Configuring the Analytics Engine

Configure the analytics engine, incident risk reporting, and risk-related policies in the Data Security module of the Forcepoint Security Manager.

Steps

  1. Go the Settings > Deployment > System Modules page.
  2. Make sure the analytics engine module appears in the tree, then:
    1. Click the module to view details.
    2. If needed, change the module name and description.
  3. Go to the Settings > General > Reporting page to configure the Top Risks report derived from the user analytics.
    1. Specify the risk scores to show in the report and on the dashboard.
    2. Define the organization’s typical work week to help identify aberrant behavior.
  4. For optimal accuracy and efficacy, go to the Main > Policy Management > DLP Policies page and add the following policies:
    • Disgruntled Employee
    • Self CV Distribution
    • Password Files
    • PKCS #12 Files
    • Deep Web URLs
    • Email to Competitors

      Be sure to provide the competitors’ domain names (case-insensitive, separated by semicolons).

    • Suspected Mail to Self

      Add or edit the sources to monitor via the possible_sources_domains

      parameter in the Email Similarity script classifier.

  5. Click Deploy.

Next steps

Refer the following task for information about the reports that the analytics engine enables.