Rename¶

An endpoint agent of StaffCop Enterprise has full functionality to track and intercept any file operations that occur on a user workstation or terminal server.

File interception is performed with accordance to the rules specified in the computer configuration.

A computer configuration can be assigned to all agents or to certain groups of computers/workstations.

The most frequent file operations that a security officer should pay attention to are the operations of Deletions/Moving/Renaming files.

All these events can be tracked by selecting “File -> File operation” in “Dimension panel”.

To get detailed reports on events of interest only (for example, “Delete”), select this operation. As a result, we get a list of all operations with files that have been deleted.

There is a possibility of getting detailed information by selecting “Analysis” in the display menu. In this case, you must add “Account -> User Name” in the dimension filter, then “Application -> Executable”.

In “Lens”, you can view the resulted information in a most convenient visualization form. For example, choose “Tree” with the following filters filters:

File operations
File operation -> Delete
tree branch “Account -> User name”
sub-branch “Application -> Executable”

The tree view is handy for data visualization.

Then you can click the “Export and printing” button and choose the most convenient way of exporting files to have the results downloaded or printed.