Learn how to filter records to discover and investigate suspicious events
Safetica NXT audits outgoing data transfers from endpoints on which it is installed and provides details about them to the admin. Since users may perform hundreds of such operations every day, Safetica NXT automatically determines which of them are suspicious.
Filter suspicious events to see files that might potentially cause a data loss and need your attention with higher priority than others:1. In Data security > Overview, click the suspicious events link in the upper banner . You can also click the Threat level filter icon in the Event overview table and select Suspicious. To see suspicious events for a specific user, click the red number in the Events per user table.
Suspicious events are then filtered in all the three main elements of the page – the Event overview table, the Events per user table, and the Events in time chart.
2. If you can’t see any results after filtering, try broadening the time range in the upper right corner of the screen.
3. You can see what filters are applied under the upper banner. To remove individual filters, click in the respective tag . To remove all filters, click the Clear all button on the right .
Time range is not shown amongst the filters.
Best practice: Keep the suspicious event filter enabled and only disable it when you want to check the activities of specific users.