Privileged User Analytics

Lets you see how your users are behaving. Highlights anomalous activity that surrounds insider attacks and privileged account compromise.

Feature Highlights

Privilged User ANalytics

Here's our second generation Analytics

Our real world analysis has made it clear that SysAdmins do a lot of work outside working hours, especially during incidents. Although the start time of connections could be an indicator of malicious behaviour, factors like which system and length of connection have more correlation.

We built our analytics around key factors like: Start Time, Session Length, Accounts Used and originating IP addresses. All of these data points link back to Osirium's reporting. Graphs show the trends, but reporting holds the specifics.

Its all about behaviour, these analytics show how individuals are working within the group. You can see how the server and network team behave. Taking different views lets your see the outlying data points quickly.

Privileged User Analytics

Analytics Summary Page

This gives you an overview of all the logins or privileged users along with all the sessions they had with devices

By running the mouse over the sessions, the detail panel gives the system, role and duration of the session.

Osirium Session IPs

Session IPS

This shows you which IP addresses were used to initiate sessions to systems and devices.

The information is very much dependent on the DHCP policy and how addresses are reused. In general you can tell the originating subnets, where leases are long it can reveal account sharing.