User Guide
OmniVista SafeGuard Manager Administration Guide
79
Chapter 4: Visualization
Viewing Policy Incidents
When policy conditions are matched for any given user, policy incidents are created. To
view policy incidents:
1 Click the View Policy Incidents icon from the Page Bar or select View > Go To >
Policy Incidents (Ctrl + 1) menu item. The All Events view displays with the
following information
2 Search the data displayed locally in the table view by clicking the Find icon in the
Action Bar. A free-form text search field is displayed. Enter a keyword in the text
field to define your search. To search the database, click the Database Search
Table 11 Policy incidents Attributes
Attribute Description
Username Username in violation of a policy.
First Occurrence Time the violation first occurred.
Last Occurrence Displays the time of the last policy violation.
# of Occurrences Number of times the violation occurred.
Policy Name Name of the policy that is applied.
Policy Filter Applicable policy filters.
Policy Action Action taken when the policy violation occurred.
Application Name Application that was being used when the policy violation occurred.
Protocol Protocol being used, TCP or UDP.
MAC Address MAC address of the user’s machine.
Source IP Address Originating IP address of the machine at which the policy violation
was detected.
Destination IP Address Destination IP address of the machine to which the policy violation is
reaching.
Severity Identifies if the policy violation is major.
Policy Category Category for the policy violation. Can be one of two pre-defined
categories (resource access, application control) or can be a user-
defined string. If a category is not defined, this column displays blank.
Violation Status Violation status, whether the violation has been cleared.
Authentication Status Authentication status for the user, authenticated or unauthenticated.
Authentication Role Authentication role for the user.
User Status Status for the user, active or inactive.