Reference Guide
Navigate the Dell Server
110
• Detected tampering
• Repaired tampering
If these options display, determine any potential issues.
8. For Windows, in Moniker, select System. In Action, select Login and Logout to identify a
user who logged into the device that has Data Guardian installed.
9. Analyze the data in the Management Console or select Export File > Excel or CSV where you
can sort the data. Optionally, you can export the audit events to a SIEM server.
Audit events related to external users
In addition to the steps above:
1. In Columns, select:
• Client Type - to indicate internal or external users.
• From and To - to audit embargo and external users.
• Request Access - an external user requested access to encryption keys from an
internal user.
2. Analyze the data in the Management Console or select Export File > Excel or CSV where you
can sort the data. Optionally, you can export the audit events to a SIEM server.
Map visualization
You can use this to identify protected Office files in an unexpected location or a non-Data Guardian
Device that tries to access a protected Office document.
For map data to display, you must enable policy. See Global > Settings and select the Data Guardian
Geo Location Audit Data policy from one or more of these:
• Audit Control Policies
• Web Portal Audit Policies
• Mobile Audit Control Policies
For Beacon events, see the advanced settings for Data Guardian and select the Enable Callback
Beacon policy from one or more of these policy groups:
• Protected Office
• Mobile Client
• Web Portal
1. In Moniker, select Protected Office and Beacon.
2. In the global map view, drill in to a marker cluster in an unexpected location and select a blue
marker.
3. Select the Show only visible check box for the columns to list only the files for that audit event.
4. Click
next to a Device, User, File Name, or File KeyID.
For example, click
next to a user name, then click next to a file name to zoom to the map
location of the specified user when a specified file was accessed.