Find out how powerful details in Safetica ONE 11 are for incident investigation.
In Safetica ONE 11, details about data, apps, websites, and other events interlink info from various sections of the product and streamline the flow of incident investigation.
In this article, you will learn:
Details always show history from the last 7 days. If you need a longer time frame, you can click a button under the 7-day list to view all actions.
What can you see in the details
In details, you can find info such as applied data classifications, app or website categories, details about top users (listed by active time), what policy was violated and what action was taken by the policy, links to filter out all operations that were blocked by a policy, and many more.
Example: How website detail empowers your investigations
The website detail offers info about both blocked website visits and blocked data uploads to provide the context of all noteworthy security events related to a website.
The admin is suspicious of Facebook activities. They want to investigate what data was uploaded to Facebook and what activities on Facebook were blocked by policies.
Example: How data detail empowers your investigations
The admin sees a suspicious file and wants to investigate it in detail – see problematic operations, users who worked with the file, and actions taken by policies to protect the file. Watch the video to see how it is done.
Example: How app detail empowers your investigations
The admin looks through application categories and notices an issue – there is Notepad in the Text editor category, even though Notepad is forbidden in the company. They decide to check who used the app and what operations were blocked by policies. Watch the video to see how they investigate.