Effectively Managing Alarms - Reduce the Noise

With the ability to capture almost any kind of data you want from your monitored users, it can be tempting to open the flood gates and collect everything, and while having too much data seems like a good problem to have, at the end of the day, someone will have to sort through all of that to find what matters the most.

 For example, an admin might want to collect more screenshots and set up an alarm to capture one every 10 seconds (as outlined in this article).

 

Screen_Shot_2020-01-27_at_8.46.19_AM.png

Screen_Shot_2020-01-27_at_8.46.25_AM.png

The potential downside to that is the sheer number of screenshots these alarms will generate. For an average eight hour workday, that can generate thousands of screenshots depending on the employee, making it difficult to sort through everything.

 We can still capture more screenshots without grabbing everything by adding a few more conditions to our alarms. 

Let's say we are particularly interested in what an employee is doing inside an internal company website. Maybe we want to have a record of changes they're making to a customer profile inside something like Salesforce.

 Screen_Shot_2020-01-28_at_4.31.55_PM.png

By changing the conditions to be more specific, we accomplish two things:

  1. We no longer have to use the duration condition, which means as soon as the website that triggers this alarm is accessed, screenshots will begin to be captured.
  2. Instead of having to sort through ALL the screenshots being captured, we can more easily filter these screenshots, even using the Alarm Log instead of going through Screenshots > History

Screenshots may not be the best option in every scenario either. While we can capture quite a few screenshots, with a minimum of a ten-second gap between each one, it is possible to miss the activity that needs to be captured.

In this case, Video alarms will provide a much clearer picture of what happened by showing every action taken either 30 seconds after the trigger, or 15 seconds before and 15 seconds after.

For example, a user may not be allowed to access a file sharing service like "Dropbox" because there is a risk of sensitive company documents getting released.

We could create an alarm that would start capturing video as soon as that URL was detected:

Screen_Shot_2020-01-28_at_5.57.36_PM.png

Screen_Shot_2020-01-28_at_5.57.44_PM.png

Given how fast a user can upload a document, screenshots may not be sufficient to catch what the user is doing. 

Adding an email alert also helps to speed up your organization's response time to these unwanted behaviors and ensure you are alerted not only that the behavior occurred, but that you have video evidence of what happened in order to filter out innocent mistakes from malicious actions.


Screen_Shot_2020-01-28_at_6.10.42_PM.png

To learn more about Video Alarms, please check out this article covering them in depth.

While opening up your alarms to capture everything and anything is one way of monitoring your users, by fine-tuning your Alarms you will refine the data collected to be much easier to read and understand which in turn allows you as an admin to spend less time wading through a sea of information and more time on your day to day.

Was this article helpful?

0 out of 0 found this helpful

Comments

No comments