Can someone share their experience working with the watchlists, what exactly happens when users are added to a watchlist? I am in need of giving the security analysts (who do not have admin privileges in Securonix) the ability to update watchlists. The analysts want to assign a high risk score to certain individuals. i.e. if for all users policy X assigned risk score of 0.01, they want to assign a risk score of 1.0 for the same policy X for users on the watchlist. Thoughts on how else I could accomplish this?
asked 21 Apr '15, 06:01
IF i understand this correctly,
you have a policy which flags users for a particular violation. the current risk score for them right now is 0.01. the goal is to have a higher risk score for these users.
This can be done by increasing the criticality associated with the policies used to flag the users from Low to High. This will increase the risk score for the users.
Watchlist are used in cases where you want to monitor the users on it separately. eg: A watchlist can be created for HPA users, users with flight risk etc.
answered 27 Apr '15, 15:44