POLICIES
      Back to home
      1. Safetica
      2. PROTECTION: Set up your data protection
      3. POLICIES

      Auditing policies: Decide which data-related activities to audit

      Safetica can audit data-related activities on protected devices. Learn to properly create auditing policies to gain insight into company data.

      Introduction

      Safetica records data-related activities on protected devices, such as creating new files, copying them to different locations, uploading them to the web, printing, deleting, and renaming files, etc. Safetica filters out system operations and records only user activities.

      This article provides insights into creating auditing policies to effectively audit company data. You will learn more about:

       

      Enabling auditing of data-related activities

      • In Policies > Auditing, you can customize which data-related activities will and won’t be recorded by Safetica and for whom.
      • Auditing results are displayed in the Data section and can help you facilitate the implementation of protection policies.
      • Safetica can audit:
        • Applications: Safetica records activities performed in running applications.
        • External devices: Safetica records the connection/disconnection of USB storages (USB drives, external drives, etc.). 
        • Emails: Safetica records all email communication. The visibility of certain email-related records depends on the license you purchased.
        • Files: Safetica records file operations performed by users (opening files, sending files, etc.).
        • Print: Safetica records printing of documents.
        • Websites: Safetica records visited websites.

       

      Creating an auditing policy

      To create a new auditing policy:

      1. Go to Policies > Auditing and click Add policy.
      2. Enter the policy name and then click Add auditing rules.
      3. Select one or more rules to specify which activities should be audited.
      4. Select to which users/teams should the policy apply.

      5. Change the policy status on the right side to Enabled. You can also do this by toggling the switch next to the policy name in the list.

      Creating a custom policy allows you to easily set exceptions for selected users or teams. Just place the “exception policy” above more general policies applied to the whole company.

      Example: Creating an exception from file audit

      If you decide to enable Files in an auditing policy, Safetica will record all file operations (such as when a user opens a file or sends a file). If you then decide you want to disable file audit for the Development team but keep it enabled for the rest of the company, you can create an “exception policy” – with file audit disabled for Development. Do not forget to place the exception policy above the general one in the policy list.

       

      macOS limitations

      Auditing features on macOS devices are slightly limited:

      • Printing is recorded for mapped printers (both physical and virtual) only.
      • Virtual printing into files (such as virtual printing into .pdf) is not recorded.
      • Website visits are audited only for Safari and Chrome browsers. In Firefox and Opera, only web downloads are recorded.
      • Incoming and outgoing email communication via email clients is audited only for Apple Mail app
      • Move operations performed within one physical drive (including folders synced to the cloud) are not recorded.
      • The following destination types are not audited on macOS devices: FTP, RDP, git, external CD/DVD, virtual printer.

       

      Read next:

      Data classification in Safetica

      Policies: How they work in Safetica

      Policies: How to create them

      Data policies: how they work