Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Table of Contents |
---|
Filters are an important way to view specific data and can be used to customise the way captures are displayed, cutting down the time spent within the console and ensuring that relevant data is shown for efficient management.
Filters
To access the filters, click on the Filters button.
Image RemovedThe following options are available:
Image RemovedUser – oneImage Added
Filter Options
Image AddedUser
One or multiple usernames can be specified. The field uses a ‘like’ search so the exact username does not need to be entered.
PC
- aA specific device name can be specified to find all captures from one or multiple devices. Also uses a ‘like’ search.
Date
– containsContains several options to filter based on a date range.
Image RemovedImage AddedSelecting Other will allow you to specify your own date range and also allows for filtering based on time as well.
ID
– eachEach screenshot is assigned an ID, this can be entered to find a specific capture quickly.
Phrase
– aA phrase can be specified to find all captures with that phrase only.
Source
– aA capture source can be selected to see all captures from that source only.
Image RemovedImage AddedCategory
– oneOne or multiple categories can be defined to find captures from the specified categories only.
Severity
– selectSelect a severity range to view captures with those severities.
Image RemovedImage AddedClassification
– allowsAllows for the filtering of certain website types, for example “News” and “Social Media” etc.
Website
– allowsAllows for the filtering of specific websites, this can useful for finding all captures that were created on Facebook or YouTube. It is not necessary to type in the full address.
Image RemovedImage AddedApplication
- filtersFilters for the specified application name only, such as teams.exe or chrome.exe.
Example Filter
Image RemovedIn this example, Source is the filter selected and Keyboard has been selected as the sub option. We have also elected to search for the Phrase ‘our secret’ as well.
Image RemovedImage AddedImage Added
This will display all keyboard only captures for this phrase once the filter has been set to Active. More criteria can be added by choosing options and entering the relevant information.
For example, a category can be chosen to display keyboard captures from one or several categories, further narrowing the capture search.
Excluding Results
It is also possible to filter out settings by de-selecting the Include button.
Image RemovedImage AddedThe option will change to say Exclude and will filter out any results based on what was deselected.
Image RemovedFor the above example, we have excluded the phrase ‘our secret’ from the filter which will remove any results for that phrase from the current view.Image AddedThis can be done for most of the filter options.
Saving and Loading Filters
Filters can be used in a one-off situation or can be saved for later use.
Click on the Save Filter button and give the filter a name.
Image RemovedImage AddedClick Save to finish.
Image RemovedImage AddedTo access and use saved filters, click on the Load Filter button. Saved filters will be selectable from the list.
Filters can be activated from this list by clicking the Active button.
Image RemovedImage AddedRemove a Filter
To remove the currently applied filter and return to normal viewing, simply click on the Remove Filter button.
This option will only be active if a filter is applied.
Scheduled Reports
A schedule can be added to filters to send a Daily, Weekly, Monthly or other timed report.
Click on Load Filter and click on the schedule button.
You will be shown a list of current schedules against that filter. Click on the plus icon to create a new schedule.
New options will now be available to configure the scheduled report.
Name
Names the schedule.
Recipients
The email address that the report will be sent to. A scheduled filter can only have one recipient at a time.
Repeat Time
Choose when the report should repeat. The report will automatically select the last week’s worth of capture data from the time that the report is set to run.
Time
Choose the time that the report should first run.
A confirmation box will show the schedule has been saved. You can also delete and edit previous schedules from this menu.
Create a weekly or monthly report
Start by clicking on Filters.
Add any other criteria that you want such as categories or a severity range to further tailor the report.
Now save the filter by clicking on Save Filter.
Name the filter weekly or monthly depending on what you chose previously.
A schedule can now be added to the filter by clicking Load Filter and then clicking the schedule button against the newly created filter.
Name the scheduled report appropriately and add the recipient email address.
Note |
---|
A schedule can only have one recipient. You would need to create dd more schedules to a filter if you intend to send to multiple email addresses. |
Select a Repeat Time, we are using Weekly in this example. Then select a date and time that the report should first run.
Info |
---|
The report will automatically select the last week’s worth of capture data from the time that the report is set to run. |
A new message will confirm that the schedule has been saved successfully.
This will now send a weekly report for the previous weeks captures. The schedule will always send ALL captures on the system, regardless of their actioned status (graded, saved or deleted).
This process can also be followed to create a daily or monthly report using the same method as above.
Document number/reference: SEC-KB-USE-004
Classification Level: Public
Related Articles:
Page Tree | ||||||||
---|---|---|---|---|---|---|---|---|
|
Expand | ||
---|---|---|
| ||
|