User Activity Alerts and Notifications
While being a non-intrusive, passive user monitoring solution, Ekran System provides real-time, suspicious user activity alert systems to enable quick incident response.
User action alerts are fully customizable so you can configure any number of different rules to trigger real-time notifications using parameters such as:
- User names
- Application names
- Window titles (including e.g. folder or file names)
- Visited URLs
- Types and groups of connected USB devices
- Entered commands and / or parameters (for Linux Clients)
Right after an alert is triggered, your security specialists receive email notification with alerted event details as well as the direct link to the corresponding episode video log.
Assign a risk level to each alert and it will be used in reporting and also when highlighting alerted events in monitoring information.
Responding to Alerts
Such user activity monitoring notifications allow your incident response team to timely detect and quickly analyze an issue in order to take adequate response measures.
In particular, if the user session is still running, a security specialist can quickly analyze the situation in real time by viewing live video feed and block the user if the activity has been considered dangerous. Configuring USB device alert settings, you will be able to block certain devices automatically as soon as they are connected.
Besides easy-to-use tools to build your custom alerting rules, Ekran System deployment includes a library of alert patterns prepared by our experts according to the best security practices.
You can import this default alert library and enable those corresponding to your security strategy.
You can use in-built alert export/import features to re-use your custom configured alert system in various Ekran System Server deployments.
Besides as-it-occurs user activity monitoring notifications, Ekran System software provides a special, suspicious user activity alert report containing details on all triggered alerts for a specified period of time. Thus you can analyze, audit, and cross-check incident response actions.
Combining powerful user activity monitoring and alert functionality, Ekran System remains the most cost-effective solution on the market with a flexible licensing scheme.