Monitoring Activities
Monitoring activities in involves capturing information about events that users perform on monitored applications.
An activity includes the following elements:
Who?
A user performing the action
Performed what action?
Read, write, or delete
Where?
On what business resource, for example a file, a file folder, a SharePoint site, or an Exchange mailbox
When?
Date and time The timestamp is stored in UTC, and displayed to the user in its current time-zone, based on the computer from which he or she is connecting
Event Example
-
User jsmith, performed a write action on the \\file_server\Finance\2015\cashflow.xlsx at 7:35 pm at 16 March 2015.
-
User contextual information for this activity are added from additional data sources, including:
-
Attributes from the user’s Active Directory, such as the user’s display name, groups to which the user belongs, the user’s company, title
-
The department of the user, normally obtained from the Human Resources system
-
Data classification information, for example, when information contains sensitive data about the business resource
-
Finally, activity monitoring sends alerts regarding suspicious activities, based upon sets of pre-defined rules.
