Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian
61626364656667686970
Navigate Dell Security Center
58
Export File
Export to Excel or a .csv file.
Data Guardian Audit Events
Data Guardian audit event logs maintain an audit trail of file activity for Windows, Mac, mobile devices,
and the web portal. By alternating between a map visualization and multiple filter options, you can
access audit data in various ways, from a global overview to specific geolocations or audit data on a
specific file or a specific user. This audit data offers the potential to visually identify data security
breaches or preliminary security risks.
To view audit events, select Reporting > Audit Events. The Audit Events page contains the map
visualization and columns for filtering. For tips on getting started, see
Get Started with Data Guardian
Audit Events.
Map visualization
In Populations > Enterprise > Global Settings, if you enable the Data Guardian Geo Location Audit
Data policy and have the operating system's geolocation API, audit events that are sent to the Dell
Security Center include the geolocation data (latitude and longitude) of each device. A map visualization
of audit events can identify device locations that might indicate significant location changes or
unexpected/questionable locations for devices within an organization. The geolocation is checked
periodically, not each time an event is recorded. See
Examples_of_Map_Visualization_and_Column_Filters
.
If the policy for geolocation is disabled, no geolocation data is contained in the audit events.
The map displays the following:
Marker cluster - A numeric value represents audit events within a similar area. Hover over the
marker cluster to view an outline of the determined area. Click a marker cluster to zoom to the
audit event markers within that cluster. Continue to click marker clusters until blue markers.
Blue marker - Represents the location of a single audit event.
Click a marker to list the device, file, user, and timestamp for that marker's audit event.
The audit event can be a combination of the device and user that caused the audit
event, for example: One device or user accessed one file. Multiple devices or users
accessed one file, and the time stamp indicates the user who last accessed the file.
One user accessed numerous files.
Mapping points of interest and points visible - Scroll to the bottom right of the columns to
display the total number of items in the column. The map displays only files that have
geolocation data (latitude and longitude). If a column lists 1000 files, but some lack geolocation
data, the map displays only the points with geolocation data.
For performance, the map limits the display to the first 2000 audit events that have
latitude/longitude points in the table. It also varies depending on the filters you set.
Drill into a marker cluster to list the total points of interest and visible points.