https://catalogartifact.azureedge.net/publicartifacts/rsasecurity1687281258544.id_plus_event_advisor-4b55c970-0e52-49e0-89f9-2da1b7fd367e/d5dd7b98-d4bc-4f97-a4ba-7f6ee67144c0_3055717098642581747.png
RSA Advisor for Admin Threats
Автор: RSA Security
Just a moment, logging you in...
Analyzes ID Plus admin events to detect suspicious or compromised account activity.
The RSA Advisor for Admin Threats conducts a comprehensive analysis of administrative activity within an ID Plus tenant through administrator logs that are stored within the Sentinel Datalake. This agent is designed to identify and surface potentially suspicious activity that could indicate the compromise of an administrator account and/or a potential insider threat. Utilizing this advisor, security administrators and analysts can save time, as it automates the process of searching through logs and correlating events using natural language prompts, resulting in quicker and more accurate conclusions.
Estimated SCU consumption per execution:
• Small environments: ~0.2 SCUs
(e.g., lower administrative activity and limited event volume ~100 Events )
• Medium environments: ~0.3 SCUs
(e.g., moderate administrative activity and event volume ~200 Events)
• Large environments: ~0.4 SCUs
(e.g., higher administrative activity and larger event volumes ~500 Events)
Быстрый обзор
https://catalogartifact.azureedge.net/publicartifacts/rsasecurity1687281258544.id_plus_event_advisor-4b55c970-0e52-49e0-89f9-2da1b7fd367e/7a34d96a-5488-4934-8bf8-58a85748907d_1AgentList.png
https://catalogartifact.azureedge.net/publicartifacts/rsasecurity1687281258544.id_plus_event_advisor-4b55c970-0e52-49e0-89f9-2da1b7fd367e/753e4966-bf2f-4210-a646-129ff0b1f931_2AgentExecutionEventSummary.png
https://catalogartifact.azureedge.net/publicartifacts/rsasecurity1687281258544.id_plus_event_advisor-4b55c970-0e52-49e0-89f9-2da1b7fd367e/6e6dce08-2a38-4a05-becd-2ac9e25c1dc7_3AgentEventSummary.png
https://catalogartifact.azureedge.net/publicartifacts/rsasecurity1687281258544.id_plus_event_advisor-4b55c970-0e52-49e0-89f9-2da1b7fd367e/19c52a39-2335-424a-94a1-5500b22265a2_4ExtractedEntities.png
https://catalogartifact.azureedge.net/publicartifacts/rsasecurity1687281258544.id_plus_event_advisor-4b55c970-0e52-49e0-89f9-2da1b7fd367e/4e4c4d42-2f4b-46bf-9552-e940a93306f0_5KeyFindings.png
Другие приложения из RSA Security
RSA Authentication Manager 8.9.0.0.0RSA SecurityMulti-Factor Authentication and Identity Assurance
+1
Applicable to:
Azure Applications
Azure ApplicationsNaN out of 5
RSA Authentication Manager 8.8.0.0.0RSA SecurityMulti-Factor Authentication and Identity Assurance
+1
Applicable to:Azure Applications
Azure ApplicationsNaN out of 5
RSA Authentication Manager 8.7.2.0.0RSA SecurityMulti-Factor Authentication and Identity Assurance
+1
Applicable to:Azure Applications
Azure ApplicationsNaN out of 5
RSA Authentication Manager 8.7.1.0.0RSA SecurityMulti-Factor Authentication and Identity Assurance
+1
Applicable to:Azure Applications
Azure ApplicationsNaN out of 5
RSA ID PlusRSA SecurityRSA ID Plus® provides unified identity and access management (IAM) capabilities across environments.
+1
Applicable to:
SaaS
SaaSNaN out of 5