Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Pro

101

102

103

104

105

106

107

108

109

110

Security Management Server - AdminHelp v9.8

In addition to the steps above:

1. In Columns, select:

• Client Type - to indicate internal or external users.

• From and To - to audit embargo and external users.

• Request Access - an external user requested access to keys from an internal user.

2. Analyze the data in the Remote Management Console or select Export File > Excel or CSV where

you can sort the data. Optionally, you can export the audit events to a SIEM Server.

Map visualization

You can use this to identify protected Office files in an unexpected location or a non-Data Guardian Device

that tries to access a protected Office document.

For map data to display, you must enable policy. See Global > Settings, Audit Control Policies or Mobile

Audit Control Policies, and select the Data Guardian Geo Location Audit Data policies. For Beacon events,

see the advanced settings for Data Guardian > Protected Office or Mobile Client, and select the Enable

Callback Beacon policies.

1. In Moniker, select Protected Office and Beacon.

2. In the global map view, drill in to a marker cluster in an unexpected location and select a blue

marker.

3. Select the Show only visible check box for the columns to list only the files for that audit event.

4. Click a quick search icon next to a Device, User, File Name, or File KeyID.

5. If you click a User quick search, you can then click a File Name quick search icon and the map zooms

in to the location of the user when the file was accessed.

6. Analyze the data in the Remote Management Console or select Export File > Excel or CSV where

you can sort the data. Optionally, you can export the audit events to a SIEM Server.

7. Clear the Search field and press Enter to return to the global map view.

Audit Cloud Encryption

To audit protected .xen files only:

1. In Moniker, select Cloud Encryption.

2. In More, select Action and Cloud Action.

3. Initially, in Columns, select Device, User, Timestamp, File KeyID, Provider, Action, and Cloud

Action.

Windows and Network action

If the Net Action column lists Blocked, this indicates that a user or device attempted to open an application

or browser, but the attempt was blocked. Or, they attempted to proxy through, but the address was

blocked.

1. In More, select Net Action.

2. In Columns, select Net Action.

3. Analyze the data in the Remote Management Console or select Export File > Excel or CSV where

you can sort the data. Optionally, you can export the audit events to a SIEM Server.

Default Monikers and Columns