Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Pro
101102103104105106107108109110
Security Management Server - AdminHelp v9.8
89
Click a marker and it can list the Device, File, User, and Timestamp for that marker's audit
event.
The audit event can be a combination of the device and user that caused the audit event,
for example: One device or user accessed one file. Multiple devices or users accessed one
file, and the timestamp indicates the user who last accessed the file. One user accessed
numerous files.
Mapping points of interest and points visible - If you scroll to the bottom right of the columns, the
total number of items in the column displays. The map displays only files that have geolocation data
(latitude and longitude). If a column lists 1000 files, but some lack geolocation data, the map
displays only the points with geolocation data.
For performance purposes, the map limits the display to the first 2000 audit events that
have latitude/longitude points in the table. It also varies depending on the filters you set.
If you drill in on the marker cluster, the map lists the total points of interest and the visible
points.
Note: Files that lack geolocation data and display only in the columns still provide some information
for auditing.
Show only visible check box - If you click a marker cluster, the map displays only the area for that
cluster but the columns list all audit events in the original query. On the lower right of the map,
click this check box and the columns list only the audit events for those visible map points. As you
continue to drill down, the columns list only the events for the visible map points. Clear the check
box to return to the global view.
Audit event options and filters
Use these options to determine the type and amount of audit event data to display.
Moniker - By default, information displays for all monikers. Click one or more check boxes to display
specific monikers. Click Clear selected items to display all.
Cloud Encryption
Protected Office
System - Populates the user logged into or logged out of the device that has Data
Guardian installed.
Beacon - Indicates a device without Data Guardian installed that tried to access a
protected file. These audit events may have limited data, for example, the location
where the file was accessed but without the name of the user of the device.
Timestamp - Select the amount of past time for audit events to display - 1, 7, 14, 30, 60, or 90
days.
More - If you set filters and create a query, you can select the filter options in More to modify the
query. As you select an option, it displays as a menu dropdown. Some actions apply to Windows,
Mac, and mobile devices. Some are specific to one or more.
Action - The default is All. Click one or more check boxes to display specific actions
associated with the payload file. See Action
and the tables below for details and to
determine the operating system.
Cloud Action - The default is All. Click one or more check boxes to display the reason for an
Action. See Cloud_Encryption_audit events
and the tables below for details and to
determine the operating system.