User Behavior

User Behavior is a feature of Active Defense that monitors user IO operations and records them for administrative review. An administrator can use the UB Reports page to create, view, and remove UB reports.

Reports

Reports come in the following types:

  • Summary

  • Raw Operations

  • Users

  • Paths

  • IPs

  • Hosts

  • Datasets

  • Protocols

An administrator may need to generate a new report for updated information on all user activity within a given period of time. Reports can be generated with the selection of numerous different time spans.

Generate reports

  1. Navigate to the UB Reports page.

  2. Click Create.

  3. Select a Report Type.

  4. (Optional) Select the Activity Type. The default will report on all activity.

  5. (Optional) Enter a description for the report.

  6. Select the Pool the report is generated from.

  7. Specify a Time for the report to cover.

  8. Click Apply to set the time.

  9. (Optional) Specify a Time of Week for the reports to include or exclude. See the tool tips for more info.

  10. (Optional) Specify the Users for the report to cover. The default will report on all users.

  11. (Optional) Specify the IP Addresses for the report to cover. The default will report on all addresses.

  12. (Optional) Specify the Hosts for the report to cover. The default will report on all hosts.

  13. (Optional) Specify the Paths for the report to cover. The default will report on all paths in the pool.

  14. (Optional) Specify the file Extensions for the report to cover. The default will report on all types of extensions in the pool.

  15. (Optional) Specify a Base Path. Any previously specified Paths will be relative to this base path.

  16. (Optional) Specify the Datasets for the report to cover. The default will report on all datasets in the pool.

  17. (Optional) Select the Operation Types for the report to cover. The default will report on all types of operations.

  18. (Optional) Specify at least one Operation StatUs for the report to cover. These are numerical and based on UNIX error codes, with 0 being a successful operation.

  19. (Optional) Select the Protocols for the report to cover. The default will report on all protocol types.

  20. (Optional) Enable the Case Sensitive slider. This will cause all previously entered text to be considered case sensitive.

  21. (Optional) Specify the Operation Meta for the report to cover. These are operation-specific metadata values that vary depending on the type of operation.

  22. Click Create.

View reports

  1. Navigate to the UB Reports page.

  2. Click the action cog (Gear) next to the desired report.

  3. Select Open from the dropdown menu.

After the report is generated, it will be added to the reports list and will remain in this list until removed. Administrators can view reports by clicking Open in the status column. Additional actions are available by using the cogwheel icon under the Action header for the respective report.

  • Remove - Deletes the selected report.

  • Rerun Report - Generates another report with the same configuration.

Remove reports

  1. Navigate to the UB Reports page.

  2. Click the action cog (Gear) next to the desired report.

  3. Select Remove from the dropdown menu.

  4. Click Remove.

Edit reports

  1. Navigate to the UB Reports page.

  2. Click the action cog (Gear) next to the desired report.

  3. Select Edit Report from the dropdown menu.

  4. (Optional) Change the Report Type.

  5. Click Create.