

/organization/showOrgDetails4160

Show OrganizationDetails

Views

/resource/getResourcesForGroup4428

Get Resources ForGroup

Views

/organization/removeChildOrganizations3104

Manage-Organizations[Remove ChildOrganizations fromOrganization]

Views

/peer/pauseCreationJob1880

Manage-Peers-PeerCreation Rules[pause peercreation rule job]

Views

/organization/removeResourcesFromOrg3102

Manage-Organizations[Remove Resourcesfrom Organization]

Views

/resource/addResourcePeers4576

Add resource peers

Views

/resource/removePeersFromResources4577

Remove peers fromresources

Views

/resource/getResourcesPeerList4578

View resourcespeer list

Views

/spotter/loadDashboard4587

Spotter [NLPSearch Engine]

Views

/peer/showSchedulePeerAssignmentRule1885

Manage-Peers-PeerAssignment Rules[shows peerassignment rule jobscreen]

Views

/resource/getActivityIPPaginatedList4608

Display activity IPpaginated list



Views

/resource/profileTypeMapping4607

Allow profile typemapping forresource

Views

/resource/getAccountsPaginatedList4606

Display paginatedlist for resources

Views

/resource/showBehavior1914

Manage-Resources-Behavior profile[shows resourcebehavior]

Views

/resource/showDataManagement1913

Manage-Resources-AccessManagement[showsaccess managementscreen]

Views

/resource/resourceAccessAccounts1912

Manage-Resources-Access Accounts[shows list of accessaccounts]

Views

/peer/createRule1886

Manage-Peers-PeerAssignment Rules[runs peer creationjob]

Views

/peer/resumeCreationJob1881

Manage-Peers-PeerCreation Rules[resume peercreation rule job]

Views

/peer/removeResourcesFromPeer4598

Allow to removeresources frompeer

Views

/peer/listResourcesNotInPeer4604

Display resourcesto add in peers

Views

/manageData/showProfileDetails1830

Manage-Profiles[shows profiledetails]



Views

/manageData/showEditProfile1831

Manage-Profiles[shows edit profilescreen]

Views

/manageData/showUsersforProfile1832

Manage-Profiles[shows list of usersof profile]

Views

/manageData/showResourcesForProfile1833

Manage-Profiles[shows list ofresources ofprofile]

Views

/manageData/updateProfile1834

Manage-Profiles[update values forprofiles receivedfrom edit profilescreen]

Views

/manageData/showCreateProfile1835

Manage-Profiles[shows createprofile screen]

Views

/manageData/saveProfile1836

Manage-Profiles[saves values forprofiles receivedfrom create profilescreen]

Views

/manageData/showResourceSearch1837

Manage-Resources[shows list ofResources with submenu]

Views

/users/list1838

Manage-Users[shows list of users]

Views

/peer/searchResourcePeerAJAX4601

Allow resourcepeer search

Views

/resource/showResourcesPeer4575

Show resourcepeer view



Views

/peer/loadSearchBar4602

Diaplay peer searchbar

Views

/peer/listResourcePeers4573

View resourcepeers

Views

/resource/getProfileTypesForName4611

Display profiletypes for name inresource

Views

/resource/listActivityAttributes1904

Manage-Resources-Activity Attributes[shows list ofactivity attributes]

Views

/resource/update1903

Manage-Resources[update valus forresource recievedfrom edit resourcescreen]

Views

/resource/showResource1901

Manage-Resources[shows resourcevalues]

Views

/users/showCreateUserDialog1839

Manage-Users[shows create newuser screen]

Views

/resource/addAccessAttribute1893

Manage-Resources[save values foraccess attributerecieved fromcreate accessattribute screen]

Views

/resource/showResourceUsage1900

Manage-Resources[shows resourceusage]

Views

/resource/showResourceDetails1899

Manage-Resources[shows resourcedetails with tabs]



Views

/resource/save1898

Manage-Resources-Create Resource[save values forresource recievedfrom createresource screen]

