System filters¶
When you first enter admin interface after installing the server, you can see the preset filters in Filters tab. This tree of filters consists of three main sections: Efficiency, Security and Policies. The filters contained in each of these sections have their relevance in the display of data and the settings for calculation of performance reports (for example, in Time tracking. These filters were created on the basis of average demand among users of DLP-systems to collect user data on a PC. Below there are descriptions of the purpose of each filter from the System filters tree by category.
Efficiency¶
Efficiency category contains pre-installed filters for displaying employee productivity. It consists of the following subcategories:
Reports and timesheets:
System Filter name |
Description |
|---|---|
General report on work time |
Statistics on productivity of all employees |
Consolidated report on productivity |
Statistics on productivity of all employees |
Lateness report |
Statistics on lateness of employees |
Statistics for specified period |
Statistics for the entire period of work of employees with e-mail, instant messengers, printing events and intercepted files |
Statistics by day |
Displays statistics for each working day of employees with e-mail, Internet pagers, printing on printers and intercepted files |
Printer usage sheet |
Monthly printer usage statistics as a calendar |
Timeheet |
Statistics on the total hours worked per month as a calendar |
Productivity
System Filter name |
Description |
|---|---|
Productive activities |
Consists of a chain of filters displaying the statistics of top user data in a pie chart, a linear chart for users, statistics of user productivity in a pie chart on productive activities |
Unproductive activities |
Consists of a chain of filters displaying statistics of top user data in a pie chart, a graphical graph for users, statistics of unproductive users in a pie chart for unproductive activities. |
Security¶
“Security” category contains filters to control the leakage of data in correspondence, usage of bank card numbers, copying files to external storages and mentioning unacceptable words in business communication.
Contains the following subcategories:
Events:
System Filter name |
Description |
|---|---|
Screenshots |
Consists of a chain of filters displaying screenshots of the user’s desktop in the form of a table, list and tiles |
Webcam snapshots |
Consists of a chain of filters displaying images from users’ webcams in the form of a table, list and tiles |
Internet pagers |
“Messages” section contains statistical reports on correspondence in the form of relation graphs, reports on incoming and outgoing messages in Internet pagers. In “Attachments” section, there are statistical reports on intercepted files in correspondence in the form of relation graphs, reports on incoming and outgoing messages, and a list of all files on documents and images intercepted in internet pagers |
In “Mail” section, there are email filters of correspondence in e-mail clients (for example: Outlook), event reports, statistical pie charts and relation graphs. In “Attachments” section there are filters of intercepted files in mail correspondence, such as event reports, statisticalpie charts and relation graphs . In section “Web-mail” there are filters of correspondence in browsers (for example: Google Chrome) events, statistical pie charts and relation graphs. |
|
Microphone recording |
Contains reports in the form of a Heatmap, which show how many records were made for a certain time interval and in the form of an Event type where you can download all records as a single archive. |
Clipboard |
Statistics of clipboard interception in the form of a pie chart and analytical table |
External data storages |
Consists of a chain of filters displaying data on work with external storage devices in the form of an analytical table, heatmap, statistics in pie charts, and event filters. |
Incidents:
System Filter name |
Description |
|---|---|
Violation dynamic |
Incident statistics in the form of a bar chart |
Violators |
Incident statistics in the form of a bar chart |
Violators by department |
Statistics of violators in departments by incident in the form of a pie chart |
Violators by company position |
Statistics of office violators by incidents in the form of a pie chart |
Violations |
Consists of a chain of filters displaying statistical pie charts for reports “Credit Cards”, “Drug addict vocabulary” , “Curse words vocabulary”, “Prohibited web sites”. |
Policies¶
In “Properties” tab of policies you can find the following options: “Policy is enabled”, “Apply to new events” or “Apply to all events” that starts recalculation of all the events processed by this policy.
Let’s consider in more details the subcategories of “Policies” tree.
Productivity policies:
System Filter name |
Description |
|---|---|
Application categories |
Filters for applications launched by users. Each filter has different categories of productivity, depending on the thematic category of filters. To set productivity category, open filter settings -> “Productivity”. |
Web resource categories |
Filters for sites visited by users. Each filter has different categories of productivity, depending on the thematic category of filters. To set productivity category, open filter settings -> “Productivity”. |
Security policies:
System Filter name |
Description |
|---|---|
Credit cards |
Collects statistics on entering credit card numbers. By default, the policy is excluded from the statistics. To make it active, you must put a “check box” on “Policy is enabled.” In the open list of values, you can see a description of the numbers of credit cards on the regular expressions of POSTFIX syntax. |
Curse words vocabulary |
Pre-defined dictionary of profanity. Events get into “Triggered filters -> Incident.”. For this to work, the policy is required to be enabled. |
Messages to yourself |
It marks all events of sending mails to the very e-mail address it was sent from as incident. To disable it, unmark the checkbox “Policy is enabled”. |
Screenshots (captured files) |
Collects captured screenshot files. Events get into the “Triggered Filters”. To disable it, unmark the checkbox “Policy is enabled”. |
Staffcop process search |
Collects statistics on search for the StaffCop agent. Events get into the “Triggered Filters”. To disable it, unmark the checkbox “Policy is enabled”. |
Files in encrypted archives |
Intercepts password-protected archives. Events get into the “Triggered Filters”. To disable it, unmark the checkbox “Policy is enabled”. |
Passwords from browsers |
Intercepts passwords entered in browser forms. Events get into the “Triggered Filters”. To disable it, unmark the checkbox “Policy is enabled”. |
System policies:
System Filter name |
Description |
|---|---|
Auto cleanup |
This policy contains settings for autoclean of the hard disk on StaffCop Server. It can be edited only in Filters and policies in Admin menu. Method: - action perfomed on reaching space threshold. Hdd alarm percentage: - when this threshold is reached on disk drive you will get notification. The backup path: - the path to the folder where database backups will be saved if the threshold is reached and “Move” method is chosen. Default method is “Delete”. Database alarm percentage: when this threshold is reached on disk drive you will get notification. |
Content parser |
When searching for keywords in “Search - Keywords”, output will contain not only events containing keywords, but also events containing intercepted text format files with found keywords. |
OCR |
This system policy is meant for recognizing text in PDF and image files. For this policy the embedded OCR is used by default, although you can use ABBYY OCR SDK <https://ocrsdk.com/> account. Enter you Cloud OCR AppID and password to use the policy. |
Archives scanner |
This system policy starts automatic unpacking of all archives, each file can be downloaded from admin interface |
Report generator |
This system policy is meant for starting filter counting processes in enabled policies. |
Contact parser |
This policy is used for associating mail and messengers accounts with user accounts. |
Syslog connector |
This policy is used for automatic exporting of chosen event types to Syslog of the server. It’s used for integration with SIEM system. |
Dimension cards¶
Dimension card - a summary report displaying characteristics of an object or set of objects and events associated with them in a view most convenient for a given type.
These filters allow you to tune acutely the output of the dimension cards.
System Filter name |
Description |
|---|---|
Computer card |
Consolidated information on events bound to a specific computer |
Account card |
Consolidated information on events bound to a specific account |
Application card |
Consolidated information on events bound to a specific application |
Site |
Consolidated information on events bound to a specific site/domain |
Network connection card |
Information on events bound to a specific network activity |
File card |
Consolidated information on events bound to a specific file |
Device car |
Consolidated information on events bound to a specific device, device type, device ID, and so on. |
Conversation card |
Consolidated information on events bound to a specific dialog, direction, chat, sender domain or recipient domain. |
Installation card |
Consolidated information on events bound to application installation events |