Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

121

122

123

124

125

126

127

128

129

130

Navigate the Dell Server

112

• Block Copy (for Windows) - indicates a Windows user tried to copy from a protected

Office document and was blocked.

• Geo Blocked (for Mobile) - indicates a mobile user outside a geofence tried to access

a protected document and the attempt was blocked.

If these options display in the Data Guardian Action column, click

next to that user or device.

In Data Guardian Action, click Clear selected items and view all the actions by that user or

device to determine a potential issue. For more information, see

Protected_Office_Document_audit_events

7. To identify issues, select Data Guardian Action and select the following:

• Detected tampering

• Repaired tampering

If these options display, determine any potential issues.

8. For Windows, in Moniker, select System. In Action, select Login and Logout to identify a

user who logged into the device that has Data Guardian installed.

9. Analyze the data in the Management Console or select Export File > Excel or CSV where you

can sort the data. Optionally, you can export the audit events to a SIEM server.

Audit events related to external users

In addition to the steps above:

1. In Columns, select:

• Client Type - to indicate internal or external users.

• From and To - to audit embargo and external users.

• Request Access - an external user requested access to encryption keys from an

internal user.

2. Analyze the data in the Management Console or select Export File > Excel or CSV where you

can sort the data. Optionally, you can export the audit events to a SIEM server.

Map visualization

You can use this to identify protected Office files in an unexpected location or a non-Data Guardian

Device that tries to access a protected Office document.

For map data to display, you must enable policy. See Global > Settings and select the Data Guardian

Geo Location Audit Data policy from one or more of these:

• Audit Control Policies

• Web Portal Audit Policies

• Mobile Audit Control Policies

For Beacon events, see the advanced settings for Data Guardian and select the Enable Callback

Beacon policy from one or more of these policy groups:

• Protected Office

• Mobile Client

• Web Portal