This chapter describes how to use the Status Window and Log Analyzer.
According to the collected operation logs, the number of operations that may cause information disclosure and number of violations can be aggregated and the trend of operation in the client (CT) can be known.
The logs related to the items that has high possibility of information disclosure will be aggregated and the correspondent number of PCs or smart devices will be displayed.
PCs that exported files
PCs used out of working time
PCs that performed suspicious access
PCs not connected for a long period
Smart devices not connected for a long period
PCs that blocked the use of prohibited USB device
PCs that blocked the use of prohibited account group
Devices (*1) that blocked the use of prohibited application
PCs that blocked prohibited printing
PCs that blocked the sending of email with prohibited attachment
*1: Includes both PCs and smart devices.
Based on the result of aggregation, confirm the details of the department to which the correspondent PC belongs and the details of correspondent PC (Computer name, Applied policy and Group name, etc.).
When the department and PC that requires attention is found, the actual situation of the performed operation can be found by searching the log of that PC.
The following operations have a high possibility of information disclosure and aggregate the number of operations:
File export log
File operation log
Printing operation log
E-mail sending log
Since the result of aggregation can be shown in a graph and the ranking of operations can be displayed according to users and terminals, the executor of corresponding operations, the executing terminal and the times of execution can be easily known.
The time frame of aggregation is set from Jan. 1, 2005 to present.
Refer to "4.2.2 Diagnose Risk of Information Disclosure" for details.
According to the following research objectives, multiple operation types can be aggregated in combination:
Know the violation status
Know the file export status
Know the file operation status
Know the status of applications and E-mail
Know the printing status
Know the Web access status
Know the information disclosure status
Refer to "4.2.3 Aggregate by Objectives" for details.
Note
Notes relating to the start of Web Console
Do not start multiple Web Consoles on one PC.
About handling PrintScreen key prohibition log
This chapter only takes the PrintScreen key prohibition log that is classified as "Violation" type as the target for handling.
Notes when Windows(R) Internet Explorer(R) 10 or later is used
The upper part of the displayed characters will be missing when Windows(R) Internet Explorer(R) 10 or later is used for display.
