Filters¶
Tab - Filters represent grouped dimensions, policies and scripts created in Constructor by the user or pre-installed beforehand at the installation phase. They are divided into three categories:
- filters for displaying data;
- productivity policies;
- system policies:
- dashboards;
- vocabularies;
- dimension cards.
Filters¶
Filters are pre-installed and meant for displaying information in the form of reports or specific events in a human-friendly form.
They are grouped into two sub-sections: Productivity and Security.
In the Productivity section, all the reports of the drop-down menu “Data view modes” are collected.
Then, in the filter tree there are reports in various graphical representation of application categories, site categories and overall productivity/unproductivity of employees.
In the Security section, there are filters that represent events that can be important for information security of the company.
For example, you can see which files were copied to removable drives or from whom and which media were connected to workstations.
Incidents subcategory contains various filters on events you should pay attention to in the first place. For example, there you can see those looking for a new job, those using obscene words in communication, or other “incidents” that occurred during the specified period of time.
Policies of marking applications and websites for productivity¶
Policies of marking applications and websites for productivity are set in the menu of the filter tree “Policies - Productivity”.
In their turn, Productivity policies are divided into “Productivity Policies for applications” and “Productivity policies for websites”.
Application and website productivity categories can be:
- productive activity (marked green on the graph);
- unproductive activity (marked red on the graph);
- neutral activity (marked gray on the graph);
- premium activity (a special type of activity that involves the encouragement of employees);
- incident (information security incidents, all events that violate the policy of the organization).
For any of the categories of applications and websites, you can add or remove any number of names of executable files or website names for each category of applications or websites.
This will allow you to more accurately adjust the system for collecting and analyzing information for your company. For the convenience of adding applications and websites, you can use Constructor. After changing the configuration, it must be saved by clicking the “Save” button in the editing form of the efficiency filter.
Then, in the menu tree, you can specify “Security Policies”, for example, enable a filter that scans all text messages and documents for a “Regular Expression”, which can find credit card numbers or add (in PCRE format) any other regular expression, for example, to search for personal data in the flow of events of your organization and indicate the productivity category - for example, “incident”.
If necessary, you can activate the option of sending notifications when this filter is triggered or send notifications to the mail once a day/7 days/1 month.
To do this, check the box “Display and send notifications about new facts” and enter the e-mail addresses of the recipients.
To receive triggered events, you must save the changes by clicking the “Save” button at the bottom of the filter editing window.
The subsection “Policies - Security” contains scanning filters for finding words/expressions in the flow of events coming from user workstations.
Pre-defined dictionaries are: “Curse words vocabulary” and “Credit cards”.
System policies¶
“System policies” are policies that are scripts for launching internal information handlers. In order not to disrupt the work of the server, it is not recommended to edit them. These policies are called: “Archives scanner”, “Auto Cleanup”, “Content parser”, “Report generator”.
Dimension cards¶
This is a special kind of pre-installed system filters, for displaying information in a way grouped for a better understanding. These filters serve to store and edit the parameters of the selected dimension card.
It is not recommended to edit these dimension cards.
But if there is such a need, you can experiment with the type of display of the resulting dimension card. The most requested measurement cards are the “User card” and “Computer card”.
Filter properties¶
To open the filter properties, select a filter in “Filters” tab. Then click the “Filter Properties” button next to the name or the “Filter control panel”. The modal window “Filter Properties - Filter Name” should open. For more information on working with filter properties, read the “Filter Properties” instruction.
Create a filter¶
To create a filter, specify the filtering options in the “Constructor” tab. In the Constructor menu, set the “Lens” to display the data in the desired form. Then, in the navigation menu of the filter on the black panel, click the “Save” button and, in the modal window, specify the name of the filter. In the “Filters” tab, a filter will appear with the name that you specified when creating.
Remove a filter¶
To remove a filter, enter the filter properties and click the “Remove” button at the bottom of the modal window with filter properties.