PA File Sight - Custom Data Set Report
The Custom Data Set Report is a very flexible report which offers the most filtering options to see exactly what you are searching for.
This monitor has the standard report tabs: Report Display Type, Source Data, and Report Group tabs as the rest of the monitors, and as usual, the most
important settings are on the Filters and Parameters tab.
The fields that can be set include:
- Starting date:
Ending date:
Hours/days filter
- See the standard report tabs for information
- File Name
- This field will be used to match against the full path of files and directories in the database. It accepts the * wild-card. You do not have to specify the full path for matching files - if the text you enter is found anywhere in the path, that is a match.
You can use a comma to separate multiple file names. You can put an exclamation mark (!) in front of a file to indicate NOT that file.
Some examples:
.mp3 - return any file that contains .mp3 anywhere in the full path of the file
*.mp3 - the same as above
.docx, .xlsx, .pdf - return any files that contain .docx, .xlsx or .pdf anywhere in the full path
\DOCS\ - return any files that contain \docs\ anywhere in the filepath (checks are not case sensitive)
!authorized - return any files that do NOT contain 'authorized' in the full path
.docx,!authorized - return all .docx files unless 'authorized' is in the full path
- File or Directory
- Indicate whether the search should work on just files, just directories, or both.
- Type of Change
-
Filter the files by the operation that was performed on them. The change can be one or more of:
Audit Changed (file security setting)
Copy (detected by the PA File Sight Endpoint)
Created
Deleted
Failed to Change Audit
Failed to Change Group
Failed to Change Owner
Failed to Change Permission
Failed to Create
Failed to Delete
Failed to Move
Failed to Read
Failed to Rename
Failed to Write
Group Changed (file security setting)
Moved
Owner Changed
Permission Changed
Read
Renamed
Wrote
- Server
- Select the server from which file activity is being reported on
- User
- Select a specific user for which file activity is being reported. A list of users seen will be loaded from the database.
- User Address
- Select a specific user IP address for which file activity is being reported. A list of user IP addresses that have been seen will be loaded from the database.
- User Computer
- Select a specific user's computer name for which file activity is being reported. A list of user computer names that have been seen will be loaded from the database.
- Server Process
- A list of all server processes will be loaded and shown from the database. Specify those that you want to report on. The special System or Network entry is used when the
server operating system was the source of a file operation, OR when the operation came from a remote computer (a request from the network).
- Output Fields
- Control the size of the report by only showing the columns you are interested in
- Hide Empty Columns
- Depending on the report settings and the information available, some fields might be empty. This setting can automatically hide columns where all values within the column are empty.