Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

121

122

123

124

125

126

127

128

129

130

Security Management Server Virtual v10.2.7 AdminHelp

109

Options_in_the_Columns_menu, Cloud Encryption audit events

, and

Protected_Office_Document_or_Basic_File_Protection_audit_events.

Example of drilling in at the map level

1. In the global view, drill in to a marker cluster and select a blue marker.

2. Select the Show only visible check box for the columns to list only the files for that audit event.

3. Click

next to a device, user, file name, or key ID.

For example, click

next to a user name, then click next to a file name to zoom to the map

location of the specified user when a specified file was accessed.

4. Clear Search and press Enter to return to the global map view.

Return to Data Guardian

policies.

Get Started with Data Guardian Audit Events

Before you begin, navigate to Populations > Global > Settings and select the Data Guardian Audit

Data Enabled policy for these policy groups:

• Audit Control Policies (for Windows or Mac)

• Web Portal Audit Policies

• Mobile Audit Control Policies

In the Management Console > Reporting > Audit Events, use these examples to get started.

For detailed information about column options, see Data Guardian and Audit Events.

Audit Protected Office Documents

To audit protected Office documents only:

1. In Moniker, select Protected Office.

2. In More, select Action and Data Guardian Action.

3. In Columns, select Device, User, Timestamp, File Name, and File KeyID.

4. Optionally, in Grouping, select one item like Device or User to sort.

5. Select Export File > Excel or CSV to view the data for the Action and Data Guardian Action

columns. For more information, see Protected_Office_Document_audit_events. Optionally, you

can export the audit events to a SIEM server.

6. To identify issues, return to the Management Console, click Data Guardian Action, and select:

• Block Copy (for Windows) - indicates a Windows user tried to copy from a protected

Office document and was blocked.

• Geo Blocked (for Mobile) - indicates a mobile user outside a geofence tried to access

a protected document and the attempt was blocked.

If these options display in the Data Guardian Action column, click

next to that user or device.

In Data Guardian Action, click Clear selected items and view all the actions by that user or

device to determine a potential issue. For more information, see

Protected_Office_Document_audit_events

7. To identify issues, select Data Guardian Action and select the following: