Advanced Analytics

PAM360 offers robust, native integrations with state-of-the-art data analytics tools to help you manage and automatically analyze account activity from your privileged resources. This document provides detailed information on which data analytics applications you can integrate with PAM360 and how you can view and interpret the data from the Advanced Analytics module.

At the end of this document, you will have learned the following:

  1. Benefits of the Advanced Analytics Module
  2. How does the Integration Work?
  3. How to Activate Advanced Analytics in PAM360?
  4. Data Analytics Tools Integrated with PAM360
  5. Viewing Advanced Analytics in PAM360

    5.1 ManageEngine Analytics Plus

    5.2 ManageEngine Log360 UEBA

1. Benefits of the Advanced Analytics Module

Use the Advanced Analytics tab to:

  • Spot unusual user behavior and gain insights to identify security threats.
  • Intelligently monitor historical audit logs for malicious account activities.
  • Use Zia, the analytics assistant powered by machine learning, to help identify sources of anomalies.
  • Blend data from several sources and PAM360 modules to get unified insights for better visibility.
  • Get notified of suspicious activity when pre-configured thresholds are breached.
  • Email, export, publish, and share key findings through secure sharing options.

The scope and benefits of integration differ based on the product integrated and its functionalities. Still, the basic idea behind the integration is to manage shared sensitive information from PAM360. Read further to learn how the integration works for each product.

2. How does the Integration Work?

When you integrate PAM360 with a data analytics tool, PAM360 consolidates all of the resource and user audit logs recorded here and sends them to the analytics tool of your choice. The audit data is interpreted and visualized in the form of Dashboards and displayed in the Advanced Analytics tab.

3. How to Activate Advanced Analytics in PAM360?

To activate Advanced Analytics for your PAM360 instance, you need a working license for any one of the data analytics applications listed below. If you already have a license, click the name of the application to learn how to set up the dashboard. For further queries, please write to us at pam360-support@manageengine.com.

4. Data Analytics Tools Integrated with PAM360

PAM360 integrates with the below products:

  1. ManageEngine Analytics Plus
  2. ManageEngine Log360 UEBA

Click each link to learn how to integrate the product with PAM360.

5. Viewing Advanced Analytics in PAM360

Once the integration is complete, follow the below steps to view your data dashboards in Advanced Analytics:

  1. Login to PAM360 and click the Advanced Analytics tab.
  2. In this page, you will see dashboards from both ManageEngine Analytics Plus and ManageEngine Log360 UEBA, if you have integrated both the products with PAM360. The data will be segregated here the same way it appears in the Analytics Plus and Log360 UEBA servers respectively.

5.1 ManageEngine Analytics Plus

  1. The Dashboard menu in the left pane displays different types of dashboards based on the data already imported to Analytics Plus from PAM360. Click each dashboard type to view the corresponding data in the display area on the right.
  2. The data displayed here depends on the following:
    1. The modules you had already imported to Analytics Plus from PAM360.
    2. The time period you had chosen to import data from PAM360.
    3. The data import schedule you had chosen in Analytics Plus during the integration.

Click the Launch Analytics Plus link if you wish to switch over to the Analytics Plus portal.

Advanced Analytics View in PAM360

5.1.1 User Activity Dashboard

The User Activity Dashboard gives you all possible data related to user activity in your PAM360 environment. Use the User Account, Resource Name, and Time Period filters to refine the dashboard view. At a glance, you can view details such as the number of users who have accessed a particular resource/account in a particular time period, most active user, number of users added within the selected time period, and the user who has the highest level access. Analytics Plus segregates user activity into various divisions and renders them as graphs for easy interpretation. Scroll down to view all the available graphs.

 

5.1.2 Passwords Insight

The Passwords Insight dashboard gives all data related to the passwords saved in PAM360 that are owned and managed by you. Use the Resource Name and Account Name filters to refine the dashboard view. At a glance, you can view the number of expired passwords, the number of passwords expiring this week, and the name of the resource with the most expired passwords. Along with the above, the dashboard also displays the synchronization percentage of the passwords, the widely used password policy, and the number of policy violations. Similar to other dashboards, Analytics Plus segregates password insights into various sections and renders them as graphs for easy interpretation. Scroll down to view all the available graphs.

5.1.3 Operations Overview

The Operations Overview dashboard provides a detailed overview of the resource and password related operations that were performed within the selected time period. Use the Resource Name, Account Name, and Time Period filters to refine the dashboard view. At a glance, it gives you details such as the number of resources and accounts present, the most active user, the most active resource, and the password access percentage. Similar to other dashboards, Analytics Plus segregates operation details into various sections and renders them as graphs for easy interpretation. Scroll down to view all the available graphs.

5.1.4 Access Control Dashboard

The Access Control Dashboard provides you details about the resource and password related operations that were performed within the selected time period. Use the Resource Name, Account Name, and Time Period filters to refine the dashboard view. At a glance, it gives you details such as the user who has access to the most number of accounts, the name of the account which is widely shared, and the total number of password requests, and the number of requests revoked for the selected time period. Similar to other dashboards, Analytics Plus segregates access control details into various sections and renders them as graphs for easy interpretation. Scroll down to view all the available graphs.

5.1.5 Anomaly Detection

The Anomaly Detection dashboard provides you details about any anomalous activities that may have taken place within the selected time period. Use the Resource Name, Account Name, and Time Period filters to refine the dashboard view. At a glance, it gives you details such as the number of operations performed in non-business hours, the most frequent non-business hour operation, the number of user sessions carried out during non-business hours, the name of the account that was widely accessed during non-business hours, the user who had the most number of authentication failures, and the user who performed the most number of unauthorized access. Similar to other dashboards, Analytics Plus segregates access control details into various sections and renders them as graphs for easy interpretation. Scroll down to view all the available graphs.

5.2 ManageEngine Log360 UEBA

To view analytics data consolidated by ManageEngine Log360 UEBA, choose one of the reports: Resource Anomaly or User Anomaly. As per your choice, the analysis of resource and user audit reports will be displayed in the dashboard area on the right.

  1. Log360 UEBA segregates resource and user audit trails from PAM360 and renders the data in three ways:
    1. Audit Time - The time at which user activity is detected.
    2. Audit Count - The number of times a user activity is detected.
    3. Audit Pattern - Based on the Audit Time and Audit Count, Log360 UEBA generates patterns for user behavior.
  2. Through a score-based risk assessment, Log360 UEBA marks any activity that strays from the normal pattern as an anomaly in the Anomaly Reports. Log360 UEBA provides an option to visualize the Anomaly Reports in the form of bar graphs and pie charts.
  3. Click the Export As option in the top right corner to export the report that is currently displayed. You can export reports in four formats namely: CSV, PDF, XLS, and HTML.
  4. To schedule the generation of reports, click the Schedule Reports option. Please note that the report schedules set in the Log360 UEBA dashboard and the Reports tab of PAM360 are independent of each other.

 

©2019, ZOHO Corp. All Rights Reserved.

Top