Support Center

Acquiring Data Access Reports

Last Updated: Sep 05, 2017 02:03AM PDT
This article shows you how to request, receive, and review Organization Data Access reports.

NOTE: If you are searching for host-local application debug logs, see Accessing Log Data.

Introduction
The SSProtect product suite provides a great deal of functionality all directed at protecting sensitive information. In the progression of events, the cloud service component serves as a central coordinator for all information - configuration data, runtime data access, and detection information from distributed Honeypot endpoints.

All of this information flows to the single source that stores and makes available information suitable for audit access reports that provide deterministic information useful in assessing disclosure risk, attacker presence, and retained protections at any stage of a threat dynamic.

Report Generation
To display a report of this information, users can choose the Reporting and Logs context menu from the notification icon and, depending on their configuration, utilize the Quick Access commands to see a recent (2-day, GMT) summary for file activity, user/Admin activity or Integrated Organization Activity (privileged users in an Organization):





All reports result from cloud data that's sent back to the host, which transforms the data into one of several Excel spreadsheets to show formatted event information details.

Report Types
There are six different reports - two each, one for privileged and one for non-privileged users:

 
  • User - all user activity such as login, logout, and update
  • File - all data access and conversion activity such as protect, release, open/close
  • Integrated - shows user and file activity in one single report

Privileged users see Administrative activities while non-privileged users do not. Privileged users also see the activity of all others in their Organization, while non-privileged users only see their own event data. As such, there are 6 different reports though they use only two different formats - the user format, and the flie format - either independently or combined.

NOTE: Additional Reports specific to data disclosure risks are available with :Respond. See the article, Using :Respond, for more information.

Report Generation
From the Reporting and Logs context menu item, the Manage submenu brings up the Data Management interface shown below:




To generate a report:
  • Choose from the User and/or File type to scope event categories
  • Choose the end date of the report, often the present day
  • Choose the number of Days to show, including the chosen date
  • Choose Acquire; all remaining processing is automatic, leading to display

Acquire sends the requested parameters to the cloud and, with authentication information (2nd-factor supplementing an active user Login session) acquires the scoped event categories across the requested timeframe. This data is then, at the host, saved in .csv format and fed to Excel spreadsheets with signed macros that format the information into a matching set of columns for review. The software queries the user for the target location and filename, then saves the raw .csv information as specified before displaying the final result. You may wish to save the formatted result in a convenient location, though the .xlsm results are stored using a date/ time suffix, to the following location:

  
C:\Users\<WinUsername>\AppData\Local\DefiniSec\Config\Reports

  ...where <WinUsername> is your Windows Profile/ Username.

Content
Report content contains date, time, user, private and public IP address, event detail, status (pass/fail), along with file details (when appropriate) that include size, version, plaintext hash (useful in Forensic reconstruction or correlation), unique system file ID, along with the containing application and all associated follow-up events creating a complete picture of host-based even activity that can be critical when assessing security incident details.

For more report specifics, consult the printable online .PDF SSProtect :Assess guide indexed in the Documentation reference.


For More Information
If you have questions or comments, you can post in the forum or email support@definisec.com anytime.
 

Contact Us

ed5301d112e75fde24d469c55568f50b@definisec.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete