background image

C

ONFIGURE

, T

EST

 

THE

 E

NTERPRISE

 R

EPORTER

    

A

PPENDIX

 B: E

XPORT

 

AND

 S

AVE

 S

UMMARY

 R

EPORTS

44

8

E

6 T

ECHNOLOGIES

, E

NTERPRISE

 R

EPORTER

 E

VALUATION

 G

UIDE

PDF

This is a sample of the Categories report in the PDF format, saved with a .pdf file 
extension:

Categories report, PDF format

Examples of other report formats are provided in the 

Enterprise Reporter Web 

Client User Guide

.

Summary of Contents for Enterprise Reporter ER HL/SL

Page 1: ... Enterprise Reporter EVALUATION GUIDE Models ER HL SL Software Version 5 0 00 Document Version 01 07 09 ...

Page 2: ...this document However 8e6 Technologies makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose 8e6 Technologies shall not be liable for any error or for incidental or consequential dam ages in connection with the furnishing performance or use of this manual or the examples herein Due to future enhancements ...

Page 3: ...roup 6 Group Definitions frame 7 Define a User Group 7 Rebuild Groups 8 Use Enterprise Reporter to conduct an investigation 9 Use Enterprise Reporter Canned Reports 10 How to generate a Canned Report 11 How to export a Canned Report 13 Use Enterprise Reporter Drill Down Reports 13 How to generate a Summary Drill Down Report 14 Summary Drill Down Report navigation 15 Report columns 15 Filter column...

Page 4: ...3 By Category User Site 32 Appendix B Export and Save Summary Reports 33 Record exportation tip 33 Step 1 Select records to be exported 33 Step 2 Use header buttons for report customization 33 Step 3 Export a Summary Drill Down Report 34 How to save a Summary Drill Down Report 35 Other Summary Report tools 37 Set Result Limit 37 Report fields 37 Type field 37 Date Scope and Date fields 37 Display ...

Page 5: ...ompromising filtering perfor mance or impacting network functions Built on a dedicated MySQL server data base that works in conjunction with 8e6 s R3000 Internet filtering appliance the Enterprise Reporter handles substantial amounts of Internet traffic because of its unique processing approach which pre processes and indexes data in a format conducive to high speed retrieval Note to Evaluators Th...

Page 6: ...rnet Filter Evaluation Guide for instructions on how to setup the filter Disable Pop up Blocking Software Please note that a user with pop up blocking soft ware installed on his her workstation will need to disable pop up blocking in order to use the Client Evaluation Best Practice Once the appliance is installed allow the Enterprise Reporter to run for several days prior to evaluating reports in ...

Page 7: ...hat is organized to follow the natural flow of an investigation of anomalous Internet activity This section of the evaluation guide leads the evaluator in a linear fashion through the most common and useful features of the Enterprise Reporter starting with the elements that should be configured first then moving on to the usage of the many different types of reports available in the Reporter You a...

Page 8: ...reate edit or delete a category group click Category Groupings in the Settings menu to display the Category Groupings window in the right panel Category Groupings window The Category Groupings window is comprised of two frames used for setting up and maintaining category groupings Group Information and Group Definitions Group Information frame The Group Information frame displays to the left in th...

Page 9: ...st box in this frame For evaluation purposes select Pornography Adult Content as the only category in this category group 2 Click the Add To Group button to open the Add To Group pop up box Add To Group 3 Select a category from the pop up box by clicking on your choice to highlight it TIP To select multiple categories press the Ctrl key on your keyboard and then click on categories to highlight th...

Page 10: ...e User Groups To create edit or delete a user group click User Groupings in the Settings menu to display the User Groupings window in the right panel User Groupings window The User Groupings window is comprised of two frames used for setting up and maintaining user groupings Group Information and Group Definitions Group Information frame The Group Information frame displays to the left in the User...

Page 11: ...valu ation 2 Click the Add To Group button to open the pop up box where you define users to be added excluded to from the group Add Users to group TIPS To view a list of all users go to the Individual Adds Removes frame and click the Show All button to display the list of users in the list box To clear your entries in this pop up box without accepting them do not click any of the buttons in the fr...

Page 12: ...es frame if you know which users you would like to add exclude to from the group you can bypass the step for showing all users and making your selections To use this shortcut enter the criteria in the Please enter a filter field along with the wild card and then click the Apply Filter button to display your results in the list box 4 After you have made your entries click Close to close the pop up ...

Page 13: ...t end user has been visiting This detailed information provides a wealth of information on the exact time the page was visited the user s IP address whether the site was blocked by the R3000 filter how it was blocked e g in URL library blocked keyword proxy pattern blocking etc and the full length URL By viewing this detail the admin istrator can obtain an accurate gauge of the user s intent wheth...

Page 14: ...Description list from the Settings menu Top 20 Users by Page Count bar chart report based on each end user s total page count Top 20 Users by Malware Hit Count bar chart report based on each end user s total hit count from the following categories in the Security Internet Productivity and Internet Communication Instant Messaging category groups BotNet Malicious Code Virus Bad Reputation Domains Sp...

