Configure the analytics engine, incident risk reporting, and risk-related policies in the Data Security module of the Forcepoint Security Manager.
Steps
- Go the Settings > Deployment > System Modules page.
- Make sure the analytics engine module appears in the tree, then:
-
Click the module to view details.
-
If needed, change the module name and description.
- Go to the Settings > General > Reporting page to configure the Top Risks report derived from the user analytics.
-
Specify the risk scores to show in the report and on the dashboard.
-
Define the organization’s typical work week to help identify aberrant behavior.
- For optimal accuracy and efficacy, go to the Main > Policy Management > DLP Policies page and add the following policies:
- Disgruntled Employee
- Self CV Distribution
- Password Files
- PKCS #12 Files
- Deep Web URLs
- Email to Competitors
Be sure to provide the competitors’ domain names (case-insensitive, separated by semicolons).
- Suspected Mail to Self
Add or edit the sources to monitor via the possible_sources_domains
parameter in the Email Similarity script classifier.
-
Click Deploy.
Next steps
Refer the following task for information about the reports that the analytics engine enables.