User Behavior

User Behavior is a feature of active defense that monitors user IO (Input/Output) operations and records them for administrative review. An administrator can use the User Behavior Reports page to create, open (view), and remove UB reports.

Generating Reports

Reports come in multiple different types including:

  • Summary

  • Raw Operations

  • Users

  • Paths

  • IPs

  • Hosts

  • Datasets

  • Protocols

An administrator may need to generate a new report for updated information on all user activity within a given period of time. Reports can be generated with the selection of numerous different time spans.

Generate raw operations report of the last 7 days

  1. Navigate to the UB Reports page.

  2. Click Create.

  3. Click report type dropdown, and select Raw Operations.

  4. Click the Time dropdown, and select 7d under Last.

  5. Click Apply to set the time, and click Create.

After the report is generated, it will be added to the reports list and will remain in this list until removed. Administrators can view reports by clicking the Open button in the status column. Additional actions are available by using the cogwheel icon under the Action header for the respective report.

  • Remove - Deletes the selected report.

  • Rerun Report - Generates another report with the same configuration.