USER ACTIVITY ALERTS AND NOTIFICATIONS
Ekran System provides actionable alert system to enable quick incident response.
User action alerts are fully customizable so you can configure any number of different rules to trigger real-time notifications and automatic response actions using parameters such as:
- User names
- Application names
- Window titles (including e.g. folder or file names)
- Visited URLs
- Types and groups of connected USB devices (for all Windows clients)
- Typed keywords
- Entered commands and / or parameters (for Linux Clients)
- Warning message
- Automatic response actions
- Block the user, who triggered the alert (forced log out from all sessions with further log in restriction)
- Block the connected USB device of a restricted type
- Kill the related application (process)
You can assign a risk level to each alert and it will be used in reporting and when highlighting alerted events in monitoring information.
When an Alert Is Triggered
You can configure the response to a triggered alert using a combination:
Such user activity monitoring notifications allow your incident response team to timely detect and quickly analyze an issue in order to take adequate response measures.
Your security specialists can be notified about the potentially critical event right at the moment the corresponding alert is triggered. Notifications are delivered via email and / or tray message and contain the direct link to the alerted session. After clicking it, a specialist is redirected to the Ekran player replaying the corresponding episode to analyze the context and take actions.
If this option is set up, a user, who trigger the corresponding alert, will see a customizable warning message. This message can’t be closed immediately but only after a reasonable delay, so that you can be sure that the user has acknowledged performed actions.
Automatic response actions
Besides steps described above, Ekran System can take active actions to respond a critical incident:
Besides easy-to-use tools to build your custom alerting rules, Ekran System deployment includes a library of alert patterns prepared by our experts according to the best security practices.
You can import this default alert library and select a set of them that meets your security strategy.
You can use in-built alert export/import features to re-use your custom configured alert system in various Ekran System Server deployments.
Besides as-it-occurs user activity monitoring notifications, Ekran System software provides a special, suspicious user activity alert report containing details on all triggered alerts for a specified period of time. Thus you can analyze, audit, and cross-check incident response actions.
Combining powerful user activity monitoring and alert functionality, Ekran System remains the most cost-effective solution on the market with a flexible licensing scheme.