|
Facilité d'utilisation
After making all choices, click Add to Individuals to include the selected users to the group, or click Add to Exceptions to exclude the users from the group. TIP: In the Individual Adds/Removes frame, if you know which users you would like to add/ exclude to/from the group, you can bypass the step for showing all users and making your selections. To use this shortcut, enter the criteria in the Please enter a filter field along with the “%” wild card, and then click the Apply Filter button to display your results in the list box. 4. After you have made your entries, click Close to close the pop-up box. The following information displays in the Group Definitions frame list box when a selection for the group is made from the Group Name pull-down menu: • If an entry was made in the Username Pattern frame, “PATTERN” and the character(s) you entered display(s). • If entries were made in the IP Range frame, “IP RANGE(‘X.X.X.X’ AND ‘X.X.X.X’)” displays, in which ‘X.X.X.X’ represents the IP address that was entered in the From or To field. • If entries were made in the Individual Adds/Removes frame, “INDIVIDUAL (...)” and/or “EXCEPTION (...)” displays, in which ‘(...)’ represents specific details about the entry. NOTE: A combination of any of items above may display in the Group Definitions frame list box, based on entries you made in any of the frames in the pop-up box. Rebuild Groups After making all additions, modifications, or deletions in the User Groupings window, click Rebuild Groups. 8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVALUATION GUIDE CONFIGURE, TEST THE ENTERPRISE REPORTER USE ENTERPRISE REPORTER TO CONDUCT AN INVESTIGATION Use Enterprise Reporter to conduct an investigation Once custom category groups and user groups have been created, administrators can begin running their first reports. In most cases, administrators will employ the Enterprise Reporter as a forensic tool to determine if anomalous Internet behavior exists in their organization. In order to facilitate this process, the Enterprise Reporter menu structure is organized to follow the normal process flow of an investigation. 1. First, the administrator is greeted with a dashboard of high-level reports called “Canned Reports.” By viewing these canned reports, an administrator can quickly determine if there is any anomalous behavior that needs investigation. For example, a high level of spyware site activity might be found under a specific username, or a high rate of traffic identified in the “PornographyAdult Content” category. If something is detected that warrants further investigation, one would then proceed to the “Drill Down Report” section. 2. The next stage of the investigation is to select the Drill Down Report menu. The Drill Down Report is a multi-dimensional database that allows the user to drill down to the source of any Internet threat. For example, if there is unusually high page count in the “Pornography/Adult Content” category, the administrator can drill down into the Category/User section to determine who is viewing this material. Once a specific end user is identified, the administrator can then delve into the detail page view section to see the exact pages that end user has been visiting. This detailed information provides a wealth of information on the exact time the page was visited, the user’s IP address, whether the site was blocked by the R3000 filter, how it was blocked (e.g. in URL library, blocked keyword, proxy pattern blocking, etc), and the full-length URL. By viewing this detail, the administrator can obtain an accurate gauge of the user’s intent—whether the user repeatedly attempted to go to a forbidden site or whether it was an isolated incident. 3. The last stage of an investigation is to document the long-term activity of a policy violator, since most organizations require more than one or two events to reprimand a user. Once the administrator determines the name of the user and the Web sites visited in the Drill Down Report, the next step is to run a custom report. The administrator can run a specific search of the policy violator for a custom time period by selecting the Custom Report Wizard option in the Custom Reports menu. When generating this report, a custom time scope, specific category, and name of a specific end user can be specified. As an example, the administrator would probably run a custom report for the policy violator by specifying the category “Pornography/Adult Content” and all activity within that category within the last month. The administrator can then save a PDF version of the report for documentation purposes. This custom report provides the necessary forensic information to support any internal reprimand and to protect the organization in the event the incident goes to court. To summarize, the aforementioned steps were provided to give the user a most- likely use case for the 8e6 Enterprise Reporter. The next section provides a more in-depth view of how to navigate within each of t...
Ce manuel est également adapté pour les modèles :Matériel de réseau - Enterprise Reporter ER HL/SL (1.05 mb)
Matériel de réseau - Enterprise Reporter ER HL/SL (1.05 mb)
Matériel de réseau - Enterprise Reporter ER HL/SL (1.05 mb)