Best practices for ThreatWorx Platform are as below:
- Sign-up / Authentication / SSO
- Enable user white listing for sign-ups.
- Configure Single Sign On with your Enterprise Identity Provider.
- Fine tune “Idle Session Timeout” based on your organization policies.
- Access Control
- Grant appropriate role (Discoverer, Administrator) to appropriate users.
- Setup Tag Based Access control for standard users.
- Ensure proper tagging of assets during discovery itself.
- Follow “Least Privilege” principle while grant access to users.
- Alerting
- Configure appropriate alerts to ensure security events are relayed to relevant teams in the organizations.
- Policies
- Setup policy to auto remove stale aged assets via “Asset Purge” policy.
- Setup policy to auto remove older reports via “Report Purge” policy.
- Setup CI/CD polices in ThreatWorx platform and integrate these in your CI/CD pipelines.
- Reporting
- Configure scheduled reports to ensure that relevant teams and stakeholders are kept in the loop.
- Discovery Tracking
- Ensure that you monitor discovery runs periodically to track any non-operational issues. Keep a watch on the “Bell” notification icon at the top right of the page.