Reports – ByStorm

User Activity Reports

Name	Description
After-hours activity	This "detail" report shows file activity that occurs after hours and on weekends; nice for knowing who is doing what when everyone else is gone. The report is grouped by user.
Number of deleted files	This "at a glance" report sorted by user name allows you to quickly find how many files a certain user has deleted. This report is more useful for trend analysis than it is for abnormal behavior detection.
Number of files opened for read access	This "at a glance" report sorted by user name allows you to quickly find how many files a certain user has opened for reading. This report is more useful for trend analysis than it is for abnormal behavior detection.
Number of files opened for write access	This "at a glance" report sorted by user name allows you to quickly find how many files a certain user has opened for writing. This report is more useful for trend analysis than it is for abnormal behavior detection.
Delete access denied	This "detail" report shows all the attempts to delete a file that were denied either by FileSure Defend OR native-Windows security; it is useful for detecting users attempting to delete files that they shouldn't be.
Files copied	This "detail" report shows all the files that have been copied by common means (Windows Explorer, XCopy or the Copy command). The report is not limited to a certain device and will report all file copies. Since this report uses a process name, it is most useful when reporting on workstation file activity.
Files created	This "detail" report shows all the files that have been created by each user. This report is useful for see what sort of information users are storing on the server. The report is grouped by user.
Files deleted	This "detail" report shows all the files that each user has deleted. Monitoring file deletion is useful for detecting inappropriate activity by a user. This report is perfect for sending to department managers.
Files renamed	This "detail" report shows all the files that each user has renamed. Monitoring file renames is useful for detecting inappropriate activity by a user. This report is perfect for sending to department managers.
Files possibly sent with web mail	This "detail" report shows all the files that have been read by Internet Explorer and FireFox. The reading of a file by an internet browser often indicates that the file is being sent via web mail. Since this report uses a process name, it is most useful when reporting on workstation file access activity.
Potential File theft	This "detail" report shows all the files that have been read by Internet Explorer and FireFox and all files written to a removable drive. The reading of a file in an internet browser often indicates that the file is being sent via web mail. Since this report uses a process name, it is most useful when reporting on workstation file access activity.
Files written to a removable drive	This "detail" report shows all the files that have been written to a removable drive. Writing files to a removable drive often indicates that someone is taking some work home which is moving it outside the security measures that are in place in the office. Additionally, this is one of the more methods for data loss/theft.
Folders deleted	This "detail" report shows all the folders that have been deleted by each user. This report is useful for monitoring the folder deletions of a suspect employee.
Folders renamed	This "detail" report shows all the folders that have been renamed by each user. This report is useful for monitoring the folder renames of a suspect employee.
Folders moved	This "detail" report shows all the folders that have been moved by each user. This report is useful with the "accidental dragger" problem, which is when someone drags a folder to another location by accident.
Read access denied	This "detail" report shows all the attempts to read a file that were denied either by FileSure Defend OR native-Windows security; it is useful for detecting users attempting to read files that they shouldn't be accessing.
Root folders moves	This "detail" report shows the root folders that have been moved. Moving root folder should rarely occur and can cause great pain when they do. This report identifies what user moved the folder and when.
File security changed	This "detail" report shows all the security changes that have occurred. Changing file security can open a security breach and allow unintended users access to otherwise secure data; it's important to be aware of these changes and who made them.
Touched files	This "detail" report shows all files that have been read, written to, deleted, moved or had its security changed. It can be a very large report and is only useful to make auditors happy.
Write access denied	This "detail" report shows all the attempts to write to a file that were denied either by FileSure Defend OR native-Windows security; it is useful for detecting users attempting to write to files that they shouldn't be accessing.

File Access Summary Reports

Name	Description
Number of files created	Typically file servers chug along just fine, but then someone, somewhere decides to copy their entire music library to their home share...all 30 thousand songs. This "at a glance" report will help you find people doing bulk copies TO the server. This report is sorted by the number of files created.
Number of files deleted	This "at a glance" report will help you find people doing bulk deletes from the server, which probably shouldn't happen very often. This report is sorted by the number of files deleted.
Number of files opened for read access	If you need to migrate a server, this is a handy "at a glance" report to show you who is still using the old server. This report is sorted by the number of files opened for read access.
Number of files opened for write access	This "at a glance" report will help you find people doing bulk writes to a server, since bulk operations are typically automated, a program writing to bunches of files is rarely a good thing. This report is sorted by the number of files opened for write access.
Files deleted	This "detail" report is useful to review all the files that have been deleted from a file server. This is a nice report to e-mail to department managers. The report is ordered by file path so managers can search for a deletion of a specific file.
Folders deleted	This "detail" report is useful for reviewing what folders are being deleted. Folder deletions should?t occur that often and should be investigated. The report is ordered by folder path so a specific folder deletion can be found easily.
Time of file deletions	This "detail" report is useful for watching for file deletions during suspicious times, for example file deletions after hours. Evil doers like try to hide what they are doing, so they tend to do them when they believe that no one is watching. The report is ordered by time.
Time of folder deletions	This "detail" report is useful for watching for folder deletions during suspicious times, for example folder deletions after hours. Evil doers like try to hide what they are doing, so they tend to do them when they think no one is watching. The report is ordered by time.

FileSure Configuration Changes and Exceptions Reports

Name	Description
FileSure log errors	This "detail" report is useful for IT personnel to monitor FileSure for problems; a perfect choice for e-mailing an IT administrator.
FileSure log information	This "detail" report is useful for security administrator to watch for changes to the overall FileSure system. The entries of this report are typically configuration changes performed by a user; a perfect choice for e-mailing the security administrator.
FileSure log complete	This "detail" report is useful when the security administrator and the IT administrator are the same person. This report will show both FileSure errors and FileSure configuration changes.
FileSure rule change report	This "detail" report shows all the changes that have occurred to the FileSure rules. This report is useful for watching what changes are being made to the file security and auditing system; perfect for a security administrator.
FileSure log errors	This "detail" report is useful for IT personnel to monitor FileSure for problems; a perfect choice for e-mailing an IT administrator.