PoC Guide: POC Guide Citrix Analytics for Security
Overview
Citrix Analytics for Security continuously assesses the behavior of Citrix Virtual Apps and Desktops users and Citrix Workspace users and applies actions to protect sensitive corporate information. The aggregation and correlation of data across networks, virtualized applications and desktops, and content collaboration tools enables the generation of valuable insights and more focused actions to address user security threats. More information on Citrix Analytics for Security can be foundhereand videos demonstrating the Citrix Analytics for Security can be foundhere.
Pre-requistes
On-premises Citrix Virtual Apps and Desktops Sites
- Delivery Controller 7.16 or later
- Director 7.16 or later
- Citrix Cloud account with Citrix Analytics entitlements
- If you are using StoreFront, StoreFront 1906 or later is required
On-premises Citrix Gateway
- Subscribe to Citrix ADM service offered on Citrix Cloud. To learn how to get started with Citrix ADM service, see让明星ted.
- Review thesystem requirementsand ensure that the requirements are met.
Deployment Steps
Citrix Virtual Apps and Desktops on-premises using Workspace
Connecting to on-premises StoreFront
Log into Citrix Cloud and clickManageunder the Analytics console from your StoreFront server
ClickManage
Clicksettingsand then clickdata sources
Click the ellipses next to Virtual Apps and Desktops and selectConnect to StoreFront Deployment
Clickdownload file
Open powershell and run the following command: Import-STFCasConfiguration -Path “configuration file path”
You can see that the StoreFront database has been added
Connecting to on-premises sites using Workspace
Site needs to be added to Citrix Workspace usingSite Aggregationbeforehand
Log into Citrix Cloud from one of your delivery controllers
Selectmanageunder Security Analytics
SelectData sourcesunderSettings
clickPolicy Incompleteunder Virtual Apps and Desktops
click the drop down under your site name and then clickcontinue
Selectdownload agent
Complete the installation
clickConnect to Installed Agent. This process can take a few minutes.
Enter the information for your site administrator
Enter your Director’s URL
Click done after reviewing your information
Citrix Gateway on-premises using Citrix ADM service
Gateway data sources added to Citrix ADM
Gateway data sources not added to Citrix ADM
Risk Indicators
User risk indicators are user activities that look suspicious or can pose a security threat to your organization. User risk indicators span across all Citrix products used in your deployment. The indicators are based on user behavior and are triggered where the user’s behavior deviates from the normal. User risk indicators help in determining the user’s risk score.
ClickCustom Risk Indicators and Policiesunder Settings
Turn on the risk indicators by clicking the toggle. Then clickCreate Indicator
Here you can create custom indicators
Clickpolicies. A policy is a set of conditions that must be met to apply an action. A policy contains one or more conditions and a single action. You can create a policy with multiple conditions and one action that can be applied to a user’s account.
ClickCreate policy
Select the condition and then the action you want
Make sure that the policy is enabled and clickCreate policy
Dashboards
The user dashboard provides visibility into user-behavior patterns across an organization. Using this data, you can proactively monitor, detect, and flag behavior that fall outside the norm, such as phishing or ransomware attacks. click a specific user
This dashboard provides a risk timeline of what the user is doing and what source it is coming from.
clickAccess assurance
The Access Assurance Location dashboard provides an overview of the locations from where your users are accessing their Citrix Virtual Apps and Desktops environment.