Views

/resource/create1897

Manage-Resources-Create Resource[shows createresource screen]

Views

/resource/saveResourceGroup1896

Manage-Resources[save values forresource grouprecieved fromcreate resourcegroup screen]

Views

/resource/showCreateResourceGroupDialog1895

Manage-Resources-Create ResourceGroup[shows createresource groupscreen]

Views

/resource/updateActivityAttribute1909

Manage-Resources-Activity Attributes[update valus foractivity attributerecieved from editactivity attributescreen]

Views

/resource/listAccessAttributes1891

Manage-Resources[shows list of accessattributes]



Views

/resource/updateResourceGroup1890

Manage-Resources[update valus forresource grouprecieved from editresource groupscreen]

Views

/resource/editResourceGroup1889

Manage-Resources[shows editresource groupscreen]

Views

/resource/listResourcesForResourceGroup1888

Manage-Resources[shows list ofresources]

Views

/resource/listResourceGroups1887

Manage-Resources[shows list ofresource groups]

Views

/resource/addActivityAttribute1906

Manage-Resources-Activity Attributes[save values foractivity attributerecieved fromcreate activityattribute screen]

Views

/resource/accountTypeMapping4609

Allow account typemapping forresource

Views

/resource/resourceAccounts1910

Manage-Resources-Accounts[showsaccounts]

Views

/resource/showResourceAccounts1911

Manage-Resources-Accounts[shows listof accounts]

Views

/watchList/listResourcesNotInWatchlist4615

Show resources notin watchlist



Views

/watchList/listIPAddressNotInWatchlist4614

Show IP address forwatchlist

Views

/users/getAccountsPaginatedList4613

Show usersaccounts paginatedlist

Views

/resource/getResourcePaginatedList4612

Show resourcepaginated list

Views

/resource/loadBehaviorProfileDisplay4610

Show behaviorprofile display forresource

Views

/organization/showAddChildOrganizationDialog

3103

Manage-Organizations[AddChild Organizationsto Organization]

Views

/peer/getPaginateResourcesForPeer4603

Paginate resourcesfor peer

Views

/peer/showAssignmentRules1883

Manage-Peers-PeerAssignment Rules

Views

/peer/addResourcesToPeer4599

Allow adding ofresources to peer

Views

/peer/showAddResourcesDialog4600

Display addresource dialog

Views

/lookupTable/showLookupTableData3163

Manage-LookupTable-[Shows Listof Lookup Tableswith filters]

Views

/peer/showCreatePeerDialog1866

Manage-Peers-Create PeerManually[showscreate peer screen]

Views

/peer/showUsersforPeer1865

Manage-Peers[shows list of usersin the peer]



Views

/peer/showPeerBehavior1864

Manage-PeersBehavior[showspeer behavior]

Views

/peer/delete1863

Manage-Peers[delete peer]

Views

/peer/update1862

Manage-Peers[update valus forpeer recieved fromedit peer screen]

Views

/peer/edit1861

Manage-Peers[shows edit peerscreen]

Views

/peer/showPeerDetails1860

Manage-Peers[shows peer details]

Views

/peer/list1859

Manage-Peers[shows list of peers]

Views

/peer/save1867

Manage-Peers[saves values forpeer received fromcreate peer screen]

Views

/organization/update3070

Manage-Organizations[Updateorganization]

Views

/watchList/manageWatchlist3162

Manage-Watchlist-[Shows List ofwatchlists withfilters]

Views

/org/showHighRiskOrgUsersList3140

Dashboard-Organization-ShowHigh RiskOrganization Users

Views

/users/addOrgs3092

Manage-Users[AddOrganizations]



Views

/users/removeOrgsFromUser3093

Manage-Users[RemoveOrganizations]

Views

/users/addPeers3094

Manage-Users[AddPeers]

Views

/users/removePeersFromUser3095

Manage-Users[Remove Peers]

