Source-based reports

DataSecurity Plus' Endpoint DLP solution offers multiple source-based reports. Follow the steps below to view them:

• Select Endpoint DLP from the application drop-down menu at the top-left corner and navigate to Reports.
• Under Source Based Reports, select which source you'd like to view reports for.
• Choose an Endpoint Name to view audit data for that particular endpoint.
• Select the desired time range using the Periods drop-down.
• Choose your desired Profile to view the audit report for that particular profile.

Each report has multiple profiles configured by default, each of which is defined to apply to different scenarios. To learn about default configuration settings for each profile and how to customize them, follow the steps listed in the audit profile configuration help page.

The following reports can be viewed under Source Based Reports for selected endpoints, periods, and profiles.

File Paste Report

This report lists all file paste actions and the following details:

• Endpoint Name: Shows the name of the endpoint where the paste action was performed.
• Time Generated: Shows the timestamp when the paste event was generated.
• Accessed By: Shows the name of the user who performed the paste action.
• Message: Shows what action was performed, i.e., File Paste.
• Location: Shows the file path where the file was pasted to.
• Process Name: Shows the name of the application through which the paste action was carried out, such as Explorer, Chrome, etc.
• Client Host: Shows the name of the domain the endpoint belongs to.
• Copy Source: Shows the file path where the file was copied from.
• Creation Time: Shows the timestamp when the file was pasted at the destination.
• Last Access Time: Shows the timestamp when the file was last accessed.
• Last Write Time: Shows the timestamp when the file was last modified.

FIM Report

This report lists all file change actions and the following details:

• Endpoint Name: Shows the name of the endpoint where the file change action was performed.
• Client Host: Shows the name of the domain the endpoint belongs to.
• Time Generated: Shows the timestamp when the file change event was generated.
• Accessed By: Shows the name of the user who performed the file change action.
• Message: Shows what action was performed, such as Copy, Paste, Modify, Delete, File Extension Change, etc.
• Location: Shows the file path where the file is currently located.
• New File Name: Shows the new file path of the file. It will be different from the Location in case of file change actions, such as Move, Rename, etc.
• Process Name: Shows the name of the application through which the file change action was carried out, such as Explorer, Chrome, etc.
• USB Event: Shows whether the file change action was carried out on a plugged-in USB device.
• Device Instance Path: Shows the plugged-in USB device's instance ID, if applicable.
• Creation Time: Shows the timestamp when the file was created.
• Last Access Time: Shows the timestamp when the file was last accessed.
• Last Write Time: Shows the timestamp when the file was last modified.

File Share Report

This report lists all file change actions made to shared folders and the following details:

• Endpoint Name: Shows the name of the endpoint where the shared folder is located.
• Time Generated: Shows the timestamp when the file change event was generated.
• Accessed By: Shows the name of the user who performed the file change action.
• Message: Shows what action was performed such as Copy, Paste, Modify, Delete, File Extension Change, etc.
• Location: Shows the file path where the file is currently located.
• New File Name: Shows the new file path of the file. It will be different from the Location in case of file change actions, such as Move, Rename, etc.
• Process Name: Shows the name of the application through which the file change action was carried out, such as Explorer, Chrome, etc.
• Client Host: Shows the name of the domain the endpoint belongs to.
• USB Event: Shows whether the file change action was carried out on a plugged-in USB device.
• Device Instance Path: Shows the plugged-in USB device's instance ID, if applicable.
• Creation Time: Shows the timestamp when the file was created.
• Last Access Time: Shows the timestamp when the file was last accessed.
• Last Write Time: Shows the timestamp when the file was last modified.

