Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

121

122

123

124

125

126

127

128

129

130

Security Management Server v10.2.7 AdminHelp

105

• Columns - Filter the amount of data by selecting one or multiple columns to display. If you

clear all column check boxes, audit events are listed for all endpoints and all users. Some filters

apply to all monikers and some to specific monikers. For a description of column filters, see

Options_in_the_Columns_menu

• Search - Hover to view columns for performing a search (device, user, file name, and file key

ID), then enter specific text for those columns. Use a wildcard (*) to search on .docx, .pptx,

.xlsx, .docm, .pptm, .xlsm, or .pdf.

• Export File - Export to Excel or a .csv file.

Options in the Columns Menu

Options can apply to all monikers or to a specific moniker. Policies must be enabled for audit data to

display.

Search icons in the columns - If you click

next to an item in the device, user, file name, or key ID

columns, it copies the cell content to Search and executes a search on that content. You can then select

Action or IP address to do additional filtering.

Column options for all audit events

Audit Event - Column options

Description

Moniker - Select one or more.

Category of the audit event:

• Cloud Encryption (mobile and web portal; Windows Data Guardian v2.3 and earlier; Mac;

web portal for CASB; Basic File Protection)

• Protected Office (Windows, Mac, mobile, web portal, CASB)

• System (protected Office documents and Windows)

• Content Based Protection - previously Data Classification (Windows)

• Protected Email (Windows)

• Share (Windows)

•

Beacon (protected Office documents)

Device

The hostname of the device where the event occurred.

User

User associated with the event.

Typically, this is the email address of the activated user. See also Logged In User.

Logged In User

For manual activations or external users, the login name and email address used to activate may

differ. If you do not recognize the user name, open the log files to view the logged-in user name.

• In the log file for Protected Office, information displays as sl_protected_file.

• In the log file for Cloud Encryption, information displays as sl_xen_file. Applies to Mac or

mobile. Also applies to Windows Data Guardian v2.3 and earlier.

Timestamp

Date and time when the event occurred.

Created

Date and time when the entry was created. View this if a delay occurs.

Column options related to payload data:

File Name

File Path

File Key ID

File Size

Data for an audit event's moniker or parameters.

To search for a specific file, use the file key ID.

Note: When both .xen and protected Office files exist in Mac or mobile or Windows (v2.3 and earlier),

parameters may differ for each audit event but are the same within the event. For example, the data

may differ for sl_xen_file and sl_protected_file, but the data for each Cloud Encryption .xen file event

is the same.

Note: For web portal and CASB, no File Path exists.

Client Type

Indicates whether the client is internal or external. For Windows and Mac, the only option is internal.

Action

The action associated with the payload file. See

Protected_Office_Document_or_Basic_File_Protection_audit_events. For Mac or mobile, see also

Cloud_Encryption_audit events.

Version

For internal Dell use only.

Client

For internal Dell use only. (Windows and Mac)