Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

Navigate Dell Security Center

Protected_Office_Document_or_Basic_File_Protection_audit_events

and the tables

below for details and to determine the operating system.

• Net Action - (Windows and Data Guardian v2.7 and earlier)

• Grouping - Allows you to select one option. The default is None. For example:

• Moniker - Groups by moniker if you have more than one selected.

• Device or User - Allows you to determine the activity of specific devices or users.

• File Name, File Path or File Key ID - With device and user columns added, allows you

to see which users or devices accessed a file.

• Columns - Filter the amount of data by selecting one or multiple columns to display. If you

clear all column check boxes, audit events are listed for all endpoints and all users. Some filters

apply to all monikers and some to specific monikers. For a description of column filters, see

Options_in_the_Columns_menu

• Search - Hover to view columns for performing a search (device, user, file name, and file key

ID), then enter specific text for those columns. Use a wildcard (*) to search on .docx, .pptx,

.xlsx, .docm, .pptm, .xlsm, or .pdf.

• Export File - Export to Excel or a .csv file.

Options in the Columns Menu

Options can apply to all monikers or to a specific moniker. Policies must be enabled for audit data to

display.

Search icons in the columns - If you click

next to an item in the device, user, file name, or key ID

columns, it copies the cell content to Search and executes a search on that content. You can then select

Action or IP address to do additional filtering.

Column options for all audit events

Audit Event - Column options

Description

Moniker - Select one or more.

Category of the audit event:

• Cloud Encryption (mobile and web portal; Windows Data Guardian v2.3 and earlier; Mac;

web portal for CASB; Basic File Protection)

• Protected Office (Windows, Mac, mobile, web portal, CASB)

• System (protected Office documents and Windows)

• Content Based Protection - previously Data Classification (Windows)

• Protected Email (Windows)

• Share (Windows)

• Beacon (protected Office documents)

Device

The hostname of the device where the event occurred.

User

User associated with the event.

Typically, this is the email address of the activated user. See also Logged In User.

Logged In User

For manual activations or external users, the login name and email address used to activate may

differ. If you do not recognize the user name, open the log files to view the logged-in user name.

• In the log file for Protected Office, information displays as sl_protected_file.

• In the log file for Cloud Encryption, information displays as sl_xen_file. Applies to Mac or

mobile. Also applies to Windows Data Guardian v2.3 and earlier.

Timestamp

Date and time when the event occurred.

Created

Date and time when the entry was created. View this if a delay occurs.

Column options related to payload data:

Data for an audit event's moniker or parameters.