Page 15: ...it the default report page will not show any thumbnail images or bar chart report in the right panel and the following text displays This report cannot be displayed because there is no data to show for this report 2 Click a menu topic in the navigation panel for the time period to be included in the report Yesterday Last Week Last Month Week to Yesterday or Month to Yesterday 3 Click a thumbnail i...

Page 16: ...ncludes the following information Bar chart name of category username username path URL or site IP address or user group name and corresponding bar graph Pie chart color coded pie graph and key showing a maximum of 15 categories or user groups Any categories or user groups with page counts totaling less than one percent are grouped together under the Others Combined label The footer of the report ...

Page 17: ... next step in the investigation would be to drill down into the particular category or user information This section provides information about drill down reports that let you query the database to access more detailed information about end user Internet activity The following types of reports can be generated Categories includes data in each filter category that was set up for monitoring user act...

Page 18: ...eader section includes buttons for customizing the current view New Report Modify Report Export Report Save Report and Set Result Limit The following information displays beneath the row of buttons Report type Display criteria Date Search criteria Sort by criteria Beneath this row of data the navigation path for the first record in the current report view displays to the far left The Record naviga...

Page 19: ...n this tool in order to generate meaningful reports Report columns Filter and count columns display in the body of drill down report views These columns are used for specifying additional information to be included for records or for sorting records by a different column Filter columns and buttons Filter columns display after the column containing the record name and precede the Count columns Cate...

Page 20: ...me user additionally visits www espn com scores the total number of sites visited would still count as three and not as four because the latter page is on the original ESPN site that was already counted Page Count displays the total number of pages visited A user may visit only one site but visit 20 pages on that site If a user visits a page with pop up ads these items would add to the page count ...

Page 21: ... Web page contains an active banner ad that refreshes the page every 10 to 30 seconds a user could show an incredibly high page count and many minutes even though only one page was opened by that user Sort records by another column To sort records in ascending descending order by a specified column click that column s header Category Count IP Count User Count Site Count Page Count Object Count or ...

Page 22: ... detailed URL information to confirm the exact pages visited by the suspected policy violator To access the detail drill down report click the arrow to the right of any record in the Page Count column of the Summary Drill Down Report Down arrow to the right of a record in a column Report type columns Below is a description of each column available in the detail drill down report view The administr...

Page 23: ...Blocking Pattern Proxy Pattern Blocking File Type Https Medium HTTPS Filtering Level set at Medium or N A if the content was unclassified at the time the log file was created Content the Content column includes content type criteria used for deter mining the categorization of the record or N A if unclassified Search String the Search String column includes the full length search string information...

Page 24: ...ord in the Page Count column of the Summary Drill Down Report Page Count column down arrow to the right Step 2 Sort by Filter Action column Clicking the Filter Action column header will sort all records by the type of filter action whether the event was blocked allowed or warned Blocked searches will be highlighted in red font for easier detection Filter Action column Step 3 Full URL review The fu...

Page 25: ...eviewing a suspected policy violator s Internet activity in the Detail Drill Down Report the administrator will have firm evidence on the user s intent which is critical forensic information to have in the event the investigation moves to the disciplinary phase Step 5 Sort by Search String Sort by the column labeled Search String by clicking that column header This will sort all records alphabetic...

Page 26: ...ides an intuitive setup process for gener ating custom reports for one time use or for recurrence at scheduled time periods The Custom Report Wizard option is available from the Custom Reports menu accessed from the navigation panel Custom Report Wizard window Generate a new Custom Report To generate a specific user custom report 1 Select radio button next to Specific User Detail by Page and click...

Page 27: ...ank to gather the most information about the user s activity User IP to perform a query on the activity of a specific machine enter the IP address of the machine e g 200 10 100 174 For evaluation purposes leave this section blank to gather the most information about the user s activity Username to perform a query on the activity of a specific user enter the username e g tjohnson You can use the ch...

Page 28: ...ng monitoring specific user activity Once the specific user report has been generated the administrator can choose to export and save the report for documenting a case against the policy violator and can also schedule the report to run in the future to monitor this individual on an ongoing basis Export a Custom Report 1 Click the Export Report button to open the Export Custom Report pop up box Exp...

Page 29: ... in the From Date and To Date fields If you wish to change the date scope make a selection from the following choices in the Date Scope pull down menu Today Month to Date Monthly Year to Date Daily Yesterday Month to Yesterday Year to Yesterday Last Week Last Weekend Current Week Last Month For evaluation purposes select Last Week 5 Choose the break type output type and format Break type available...

Page 30: ...layed for the end user Warn Allowed for any subsequent warning page that displayed for the end user X Strike or N A if the filter action was unclassified at the time the log file was created Content Type information this column will include the method used by the R3000 in creating the record Search KW Search Engine Keyword URL KW URL Keyword URL Wildcard Https High HTTPS Filtering Level set at Hig...

Page 31: ...n is used for maintaining a schedule for generating a customized report Event Schedule window administrator login If logged in as the administrator all scheduled events display If logged in as a manager only the events scheduled by that manager login ID display If the Web Client Scheduler is turned off the message To view event schedules please enable Web Client scheduler using ER Admin GUI displa...

