Configuring Activity Monitoring
To configure the activity monitoring polling parameters:
-
Go to Admin > Applications to open the Edit page of the required application.
-
Scroll through the list, or use the filter to find the application.
-
Select the edit icon
on the line of the application.
-
Select Next until you reach the Activity Configurations & Decs settings page.
Polling Interval (sec) - Activity fetching interval (in seconds). Default is set to 60 seconds.
Report Interval (sec) - Activity Monitor Health reporting interval (in seconds). Default is set to 60 seconds.
Local Buffer Size (MB) - Local buffer size for activities (in MB). Default is set to 200MB. This cyclic buffer is used to store activities on the Application Monitor’s machine in case of network errors that prevent the activities from being sent.
Activity Data Retention Period - When selecting the Clear Activity Data option, a user is able to provide a time frame (1 to 100) in either months or years for all activity to be retained. After that time period is met, all data will be removed.
Note
By default, this feature is disabled.
A user can also select to backup the data before it is deleted by selecting the Backup Events Before Clearing option.
Note
The Backup Before Clearing Option will only be enabled if the backup option was set during system installation. If a user did not select the backup option during installation nor provided a backup path, this option will not be enabled.
Configuring Data Enrichment Connectors
The Data Enrichment Connectors (DEC) configuration enables us to select data enrichment sources. These can be used to add information from other sources about identities.
An enrichment source could be a local HR database that is used to combine users' job descriptions or departments to the information stored in the identity store.
To configure the Data Enrichment Connectors:
-
Select the data enrichment connectors to enrich monitored activities from the Available DECs text box.
-
Use the > or >> arrows to move the selected DECs to the Current DECs text box.
The user can select multiple DECs. Simply select each desired DEC.
-
You can create a new DEC in the Administrative Client at Applications > Configuration > Activity Monitoring > Data Enrichment Connectors.
-
After creating a new DEC, select Refresh to refresh the dropdown list.
The Connectors chapter of the File Access Manager Administrator Guide provides more information on Data Enrichment Connectors, including what they are, how to configure them, and how they fit into the Activity Flow.
Monitoring Exclusions
To add an exclusion:
-
Select the dropdown list.
-
Type in an exclusion (file extension, user, folder, etc., as relevant).
-
Select the + icon to add this item to the list.
-
After completing the list, select Next or Cancel to close the panel.
To edit or remove an exclusion from the list:
-
Select the dropdown list.
-
On the extension to edit or remove, select the delete or edit icon.
-
Select Next or Cancel to close the panel.
-
Select Clear Selection to clear the entire list.
Excluded File Extensions - List of file extensions that are not monitored, e.g., .txt
, .exe
. Enter one value at a time as described above.
Exclude Folders - List of folders that are not monitored, e.g., \\servername\share1\folder1
. Enter one value at a time as described above.
Exclude Users - List of users whose activities are not monitored, e.g., user1
, domain\user2
, user3@domain.com
. Enter one value at a time as described above.
Important
The user format to be used depends on how the activity is logged by the endpoint. If you are not sure which of the user formats above to use, either specify all of them, or leave the list empty for now. Go to the Forensics > Activities page on the File Access Manager Website after some activities flow in to view how the user is depicted in them and use that depiction in the exclusion list.
When an activity from a new resource is detected: (Modes of Storing Activities)
-
Full Auto-Learning Mode – Will audit everything (every action) on every resource.
-
Semi Auto-Learning Mode – Will monitor activities on resources nested under the top-level resources that are marked for Monitoring. This operation mode will also allow the user to select what type of activities are being monitored.
Monitored Actions
The user has the ability to set monitored actions within Manage Resources.
-
Go to Admin > Applications.
-
Under the Actions column, select the ellipsis icon on the desired application.
-
Select Manage Resources.
The Manage Resources window will display with all resources listed.
-
Select Manage Monitored Actions.
-
Toggle Enable Activity Monitoring for this Resource Hierarchy.
The user can now select the type of actions they want monitored.
Note
All actions are automatically selected initially.
-
Select Next.