Configuring Activity Monitoring

To configure the activity monitoring polling parameters

  • Open the edit screen of the required application

    1. Navigate to Admin > Applications

    2. Scroll through the list, or use the filter to find the application

    3. Click the edit icon on the line of the application

  • Press Next till you reach the Activity Configurations & Decs settings page.

Polling Interval (sec)

Activity fetching interval [in seconds]). Default is set to 60 seconds,

Report Interval (sec)

Activity Monitor Health reporting interval [in seconds]). Default is set yo 60 seconds.

Local Buffer Size (MB)

Local buffer size for activities [ in MB]). Default is set to 200MB.

This cyclic buffer is used to store activities on the Application Monitor’s machine in case of network errors that prevent the activities from being sent.

Activity Data Retention Period

Note: By default, this feature is disabled.

When selecting the Clear Activity Data option, a user is able to provide a time frame (1 to 100) in either months or years for all activity to be retained. Once that time period is met, all data will be removed.

A user can also select to backup the data before it is deleted by selecting the Backup Events Before Clearing option.

Note: The Backup Before Clearing Option will only be enabled if the backup option is set during the system installation. If a user has not selected the backup option during the installation nor provided a backup path, this option will not be enabled.

Configuring Data Enrichment Connectors

The Data Enrichment Connectors (DEC) configuration enables us to select data enrichment sources. These can be used to add information from other sources about identities.

An enrichment source could be a local HR database that is used to combine users' job descriptions or departments to the information stored in the identity store.

Select the data enrichment connectors to enrich monitored activities from the Available DECs text box.

Use the > or >> arrows to move the selected DECs to the Current DECs text box.

The user can select multiple DECs. Simply select each desired DEC.

You can create a new DEC in the Administrative Client(Applications>Configuration>ActivityMonitoring>DataEnrichmentConnectors).

After creating a new DEC, click Refresh to refresh the dropdown list.

The chapter Connectors of the File Access Manager Administrator Guide provides more information on Data Enrichment Connectors, including what they are, how to configure them, and how they fit in the Activity Flow.

Monitoring Exclusions

  • To add an exclusion

    Click the dropdown list

    Type in an exclusion (file extension, user, folder, etc. as relevant)

    Click the + icon to add this item to the list

    After completing the list, click Next or Cancel to close the panel

  • To edit or remove an exclusion from the list

    Click the dropdown list

    On the extension to edit or remove click the delete or edit icon

    click Nextor Cancel to close the panel

  • Click Clear Selection to clear the entire list

Excluded File Extensions

List of file extensions that are not monitored, e.g., txt, exe.

Enter one value at a time as described above.

Exclude Folders

List of folders that are not monitored, e.g., \\servername\share1\\folder1.

Enter one value at a time as described above.

Exclude Users

List of users whose activities are not monitored, e.g., user1, domain\user2, user3@domain.com.

Enter one value at a time as described above.

The user format to be used depends on how the activity is logged by the endpoint. If you are not sure which of the user formats above to use, either specify all of them, or leave the list empty for now, navigate to the Forensics > Activities screen in the File Access Manager Website after some activities flow in to see how the user is depicted in them and use that depiction in the exclusion list.

When an activity from a new resource is detected:(Modes of Storing Activities)

Full Auto-Learning Mode – Will audit everything (every action) on every resource.

Semi Auto-Learning Mode – Will monitor activities on resources nested under the top-level resources that are marked for Monitoring. This operation mode will also allow the user to select what type of activities are being monitored.

Monitored Actions

The user has the ability set monitored actions within Manage Resources.

  1. Navigate to Admin > Applications.

  2. Under the Actions column, click the ellipsis on the desired application.

  3. Click Manage Resources.

    The Manage Resources will display with all resources listed.

  1. Click Manage Monitored Actions.

  2. Toggle the Enable Activity Monitoring for this Resource Hierarchy.

The user can now select the type of actions they want monitored.

All actions are automatically selected initially.

Click Next.