Initial Setup
Data Collection
The initial step entails the real-time ingestion of data within the application.
This critical process is facilitated by a robust array of proprietary connectors, designed to seamlessly integrate both on-premises and cloud-based data sources.
Through this ingestion process, data is acquired and subsequently subjected to normalization and enrichment procedures. Importantly, these procedures are meticulously applied to specific key fields while preserving the integrity and authenticity of the data.
It is crucial to note that the data ingestion process operates independently of the ongoing analysis process. The latter, which forms a part of the subsequent architecture, will harness the preprocessed data for in-depth analysis and insights.
Following ingestion and preprocessing, the data is primed for analysis aimed at identifying user habits and deviations from typical routines.
These deviations, referred to as “anomalies”, are of particular interest as they may signify potential threats or irregularities within the system. Therefore, a comprehensive analysis of these anomalies is essential to identify and address any potential risks or security breaches.
Configure a new Data Collector
To install the OOTB (Out-of-the-Box) content, the following prerequisites must be met:
- Having an administration account.
- Configuring a data collector that, by connecting to a target system, allows data ingestion.
NOTES: Configuring the Collector may require providing the necessary permissions to enable the Sharelock platform to interact with the target tenant.
These instructions are provided separately for each target tenant.
The administration account is provided during the standard system installation.
To configure a new data collector, follow these instructions:
- Log in as a system administrator.
- From the top menu, starting from the Dashboard, click on "Settings," and then on "Collector Data" under the Configurations section.
This will open a screen called Collector Management, from which you can create a configuration for a natively supported target systems, such as:
- Azure AD & 365
- OneLogin
- Google Workspace
- AWS Cloud Trail
Each of these configurations will have its own set of credentials.
For example, for Azure AD & 365, you need to provide:
- Name: the name of the collector
- Tenant: the GUID of the tenant to which the content belongs
- Client ID: the GUID of your application that created the subscription
- Secret: a secret string that the application uses to prove its identity when requesting a token
Once the configuration is complete, you can activate the collector by enabling the "Status" toggle and pressing the "Save" button below.
Once properly configured, the Collector is tasked with data extraction from the target system for ingestion into the Sharelock platform.
This process is automated, and its duration varies depending on the volume of data to be ingested.