Help Center
Quick Start
- Overview
- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting DataSecurity Plus
- Launching DataSecurity Plus
- Configuring your solution
- Licensing details
- Applying a license
File Auditing
- About File Auditing
- Domain configuration
- File server configuration
- Failover cluster configuration
- NetApp server configuration
- Workgroup configuration
Setting up File Audit
Dashboard
Reports
Alerts
Configuration
Storage Configuration
File Analysis
- About File Analysis
- On-Demand Reports
Setting up File Analysis
Dashboard
Reports
Alerts
Configuration
Data Risk Assessment
- About Data risk assessment
Setting up Data risk assessment
Dashboard
Reports
Ownership analysis
Configuration
Endpoint DLP
- About Endpoint DLP
Setting up Endpoint DLP
Reports
Alerts
Prevention policies
Configuration
Cloud Protection
- About Cloud Protection
- Gateway Server Configuration
- Certificate Authority Configuration
- Gateway Configuration in Endpoint
- Manage Certificate Trust Store
- Threat Analytics Database
- Manage Banned Applications
- Manage Authorized Applications
- Gateway Server Failover
- Two-way SSL configuration
- Global Insight
- Application Insight
- User Insight
- Shadow Application Insight
- Banned Application Insight
- Cloud App Discovery
- Cloud Access Reports
- Application Insights
- Shadow Cloud Application Reports
- Banned Cloud Application Reports
- File Upload & Download Reports
Setting up Cloud Protection
Dashboard
Reports
Control Policies
Storage Configuration
Administrative settings
- Technician configuration
- Notification filters
- Manage agent
- Agent settings
- SIEM integration
- Business hours configuration
- Two-factor authentication
- Workgroup configuration
- Security policy
Email configuration
General settings
- Connection
- Personalize
- DataSecurity Plus Server
- Privacy Settings
- Disk utilization
- Schedule Retention Policy
Policy Configuration
Release notes
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
Troubleshooting
- HTTP communication failure
- Dormant DataEngine
- Secure Gateway server failure
- RPC communication failure
- Known issues and limitations
- Known errors and solutions
Guides
- Agent document
- How to Migrate/Move DataSecurity Plus
- How to apply SSL certificate
- How to automate DataSecurity Plus database backup
- How to set alerts in DataSecurity Plus
- How to secure your DataSecurity Plus installation
Custom reports
All DataSecurity Plus technicians can create custom reports. This feature allows them to:
- Define a template for popular reporting use cases in their organization.
- Create special reports for an entity or situation that is not available in the default audit reports.
You can create personalized reports for a particular user, file share, set of actions, or any combination of the filters available in DataSecurity Plus.
Custom reports are different from audit profiles in that they use the raw data collected by the audit profiles and present them to the user in a desired format. Custom reports do not collect new audit details. With custom reports, you essentially apply filters to existing report data and save the filtered configuration as a new report.
Follow the steps below to view the custom report configurations:
- Select File Audit from the application drop-down.
- Go to Configuration > General Settings > Custom Reports.
- Here, you will see the Global Reports and Server-Specific Reports tabs.
- Global Reports: This lists the custom audit reports that are applied to all configured servers. These reports will list details of file activities across the selected servers.
- Server-Specific Reports: In this tab, select a server in the corresponding field to view all the custom report configurations applied in that server, both globally and locally.
Creating and editing reports
A) Global reports
Upon installation, DataSecurity Plus will have nine default global reports, either for one specific file access type or a combination of access types. These will include audit data from every configured file server.
For more information on these default global reports, see Access Audit reports.
Creating custom global reports
To create a custom global report:
- Select File Audit from the application drop-down.
- Go to Configuration > General Settings > Custom Reports.
- Click Add Global Report in the top-right corner.
- Enter a suitable name and description for the new report.
- In the Report visibility section, you can choose one of two options:
- Owner only: This will ensure that the new report will be private to the technician who created the custom report. It will not be visible to other users.
