Jump to content

PoC Guide: POC Guide Citrix Analytics for Security

  • Contributed By: Citrix Technical Marketing

Overview

Citrix Analytics for Security continuously assesses the behavior of Citrix Virtual Apps and Desktops users and Citrix DaaS users and applies actions to protect sensitive corporate information. The aggregation and correlation of data across networks, virtualized applications and desktops, and content collaboration tools enables the generation of valuable insights and more focused actions to address user security threats. More information on Citrix Analytics for Security can be found here and videos demonstrating the Citrix Analytics for Security can be found here.

 

poc-guides_security-analytics_1.png

 

Pre-requistes

On-premises Citrix Virtual Apps and Desktops Sites

The current prerequisites for Citrix Security Analytics are:

  • Delivery Controller 1912 CU2 or later
  • Director 1912 CU2 or later
  • Citrix Cloud account with Citrix Analytics entitlements
  • If you are using StoreFront, StoreFront 1906 or later is required

For up to date requirements, visit: Citrix Security Analytics Requirements

On-premises Citrix Gateway

  • Subscribe to Citrix ADM service offered on Citrix Cloud. To learn how to get started with Citrix ADM service, see Getting Started.
  • Review the system requirements and ensure that the requirements are met.

Deployment Steps

Citrix Virtual Apps and Desktops on-premises using Workspace

Connecting to on-premises StoreFront

Log into Citrix Cloud and click Manage under the Analytics console from your StoreFront server

 

poc-guides_security-analytics_2.png

 

Click Manage

 

poc-guides_security-analytics_3.png

 

Click settings and then click data sources

 

poc-guides_security-analytics_4.png

 

Click the ellipses next to Virtual Apps and Desktops and select Connect to StoreFront Deployment

 

poc-guides_security-analytics_5.png

 

Click download file

 

poc-guides_security-analytics_6.png

 

Open powershell and run the following command: Import-STFCasConfiguration -Path "configuration file path"

 

poc-guides_security-analytics_7.png

 

You can see that the StoreFront database has been added

 

poc-guides_security-analytics_8.png

 

Connecting to on-premises sites using Workspace

Site needs to be added to Citrix Workspace using Site Aggregation beforehand

Log into Citrix Cloud from one of your delivery controllers

 

poc-guides_security-analytics_9.png

 

Select manage under Security Analytics

 

poc-guides_security-analytics_10.png

 

Select Data sources under Settings

 

poc-guides_security-analytics_11.png

 

click Policy Incomplete under Virtual Apps and Desktops

 

poc-guides_security-analytics_12.png

 

click the drop down under your site name and then click continue

 

poc-guides_security-analytics_13.png

 

Select download agent

 

poc-guides_security-analytics_14.png

 

Complete the installation

 

poc-guides_security-analytics_15.png

 

click Connect to Installed Agent. This process can take a few minutes.

 

poc-guides_security-analytics_16.png

 

Enter the information for your site administrator

 

poc-guides_security-analytics_17.png

 

Enter your Director’s URL

 

poc-guides_security-analytics_18.png

 

Click done after reviewing your information

 

poc-guides_security-analytics_19.png

 

Citrix Gateway on-premises using Citrix ADM service

Gateway data sources added to Citrix ADM

Gateway data sources not added to Citrix ADM

Watch the onboarding video

Risk Indicators

User risk indicators are user activities that look suspicious or can pose a security threat to your organization. User risk indicators span across all Citrix products used in your deployment. The indicators are based on user behavior and are triggered where the user’s behavior deviates from the normal. User risk indicators help in determining the user’s risk score.

Click Custom Risk Indicators and Policies under Settings

 

poc-guides_security-analytics_20.png

 

Turn on the risk indicators by clicking the toggle. Then click Create Indicator

 

poc-guides_security-analytics_21.png

 

Here you can create custom indicators

 

poc-guides_security-analytics_22.png

 

Click policies. A policy is a set of conditions that must be met to apply an action. A policy contains one or more conditions and a single action. You can create a policy with multiple conditions and one action that can be applied to a user’s account.

 

poc-guides_security-analytics_23.png

 

Click Create policy

 

poc-guides_security-analytics_24.png

 

Select the condition and then the action you want

 

poc-guides_security-analytics_25.png

 

Make sure that the policy is enabled and click Create policy

 

poc-guides_security-analytics_26.png

 

Dashboards

The user dashboard provides visibility into user-behavior patterns across an organization. Using this data, you can proactively monitor, detect, and flag behavior that fall outside the norm, such as phishing or ransomware attacks. click a specific user

 

poc-guides_security-analytics_27.png

 

This dashboard provides a risk timeline of what the user is doing and what source it is coming from.

 

poc-guides_security-analytics_28.png

 

click Access assurance

 

poc-guides_security-analytics_29.png

 

The Access Assurance Location dashboard provides an overview of the locations from where your users are accessing their Citrix Virtual Apps and Desktops environment.

 

poc-guides_security-analytics_30.png

 

poc-guides_security-analytics_1.png

poc-guides_security-analytics_2.png

poc-guides_security-analytics_3.png

poc-guides_security-analytics_4.png

poc-guides_security-analytics_5.png

poc-guides_security-analytics_6.png

poc-guides_security-analytics_7.png

poc-guides_security-analytics_8.png

poc-guides_security-analytics_9.png

poc-guides_security-analytics_10.png

poc-guides_security-analytics_11.png

poc-guides_security-analytics_12.png

poc-guides_security-analytics_13.png

poc-guides_security-analytics_14.png

poc-guides_security-analytics_15.png

poc-guides_security-analytics_16.png

poc-guides_security-analytics_17.png

poc-guides_security-analytics_18.png

poc-guides_security-analytics_19.png

poc-guides_security-analytics_20.png

poc-guides_security-analytics_21.png

poc-guides_security-analytics_22.png

poc-guides_security-analytics_23.png

poc-guides_security-analytics_24.png

poc-guides_security-analytics_25.png

poc-guides_security-analytics_26.png

poc-guides_security-analytics_27.png

poc-guides_security-analytics_28.png

poc-guides_security-analytics_29.png

poc-guides_security-analytics_30.png


User Feedback


There are no comments to display.



Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...