Network Share Activity

This report lists all file change actions made to shared folders by accessing the network path and the following details:

• Endpoint Name: Shows the name of the endpoint where the shared folder is located.
• Time Generated: Shows the timestamp when the file change event was generated.
• Accessed By: Shows the name of the user who performed the file change action.
• Message: Shows what action was performed, such as Copy, Paste, Modify, Delete, File Extension Change, etc.
• Location: Shows the file path where the file is currently located.
• New File Name: Shows the new file path of the file. It will be different from the Location in case of file change actions, such as Move, Rename, etc.
• Process Name: Shows the name of the application through which the file change action was carried out, such as Explorer, Chrome, etc.
• Client Host: Shows the name of the domain the endpoint belongs to.

Removable Storage File Activity

This report lists all file change actions made to plugged-in USB drives and the following details:

• Endpoint Name: Shows the name of the endpoint where the USB is plugged in.
• Time Generated: Shows the timestamp when the file change event was generated.
• Accessed By: Shows the name of the user who performed the file change action.
• Message: Shows what action was performed, such as Copy, Paste, Modify, Delete, File Extension Change, etc.
• Location: Shows the file path where the file is currently located.
• New File Name: Shows the new file path of the file. It will be different from the Location in case of file change actions, such as Move, Rename, etc.
• Process Name: Shows the name of the application through which the file change action was carried out, such as Explorer, Chrome, etc.
• Client Host: Shows the name of the domain the endpoint belongs to.
• USB Event: Shows a confirmation that the file change action was carried out on a plugged-in USB device.
• Device Instance Path: Shows the plugged-in USB device's instance ID.
• Creation Time: Shows the timestamp when the file was created.
• Last Access Time: Shows the timestamp when the file was last accessed.
• Last Write Time: Shows the timestamp when the file was last modified.

Email Auditing Report

This report lists information about all outbound emails sent by users with the following details:

• Endpoint Name: Shows the name of the endpoint from where the email was sent.
• User Name: Shows the name of the user who sent the email.
• Process Name: Shows the name of the application through which the email was sent, such as Outlook, Chrome, etc.
• Mail From: Shows the email address of the user who sent the mail.
• Mail To: Shows the email addresses of the recipients.
• Mail Bcc: Shows the email addresses of the recipients added as Bcc.
• Mail Cc: Shows the email addresses of the recipients added as Cc.
• Mail Subject: Shows the email subject.
• Mail Sent Time: Shows the timestamp when the email was sent.
• Mail Classification: Shows the classification label assigned to the email, such as Restricted, Public, etc.
• Attachment ID: Shows the unique ID assigned to the attachments.
• Attachments Count: Shows the number of attachments sent along with the email. Upon clicking the number, the list of attachments, along with its name, classification label, and size, is displayed.

Printer Auditing Report

This report lists information about all print jobs initiated by users with these details:

• File Name: Shows the name of the file sent to print.
• Printer Name: Shows the name of the printer the print job was sent to.
• Endpoint Name: Shows the name of the endpoint from where the print job was sent.
• User Name: Shows the name of the user who sent the print job.
• Time Generated: Shows the timestamp when the print job was sent.
• Total Pages: Shows the number of pages sent to print.
• File Size: Shows the size of the file sent to print.
• Port Name: Shows the name of the port through which the printer communicates with the endpoint.
• Notify Name: Shows the name of the user who is designated to be notified about the status of the print job.
• Printer User Name: Shows the name of the user who configured the printer.

Web Auditing Report

This report lists file changes made through web browsers with these details:

• Endpoint Name: Shows the name of the endpoint where the file change action was performed.
• Time Generated: Shows the timestamp when the file change event was generated.
• Accessed by: Shows the name of the user who performed the file change action.
• Message: Shows what action was performed, such as Copy, Paste, Modify, Delete, File Extension Change, etc.
• Location: Shows the file path where the file is currently located.
• Process Name: Shows the file path of the web browser through which the file change action was carried out, such as Chrome, Firefox, etc.
• Creation Time: Shows the timestamp when the file was created.
• Last Access Time: Shows the timestamp when the file was last accessed.
• Last Write Time: Shows the timestamp when the file was last modified.
• Client Host: Shows the name of the domain the endpoint belongs to.