In this video, we're going to take a tour of an existing tenant in Starling Identity Analytics and Risk Intelligence. In this particular case, we're only collecting information from an active roles environment.
Currently, you can see the dashboard, and on the dashboard we have some interesting information you can take a look at. For instance, we can see that we have 74 high risk accounts already. We're only collecting information from one data source.
Now, let's talk about data sources for a second. You can collect information from multiple data sources at the same time. For instance, imagine you have domain A, and you also have domain B. You can collect information from both of those data sources at the same time, and compare entitlements or cross-domain. That's a really interesting use case that we're going to take a look at in another video.
You can see the number of rules that we're currently evaluating against this data. And then finally, we see we have 13 high risk entitlements. Now, these are the types of entitlements that we're considering high risk, as opposed to the people or systems that we consider high risk accounts.
Underneath this information, we see a graph, and the graph is showing us some interesting information, right now. For instance, we see that, on the 4th and the 5th, there was a bit of a spike in high risk accounts, and it seems like that was fixed by the 6th. Well, I know that, in this particular case, a request had gone out to make certain people of a particular group members of the help desk, but what had actually happened is that the request was handled incorrectly, and every member of that group was added to the desk. And so over the weekend we saw this huge spike.
Now, in a practical sense, what's interesting for me is that, if that had happened, if the request had gone out and I had logged into the dashboard, I would have seen this spike and instantly gone, what happened? The information contained within this system is going to tell you what happened. And in this particular case, again, as an example, we saw that every one of a particular group was added, and not just certain members of that group. We fixed the rule, and you see that this got back down to a reasonable setting here of high risk accounts.
Why do I say a reasonable setting of high risk accounts? Well, there's no way we're going to eliminate high risk accounts. It's just the simple fact, there are going to be high risk accounts in your environment. But what we want to try to do is make the number of those high risk accounts as small as possible.
And again, in this particular case, there was a mistake that was made. We can see that very easily on the graph, a huge spike. We fixed the mistake, and now it's back closer to where we wanted it to be.
Finally, scrolling down to the bottom of the screen here, we see that there's a new high risk accounts area, and an increased high risk accounts area. Both of these areas, at the moment, are blank, because today, a collection hasn't been executed yet. And so this information at the bottom is basically talking to you about the number of high risk accounts, or the number of increased high risk accounts, from the last time the process ran.
Before we continue the tour, let's go into our active roles environment. Add someone to a high risk area, execute a collection, and then come back and take a look at the dashboard again.
OK. So here we are in a virtual machine I have where active roles is running. Let's open up the console, which has already started. And in my environment, if I add someone to the help desk group, that's going to show up in Starling as a new high risk account.
Now, why is that? Well, in my environment, members of the help desk group have a lot of risky entitlements. For instance, they can reset someone's password. So that's definitely something I want to have show up in the Starling dashboard.
Let's open up groups. Scroll down to help desk, and add a member to the help desk. Today, we're going to add Susie. We'll add Susie Augustine. We'll click apply, click OK. That's all we have to do here. Now basically, we want to go back to the dashboard, collect information from the active roles environment, and see what happens.
Now, that information isn't going to automatically pop up on the dashboard, and that's because, if you remember from the previous video where we installed the collector into our environment, we had an option where we could set how often we wanted the collector to run. And in my environment, I've set that for every 24 hours. So to start the collection manually, simply go up to configuration and look at your collector agents.
Here's the collector agent in question. We'll just highlight that. Click on actions, and click edit. And then finally say, initiate collection.
Again, that sets a flag in the Starling environment that says, I need you to do a collection. The collector itself is polling the Starling environment on a regular basis saying, is there anything you want me to do? So the moment that it sees that that flag has been set, the collection will kick off automatically.
You could stay on this screen, if you want, and wait for the collection to finish, or you can go back to the dashboard and wait for it to finish there. But we're going to wait right here until the collection is finished. It's only going to take a minute. And then when it's done, we'll go back to the dashboard and look at the results.
OK, the collection is finished. Let's go back to the dashboard and