Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian
71727374757677787980
Dell Security Center v10.2.7 AdminHelp
67
To audit protected Office documents only:
1. In Moniker, select Protected Office.
2. In More, select Action and Data Guardian Action.
3. In Columns, select Device, User, Timestamp, File Name, and File KeyID.
4. Optionally, in Grouping, select one item like Device or User to sort.
5. Select Export File > Excel or CSV to view the data for the Action and Data Guardian Action
columns. For more information, see Protected_Office_Document_audit_events. Optionally, you
can export the audit events to a SIEM server.
6. To identify issues, return to the Dell Security Center, click Data Guardian Action, and select:
Block Copy (for Windows) - indicates a Windows user tried to copy from a protected
Office document and was blocked.
Geo Blocked (for Mobile) - indicates a mobile user outside a geofence tried to access
a protected document and the attempt was blocked.
If these options display in the Data Guardian Action column, click
next to that user or device.
In Data Guardian Action, click Clear selected items and view all the actions by that user or
device to determine a potential issue. For more information, see
Protected_Office_Document_audit_events
.
7. To identify issues, select Data Guardian Action and select the following:
Detected tampering
Repaired tampering
If these options display, determine any potential issues.
8. For Windows, in Moniker, select System. In Action, select Login and Logout to identify a
user who logged into the device that has Data Guardian installed.
9. Analyze the data in the Dell Security Center or select Export File > Excel or CSV where you
can sort the data. Optionally, you can export the audit events to a SIEM server.
Audit events related to external users
In addition to the steps above:
1. In Columns, select:
Client Type - to indicate internal or external users.
From and To - to audit embargo and external users.
Request Access - an external user requested access to encryption keys from an
internal user.
2. Analyze the data in the Dell Security Center or select Export File > Excel or CSV where you
can sort the data. Optionally, you can export the audit events to a SIEM server.
Map visualization
You can use this to identify protected Office files in an unexpected location or a non-Data Guardian
Device that tries to access a protected Office document.
For map data to display, you must enable policy. See Global > Settings and select the Data Guardian
Geo Location Audit Data policy from one or more of these: