Reference Guide
Navigate the Dell Server
94
2. Select the Show only visible check box for the columns to list only the files for that audit event.
3. Click a quick search icon next to a Device, User, File Name, or KeyID.
4. If you click a User quick search, you can then click a File Name quick search icon and the map zooms
in to the location of the user when the file was accessed.
5. Clear the Search field and press Enter to return to the global map view.
Return to Dell Data Guardian policies
.
Get Started with Data Guardian Audit Events
In the Remote Management Console > Reporting > Audit Events, use these examples to get started.
Before you begin, navigate to Populations. In Global > Settings, Audit Control Policies (for Windows or Mac)
and Mobile Audit Control Policies, you must select the Data Guardian Audit Data Enabled policies.
For detailed information about column options, see Dell Data Guardian and Audit Events
.
Audit Protected Office Documents
To audit protected Office documents only:
1. In Moniker, select Protected Office.
2. In More, select Action and Data Guardian Action.
3. In Columns, select Device, User, Timestamp, File Name, and File KeyID.
4. Optionally, in Grouping, select one item like Device or User to sort.
5. Select Export File > Excel or CSV to view the data for the Action and Data Guardian Action
columns. For more information, see Protected_Office_Document_audit_events
. Optionally, you can
export the audit events to a SIEM Server.
6. To identify issues, return to the Remote Management Console, click the Data Guardian Action
dropdown, and select:
• Block Copy (for Windows) - indicates a Windows user tried to copy from a protected Office
document and was blocked.
• Geo Blocked (for Mobile) - indicates a mobile user outside a geofence tried to access a protected
document and the attempt was blocked.
If these options display in the Data Guardian Action column, click the Search icon next to that user or
device. In the Data Guardian Action dropdown, click Clear selected items and view all the actions by
that user or device to determine a potential issue. For more information, see
Protected_Office_Document_audit_events
.
6. To identify issues, select the Data Guardian Action dropdown and select the following:
• Detected tampering
• Repaired tampering
If these options display, determine any potential issues.
6. For Windows, in Moniker, select System. In Action, select Login and Logout to identify a user who
logged into the device that has Data Guardian installed.
7. Analyze the data in the Remote Management Console or select Export File > Excel or CSV where
you can sort the data. Optionally, you can export the audit events to a SIEM Server.
Audit events related to external users