Constructor

Constructor is the interface for setting filtration criteria.

It consists of dimensions displayed in the left part of the window.

In accordance with the selected dimensions the content of the panel of Constructor is changed.

Let’s consider in details all possible types of collected events that make up the components of the Constructor.

../_images/menu_computer_names.png

In the left part there are following fixed categories of dimensions without the possibility of editing:

Event type - a category of dimensions that depends on enabled modules. The list of event types corresponds to the main monitoring modules (Keaboard input, Internet, Screenshots etc.). Event types are displayed in Constructor on occurrence of events on the main monitoring modules enabled in the monitoring configuration. In the event table, you can see the details on these events. By selecting a specific element in the Constructor, you can filter the events.

Computers - a category of dimensions displaying the names of PCs or groups of PCs. The names of the PCs with agents (or groups of PCs) are displayed in Constructor on occurrence of events. In the event table you can see the events received from these agents. By selecting a specific element in Constructor, you can filter the events. It consists of the following dimensions:

  • State.
  • Tag.
  • IP.
  • OS version.
  • Computer nzme.
  • Agent version.

Account - a category of dimensions displaying the list of OS accounts by PC or group of accounts. Constructor displays the OS accounts on the PC with installed agents (or groups of accounts) on occurrence of events. You can see the events on these accounts in the event table. Select the items in Constrictor to filter the events. It consists of the following dimensions

  • Comment.
  • Office.
  • Company.
  • Phone.
  • Full name.
  • Mail.
  • Title.
  • Domain.
  • User name.

Application - a category of dimensions that displays a list of applications. It consists of dimensions:

  • Path.
  • Window title
  • Executable.
  • Description.

Website - a category of dimensions that displays a list of websites.On visiting websites they are displayed in ConstructorIt consists of the following dimensions:

  • URL.
  • Content type.
  • Subdomain.
  • Protocol.
  • Domain.

Network connection - a category of dimensions that shows network connections by groups. Displays connections with different IP, port usage statistics for the selected period. It consists of the following dimensions:

  • IP.
  • Port.

File - a category of dimensions displaying a list of files by name or group. It allows you to view various options for displaying files by different groups. It consists of the following dimensions:

  • File hash.
  • File operation.
  • File name.
  • Content type.
  • Drive type.
  • Extension.
  • File path.

Device - a dimension category displaying a list of devices. See the devices that have been connected to the PC for the selected period of time. It consists of the following dimensions:

  • Device class.
  • Drive type.
  • HWID.
  • Device.
  • Drive type.

Messaging - a category of dimensions displaying participants of dialogs. Here you can view and visualize dialogs. It also allows you to build a relationship diagram. It consists of the following dimensions:

  • Recipient domain.
  • Sender domain.
  • Direction.
  • Sender.
  • Recipient.
  • All recipients.
  • Message format.
  • Threads.
  • Channel.

Date and time - a category of dimensions displaying events by time measurements (Hour, Day of the week) or by specific dates. It allows you to select data for a certain period of time, per hour for each day, on a specific day of the week, etc. It consists of the following dimensions:

  • Hour of day.
  • Time Zone.
  • Weekday.
  • Year.
  • Month.
  • Day.
  • Hour.
  • Minute.

Installation - a category of dimensions displaying a list of installed or uninstalled applications. You can view information on version, vendor, etc. It consists of the following dimensions:

  • File operation.
  • Version.
  • Product.
  • Publisher.

Triggered filters - a category of dimensions showing the list of created filters that are involved in the calculation of statistical data in reports by name or category. It allows you to make a selection according to the type of triggered filters, as well as their efficiency. It consists of the following dimensions:

  • Category.
  • Executable.

Alerts - a category of dimensions displaying events received from triggered policies. For example, late comings, long inactivity of an agent, e-mail sending, e.t.c.

How to add monitoring rules from Constructor

Monitoring rules can be added to configurations from Constructor. It works for the following dimensions:

  • User name.
  • Application
  • Subdomain.
  • URL.
  • Domain.
  • Content type.
  • IP.
  • Port.
  • File path.
  • HWID.
  • Device class.

To add a monitoring rule from Constructor, click “Edit rules”

../_images/rules_from_agregat_1.png

You will see the interface of adding rules to configurations. Using the search field choose the required configuration and select rules for the chosen dimension.

../_images/rules_from_agregat_2.png

Click “Save” to apply changes.