- All users: This option allows the report to be visible to all DataSecurity Plus technicians.
- Under Criteria, use the available filters to choose which entities will be reported on. There is an extensive list of filters that can be applied. Click + to add more than one filter and x to delete a filter.
- Click Save, then click OK to close the confirmation pop-up.
For example, to monitor users creating media or other non-business files in enterprise file storage, the global custom report's criteria must be set as:
User Object = In = ALL
Action = In = Create
File Type = In = Image Files, Other File Types, Audio Files
Another common use case is to report on users' failed attempts to access files during non-business hours. For this, set the criteria as:
User Object = In = ALL
Action = In = Read Deny, Delete Deny, Write Deny
Business Hour = Equals = Non-Business
The new report can now be viewed under Access Audit > Custom Global Reports.
Editing custom global reports
Default global reports cannot be edited. However, custom-created global reports can be edited by the user who created the view. To edit a global report:
- Select File Audit from the application drop-down.
- Go to Configuration > General Settings > Custom Reports.
- From the Custom Global Audit Reports table, select the edit icon next to the report you wish to edit.
- Change the required details, update the required criteria, and click Save.
- Click OK.
Server-specific reports
When earlier installations (prior to build 6060) are updated to the latest build, existing custom reports will be moved to the Server-Specific Reports tab.
Creating custom server-specific reports
To create a custom server-specific report:
- Select File Audit from the application drop-down.
- Go to Configuration > General Settings > Custom Reports.
- Click the Server-Specific Reports tab, then click Add Server Report in the top-right area the table.
- Enter a suitable name and description for the new report.
- In the Report visibility section, you can choose one of two options
- Owner only: This will ensure that the new report will be private to the technician who created the custom report. It will not be visible to other users.
- All users: This option allows reports to be visible to all DataSecurity Plus technicians.
- Under Criteria, use the available filters to choose which entities will be reported on. There is an extensive list of filters that can be applied. Click + to add more than one filter and x to delete a filter.
- Click Save, then click OK to close the confirmation pop-up.
For example, to spot users accessing a folder that contains the CEO's high-level files during non-business hours, the custom report's criteria must be set as:
User Object = In = ALL
Share Path = Starts with = \\FS01\CriticalData\CEO
Action = In = ALL
Business Hour = Equals = Non-Business
In case you want to report on only failed attempts to access the same critical folder, the custom report's criteria must be set as:
User Object = In = ALL
Share Path = Starts with = \\FS01\CriticalData\CEO
Action = In = Read Deny, Write Deny, Delete Deny
Another common use case is to view folders that have been deleted or renamed in the last six months on a particular server, set the custom server-specific report's criteria as follows:
Action = In = Delete and Rename
User Object = In = ALL
Time Generated = Within = 6 = Month(s)
The new report can now be viewed under Access Audit > Custom Server Reports.
Editing custom server-specific reports
To edit a custom server-specific report:
- Select File Audit from the application drop-down.
- Go to Configuration > General Settings > Custom Reports.
- Click the Server-Specific Reports tab.
- From the table, select the edit icon next to the report you wish to edit.
- Change the required details, update the required criteria, and click Save.
- Click OK.
If you want to send out weekly reports to stakeholders on all the read events made on a particular server in that week, you can create a custom report with the below criteria and schedule the report delivery.
- Audit Configuration:
Include: Action = In = Read
To create a schedule for these reports, follow the steps on the Schedule reports help page.
Deleting and disabling reports
To delete a report:
- Select File Audit from the application drop-down.
- Go to Configuration > General Settings > Custom Reports.
- If you want to delete a server-specific report, select that server in the Server-Specific Reports tab. Otherwise, skip this step.
- From the table, check the boxes next to the report(s) you wish to delete.
- Click the delete icon at the top of the table.
- Click OK to confirm the action.
The deleted report(s) will be removed from the Access Audit console.
Alternatively, you can also choose to disable a report temporarily by selecting the report from the table and clicking the disable icon.