Planning your timeline for Threat Manager
Threat Manager is an extremely useful tool for administrators to gain insight into how their iManage content is being used. It allows them to run on-demand reporting targeting individual users, specific groups, or an entire database of users. If you have recently adopted the iManage system, it’s understandable that you’re excited to start utilizing Threat Manager’s tools on day one, however, because the service’s algorithms need time for data to be ingested and calculated, you should allow some time to pass before you can expect to see useful calculations within your analysis.
The Threshold is a value that iManage calculates based on users’ and group’s activities and assigns an Individual and a Group Threshold for each user. Threshold is the marginal line between what Threat Manager determines is normal and potentially malicious behavior. These values are used in calculations used when determining a Risk Score during your analysis or generating User Alerts. In the first few weeks of using iManage, users may still be adopting the software and getting familiar with it. These types of activities will not be reflective of what normal day-to-day usage will be within the iManage system. We suggest that you allow users a period of 30-60 days to use iManage before you begin to see user activities stabilize.
It’s also helpful to have an administrative call with us so we can assist you in creating rules that will be useful to you. If you set up rules too early, you may see Threshold numbers that are higher or lower than what your averages will be in the future. With that in mind, there will most likely be accounts that may never behave like a day-to-day user, like training accounts, help desk accounts, etc. It is recommended that these accounts are added to the Global Exclusions List. Doing so will allow you to run reports without the influence of these accounts’ activities.
If you’re implementing Threat Manager on-premise, the service will ingest all data from iManage’s DOCHISTORY table. So whether you have been using iManage for years and are purchasing Threat Manager, or you’re implementing iManage for the first time, the utility will be able to track any activities from within the iManage system.