Skip to content

Activity Forensics

To locate the Activity Forensics page, go to Forensics > Activity.

The Activity Forensics page can be used to track user activities in various areas of interest.

Filter

The activity forensics filter allows users to focus on set scenarios and areas of interest.

When you open the activity forensics page, it will load with the last query used.

The query is composed of one or more filters, combined with an and operator.

Creating a Query

  1. Create a filter.
    1. Select a field from the field dropdown list.
    2. Select an operator.
    3. Select or type in a value. For multiple values, start typing part of the value, and select items from the dropdown list by ticking the checkbox next to each item.
  2. Select Add to add this filter to the query list.
  3. Repeat to add additional filter items to the query.
  4. Select Apply to run the query, and display the results.

Common Activity Forensics Filter Fields

  • Action type
  • Application - From the applications connected and monitored by File Access Manager.
  • Application type
  • Category - As assigned by the data classification module.
  • Object name
  • Resource - Specific folder or folders to monitor.
  • User

Storing and Sharing Queries

The 10 last queries are stored for reuse, with the query timestamp as the name.

You can store queries for later use, with a meaningful name, with the option of sharing them with other users.

To store or share queries:

  1. Select the Actions dropdown menu on the top right corner.
  2. Select Save Query to open the Save Query dialog box.
  3. Type in the query name, and optionally, the name of a user(s) to share the query with.
    1. Start typing the user name. To add a user to the share list, click the + button.

Loading Stored Queries

To load a stored query, open the query list panel on the left side of the activity forensics page. You might have to click the restore button if this panel is minimized.

Click on a recent query, or a stored query to load the query, and apply it to the results.

Saving the Query to a Report

You can create a report out of an activity forensics query.

  1. Select Generate Report from the Activities dropdown menu.
  2. The report will be available in Reports > My Reports.

Creating a Scheduled Report from a Query

You can also create a repeated report from the query.

Select Schedule Report Template from the Activities dropdown menu to open the Schedule Report Template panel.