Page 32: ...e and AM or PM NOTE The default Start Time is 8 00 AM If you wish to run a report today and this time has already passed be sure to select a future time TIP Click Cancel to return to the Event Schedules window without saving your edits 7 Click Save to add the scheduled event The custom report will now be sent automatically at the pre defined time on an ongoing basis until the administrator deletes...

Page 33: ...tail below A complete description of all other sample reports is available in the Enter prise Reporter Web Client User Guide How to generate a Sample Custom Report 1 Choose Sample Custom Reports from the Custom Reports menu and then click one of the following available selections to open a separate browser window containing the generated canned report in the PDF format Top 20 Categories by Page Co...

Page 34: ... the name of the report displays The footer of the reports contain the following information today s date MM DD YYYY and time HH MM SS AM PM the report was generated Page number Filter None Generated by manager s login ID Examples of available Sample Custom Reports Sample Report 1 Top 20 Users by Category User This report shows the top 20 users for each of the categories in the 8e6 library This is...

Page 35: ...ER EVALUATION GUIDE 31 Sample Report 2 Top 20 Sites by User Site This report will document the top 20 sites visited for every user in the organization This is a useful tool in monitoring the high level Web activity of users and can help fine tune sites the administrator allows users to access Sample User Sites report ...

Page 36: ...xample of a triple break report that shows all activity on the network broken out by category then user and then site This is a useful report if the administrator is looking for an all encompassing view of Internet activity within the organization However please note that this is usually a very lengthy report since it captures all user information by site Sample Category User Sites report ...

Page 37: ...ect all records click the checkbox in the column header Clicking the checkbox in the column header again reselects all records Step 2 Use header buttons for report customization Clicking one of the buttons at the top of the summary report view opens a pop up box that lets you customize the current report view The following buttons are avail able New Report this option lets you generate a drill dow...

Page 38: ...n the Report fields sub section 2 At the Data to export field select the amount of data to be exported from the pull down menu All the Rows on this Page or Only the Selected Rows on this Page The second selection is available only if some of the records in the report view were de selected 3 After making selections and or entries in all fields click the Email or View button to close this pop up box...

Page 39: ...scription field in the Saved Custom Reports option accessible via the Custom Reports menu 4 The date scope for the current report view displays in the From Date and To Date fields If you wish to change the date scope make a selection from the following choices in the Date Scope pull down menu Today Month to Date Monthly Year to Date Daily Yesterday Month to Yesterday Year to Yesterday Last Week La...

Page 40: ... in this field click the Hide Un Identified IPs checkbox to remove or add a check mark in the checkbox By entering a check mark in this checkbox activity on machines not assigned to specific end users will not be included in report views Changing this selection will not affect the setting previously saved in the Options window 7 If pertinent make a selection for additional reporting options For do...

Page 41: ... used for specifying the report type by which the generated report view will be sorted This field is available in the Drill Down Report pop up box via the New Report option and in the Single User Group window At the Type field make a selection from the pull down menu for one of the avail able report types Categories IPs Users Sites Category Groups User Groups and the current report format displaye...

Page 42: ...y Year to Yesterday this option generates the report view for the range of days that includes the first day of the current year through yesterday Last Week this option generates the report view for all days in the past week beginning with Sunday and ending with Saturday Last Weekend this option generates the report view for the past Saturday and Sunday Current Week this option generates the report...

Page 43: ...tion from the pull down menu for the order in which to display the sort option count Ascending Descending Break type field The Break type field is used for indicating the manner in which records will display for the specified format when the report view is emailed or viewed This field is available in the Export Drill Down Report pop up box via the Export Report button and in the Save Custom Report...

Page 44: ...d The Records field is used for specifying the number of records that will display for the selected sort option By default N A displays greyed out and this field becomes activated when a Top item Count is selected at the Amount shown field In the activated Records field the number saved in the Default Options window displays by default This number can be edited to indicate the number of records to...

Page 45: ...h the file will be sent as an email attach ment WARNING If using a spam filter on your mail server email messages or attachments sent by the Client might not be delivered if these messages contain keywords that are set up to be blocked Consult with the administrator of the mail server for work around solutions between the spam filter and mail server 1 In the Export Drill Down Report pop up box cli...

Page 46: ... the upper right corner of the Email Result pop up box to close it View and print options The view and print options for exporting reports let you view print the report in the specified file format The view option lets you make any necessary adjustments to your report file settings prior to printing the report To print the report you must have a printer configured for your workstation Click the Vi...

Page 47: ...s are available for emailing and viewing MS DOS Text PDF Rich Text Format HTML Comma Delimited Text Excel English NOTES 8e6 recommends using the PDF and HTML file formats over other file format selections in particular for detail reports since these files display and print in a format that is easiest to read Lengthy text in PDF HTML and Rich Text Format files wraps around within the column so all ...

Page 48: ...RTS 44 8E6 TECHNOLOGIES ENTERPRISE REPORTER EVALUATION GUIDE PDF This is a sample of the Categories report in the PDF format saved with a pdf file extension Categories report PDF format Examples of other report formats are provided in the Enterprise Reporter Web Client User Guide ...

Reviews: