DLP logs (Logs)

Logs

View Logs in the system allows browsing events related to automation and data protection (DLP). This central location enables administrators to monitor operations, analyze activities, and retrieve detailed information about logs related to policies, rules, and events in the IT infrastructure.

Main view elements

Widgets at the top of the screen

• Users by risk:

  • Displays a list of users with the highest risk scores in the selected period (default 7 days). Each risk bar shows which rules contributed to the risk assessment.

• Recent Media:

  • Overview of recently recorded media, such as screen recordings or screenshots. Clicking the preview enlarges the view.

Logs table

The table contains detailed information about events. Clicking a row expands the details of that log.

Columns in the table

Each column contains information configured when creating rules within an automation or data protection policy:

• Policy – Name of the policy from which the log originates.

• Rule – Name of the rule that generated the event.

• Risk – Risk value for the given log (e.g., 92/100).

• Log date – Date and time the log was generated.

• Logged – Username to which the log pertains.

• Computer – Name of the device from which the log originates.

• Operation – Action triggered by the rule, e.g., “Copy” (file copy).

• Process – Name of the process associated with the event, e.g., “chrome.exe”.

• File – Name of the file that was part of the event.

• Source – Source location of the file.

• Destination – Location to which the file was moved or copied.

• Source device - Device from which the file originated, e.g., local disk, USB.

• Target device - Device to which the file was copied or moved.

• Source type - Type of source medium, e.g., local disk, network share, USB.

• Target type - Type of target medium, e.g., USB, network share.

• Process path - Full path to the process executable.

• Target file - File name after the operation, if different from the source file.

• Online - Information whether the device is online.

• LogID - unique identifier of the log in the system.

• There is a screenshot - Information about the availability of a graphical record for the given event.

• There is a recording - Information about the availability of a video recording documenting activity during the incident.

• Host ID - Unique identifier of the source computer in the system.

• Target device id - Identifier of the target device.

• Device id - Identifier of the source device.

Expandable row details

Clicking a log row opens a detailed view that contains the elements described below.

Media:

• Screen recording: Preview of the recording captured at the time of the event. Clicking opens the recording in full screen.

• Screenshot: Screenshot capture from the moment of the event. Clicking enlarges the image.

Notifications:

• Information about notifications sent, e.g., email or end-user alert.

Action:

• List of actions performed by the rule, e.g., “Screen recording, Screenshot, Task, Turn off PC”.

Description:

• Information about which rule was violated or executed.

Task result:

• Link Read full Log enabling access to the full log with additional operation details.

Additional features

Downloading logs:

Selecting rows in the table and clicking the “Download” icon (down arrow above the table) allows downloading media from selected logs as a file.

Filtering and searching:

The user can filter logs by any column or use the search field to find a specific event.

The logs view is a significant analytical tool that enables administrators to track user activities, monitor breaches, and analyze the effectiveness of policies within the organization.