Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Table of Contents |
---|
Filters are an important way to view specific data and can be used to customise the way captures are displayed, cutting down the time spent within the console and ensuring that relevant data is shown for efficient management.
To access the filters, click on the Filters button.
Filter Options
Image RemovedImage AddedUser
One or multiple usernames can be specified. The field uses a ‘like’ search so the exact username does not need to be entered.
PC
A specific device name can be specified to find all captures from one or multiple devices. Also uses a ‘like’ search.
Date
Contains several options to filter based on a date range.
Selecting Other will allow you to specify your own date range and also allows for filtering based on time as well.
ID
Each screenshot is assigned an ID, this can be entered to find a specific capture quickly.
Phrase
A phrase can be specified to find all captures with that phrase only.
Source
A capture source can be selected to see all captures from that source only.
Category
One or multiple categories can be defined to find captures from the specified categories only.
Severity
Select a severity range to view captures with those severities.
Classification
Allows for the filtering of certain website types, for example “News” and “Social Media” etc.
Website
Allows for the filtering of specific websites, this can useful for finding all captures that were created on Facebook or YouTube. It is not necessary to type in the full address.
Application
Filters for the specified application name only, such as teams.exe or chrome.exe.
Equals/Contains
On the far right of the Filter menu there is a toggle option to change the filter to an Equals type search or a Contains type search.
Image AddedEquals will aim to match what has been typed only and Contains will find anything containing the typed entry.
Click on Equals/Contains to switch it to the next type.
Image AddedDisabled/Active
When a filter is applied this will switch to show that its Active. This button is on each filtering option, clicking this button again will switch it to Disabled, removing this part of the filter.
Image AddedImage AddedExample Filter
In this example, Source is the filter selected and Keyboard has been selected as the sub option. We have also elected to search for the Phrase ‘our secret’ as well.
This will display all keyboard only captures for this phrase once the filter has been set to Active. More criteria can be added by choosing options and entering the relevant information.
For example, a category can be chosen to display keyboard captures from one or several categories, further narrowing the capture search.
Excluding Results
It is also possible to filter out settings by de-selecting the Include button.
The option will change to say Exclude and will filter out any results based on what was deselected.
This can be done for most of the filter options.
Saving and Loading Filters
Filters can be used in a one-off situation or can be saved for later use.
Click on the Save Filter button and give the filter a name.
Click Save to finish.
To access and use saved filters, click on the Load Filter button. Saved filters will be selectable from the list.
Filters can be activated from this list by clicking the Active button.
Remove a Filter
To remove the currently applied filter and return to normal viewing, simply click on the Remove Filter button.
This option will only be active if a filter is applied.
Scheduled Reports
A schedule can be added to filters to send a Daily, Weekly, Monthly or other timed report.
Click on Load Filter and click on the schedule button.
You will be shown a list of current schedules against that filter. Click on the plus icon to create a new schedule.
New options will now be available to configure the scheduled report.
Name
Names the schedule.
Recipients
The email address that the report will be sent to. A scheduled filter can only have one recipient at a time.
Repeat Time
Choose when the report should repeat. The report will automatically select the last week’s worth of capture data from the time that the report is set to run.
Time
Choose the time that the report should first run.
A confirmation box will show the schedule has been saved. You can also delete and edit previous schedules from this menu.
Create a weekly or monthly report
Start by clicking on Filters.
Add any other criteria that you want such as categories or a severity range to further tailor the report.
Now save the filter by clicking on Save Filter.
Name the filter weekly or monthly depending on what you chose previously.
A schedule can now be added to the filter by clicking Load Filter and then clicking the schedule button against the newly created filter.
Name the scheduled report appropriately and add the recipient email address.
Note |
---|
A schedule can only have one recipient. You would need to create dd more schedules to a filter if you intend to send to multiple email addresses. |
Select a Repeat Time, we are using Weekly in this example. Then select a date and time that the report should first run.
Info |
---|
The report will automatically select the last week’s worth of capture data from the time that the report is set to run. |
A new message will confirm that the schedule has been saved successfully.
This will now send a weekly report for the previous weeks captures. The schedule will always send ALL captures on the system, regardless of their actioned status (graded, saved or deleted).
This process can also be followed to create a daily or monthly report using the same method as above.
Document number/reference: SEC-KB-USE-004
Classification Level: Public
Related Articles:
Page Tree | ||||||||
---|---|---|---|---|---|---|---|---|
|
Expand | ||
---|---|---|
| ||
|