Filters¶
Tab - Filters represents grouped dimensions, policies and scripts created in Constructor by the user or pre-installed beforehand at the installation phase. They are divided into the following categories:
filters for displaying data;
productivity policies;
system policies;
dashboards;
vocabularies;
dimension cards.
Filters¶
Filters - are pre-installed and meant for displaying information in the form of reports or specific events in a human-friendly form.
They are grouped into two sub-sections: Efficiency and Security.
In the Efficiency section, all the reports of the drop-down menu “Data view modes” are collected.
Then, in the filter tree there are reports in various graphical representation of application categories, site categories and overall productivity\unproductivity of employees.
In the Security section, there are filters that represent events that can be important for information security of the company.
For example, you can see what files were copied to removable drives
Incidents subcategory contains various filters on events you should pay attention to in the first place. For example, there you can see employees looking for a new job, employees using obscene words in communication, or other “incidents” that occurred during the specified period of time.
Policies of marking applications and websites for productivity¶
«Policies of marking applications and websites for productivity» are set in the menu of the filter tree “Policies -> Efficiency”.
In their turn, Productivity policies are divided into “Productivity Policies for applications” and “Productivity policies for websites”.
Application and website productivity categories can be:
productive activity (marked green on the graph);
unproductive activity (marked red on the graph);
neutral activity (marked gray on the graph);
premium activity (a special type of activity that involves the encouragement of employees)
incident (information security incidents, all events that violate the policy of the organization)..
For any of the categories of applications and websites, you can add or remove any number of names of executable files or website names for each category of applications or websites. This will allow you to adjust the system for collecting and analyzing information for your company. For the convenience of adding applications and websites, you can use Constructor. After changing the configuration, it must be saved by clicking the “Save” button in the editing form of the efficiency filter.
Then, in the menu tree, you can specify “Security” policies, for example, enable a filter that scans all text messages and documents for a “Regular expression”, which can find credit card numbers or add (in PCRE format PCRE) any other regular expression, for example, to search for personal data in the flow of events of your organization and indicate the productivity category - for example, “incident”. More details on using regular expressions are given in this article: Search by keywords.
If necessary, you can activate the option of sending notifications when this filter is triggered or send notifications to the mail once a day\week\month.
To do this, check the box “Activate notifications” and enter the e-mail addresses of the recipients. Don’t forger to save changes.
The subsection “Policies -> Security” contains scanning filters for finding words/expressions in the flow of events coming from user workstations.
Pre-defined dictionaries are: “Curse words vocabulary” and “Credit cards”.
System policies¶
“System policies” are policies that are scripts for launching internal information handlers. In order not to disrupt the work of the server, it is not recommended to edit them. These policies are called: “Archives scanner”, “Auto Cleanup”, “Content parser”, etc.
Dimension cards¶
This is a special kind of pre-installed system filters, for displaying information in a way grouped for a better understanding. These filters serve to store and edit the parameters of the selected dimension card.
It is not recommended to edit these dimension cards.
But if there is such a need, you can experiment with the type of display of the resulting dimension card. The most requested measurement cards are the “User card” and “Computer card”.
Filter properties¶
To open the filter properties, select a filter in “Filters” tab. Then click “Filter Properties” button next to the name or Filter control panel. Modal window Filter Properties -> Filter Name opens. For more information on working with filter properties, read the Filter Properties guide.
Create filter¶
To create a filter, specify the filtering options in the “Constructor” tab. In the Constructor menu, set the “Lens” to display the data in the desired form. Then, in the navigation menu of the filter on the black panel, click “Save” and, in the modal window, specify the name of the filter. In the “Filters” tab, a newly created filter will appear.
Delete filter¶
To delete a filter, enter the filter properties and click “Delete”.