Views

/peer/editPeerType3096

Manage-Peers[Show Edit Peer]

Views

/peer/updateCriticality3097

Manage-Peers[Update Criticality]

Views

/resource/updateResourceAttributes3098

Manage-Resources[Update ResourceAttributes]

Views

/organization/showAddApplicationDialog3099

Manage-Organizations[AddApplications toOrganization]

Views

/organization/removeApplicationsFromOrg3100

Manage-Organizations[RemoveApplications fromOrganization]

Views

/organization/showAddResourcesToOrgDialog3101

Manage-Organizations[AddResources toOrganization]

Views

/peer/createPeerCreationRule1870

Manage-Peers-PeerCreation Rules[shows peercreation rule jobscreen]

Views

/resource/searchAJAXForResources4605

Allow resourcessearch



Views

/peer/deleteJob1871

Manage-Peers-PeerAssignment Rules[delete peerassignment rulejob]

Views

/peer/reRunJob1873

Manage-Peers-PeerAssignment Rules[rerun peerassignment rulejob]

Views

/users/update1852

Manage-Users[update values forUser received fromedit user screen]

Views

/users/edit1851

Manage-Users[shows edit userscreen]

Views

/users/showBehavior1850

Manage-Users[shows behaviorprofile]

Views

/users/showUserProfiles1849

Manage-Users[shows usersprofiles]

Views

/users/showUserAccessAccounts1848

Manage-Users[shows accessaccounts of user]

Views

/users/showUserAccess1847

Manage-Users[shows user access]

Views

/users/showUserPeers1846

Manage-Users[shows peer groupsof user]

Views

/users/show1845

Manage-Users[shows generaldetails of user]



Views

/users/showRiskyUserAccounts1844

Manage-Users[shows high riskaccounts for user]

Views

/users/showUserRiskScorecard1843

Manage-Users[showsriskscorecard foruser]

Views

/users/showUserBehavior1842

Manage-Users[shows behaviorprofile for user]

Views

/users/showEventsSummary1841

Manage-Users[shows monitoractivites for user]

Views

/manageData/listProfiles1829

Manage-Profiles[shows list ofprofiles]

Views

/manageData/showManageProfiles1828

Manage-Profiles[shows list ofprofiles with submenu]

Views

/manageData/showPeerSearch1827

Manage-Peers[shows list ofparent and childpeers with sunmenu]

Views

/peer/listParents1858

Manage-Peers[shows list ofparent peers]

Views

/peer/interruptCreationJob1882

Manage-Peers-PeerCreation Rules[interrupt peercreation rule job]

Views

/users/showUserDetails1840

Manage-Users[shows users detailswith tabs]



Views

/manageData/showUserSearch1826

Manage-Users[shows list of userswith sub menu]

Views

/peer/reRunCreationJob1879

Manage-Peers-PeerCreation Rules[rerun peercreation rule job]

Views

/peer/cancelCreationJob1878

Manage-Peers-PeerCreation Rules[cancel peercreation rule job]

Views

/peer/deleteCreationJob1877

Manage-Peers-PeerCreation Rules[delete peercreation rule job]

Views

/peer/interruptJob1876

Manage-Peers-PeerAssignment Rules[interrupt peerassignment rulejob]

Views

/peer/resumeJob1875

Manage-Peers-PeerAssignment Rules[resume peerassignment rulejob]

Views

/peer/pauseJob1874

Manage-Peers-PeerAssignment Rules[pause peerassignment rulejob]

Views

/peer/cancelJob1872

Manage-Peers-PeerAssignment Rules[cancel peerassignment rulejob]



Views

/whiteList4525

Views-Whitelist


AdministrationGuide · 2020. 8. 12. · DownloadFiles 292 UploadFiles 294 RegisterConnectors 296...

Documents

Transcript of AdministrationGuide · 2020. 8. 12. · DownloadFiles 292 UploadFiles 294 RegisterConnectors 296...