User activity reports, statistics, and forensics


Ekran System user activity report and statistics feature gives security specialists a powerful tool to analyze the cyber threat landscape as well as cross-check incident response activities.


While summarized information is provided in a report, a user activity monitoring video log of each session provides all required details for in-depth investigation. Thus you can flag suspicious events in user action statistics and then research them in detail with session analysis.


Ekran System user activity reports comprise crucial data to analyze user behavior such as visited URLs and started applications, captured keystrokes, executed Linux commands with parameters, and plugged-in/blocked USB devices. Each report can be generated in multiple formats including PDF, HTML, Excel spreadsheet, CSV, Text format (simple & rich text), and XML to enable usage within third-party applications. User action statistics are illustrated by pie and bar charts.


Ekran System advanced report types


Ekran System software solution provides advanced report types such as:


  • User activity report provides summary details about all applications used by specified users or user groups within specified time intervals and includes duration of work within each application. This format is important in reporting employee activity monitoring results and can be used to flag suspicious activity of server administrators.
  • A Session Report focuses on the monitored endpoints. It provides detailed information on all user logins to the Client computers and on the total time spent on working with them.
  • A User Statistics Report focuses on users. It provides summarized information on the computers to which they logged in, on the remote IPs from which they logged in, and the total time spent by the users on all the computers.
  • A URL report presents a list of all visited websites (URLs) for the specified users and time intervals together with the duration of time spent on each website. This information is an important addition to employee activity statistics.
  • A Linux report is specifically designed for Linux servers containing all executed Linux commands with parameters for the specified hosts and time interval. Important aspects of this report are that they represent all executed commands, including those in the run scripts.
  • A USB report is related to the USB device management and represents all events related to the USB devices (details on the connected USB devices and USB device blocking events).
  • A USB Storage Grid Report specifically focuses on the most risky type of USB devices – storage devices. It provides the information on all USB storage events, which occurred during the defined time period.
  • A Keystroke report containing all captured keystrokes for the selected users and endpoints during a selected period of time. This information is aligned with the applications and activity titles.
  • An Alert report is related to the real-time alerting functionality and provides information on triggered alerts on suspicious events that appear in the system during a period of time. This report is useful to cross-check incident response activity and audit all potentially dangerous issues.


With report scheduling you can set up rules to get all important summary information regularly delivered to the requisite mailboxes. At any time you can generate an ad-hoc report with customizable parameters.


Internal audit


Ekran System has a specific type of log for all actions performed by Ekran System users within its Management Tool - in particular, installation / uninstallation of Clients, changing monitoring settings, enabling / disabling alerts, etc.


This option allows one to obtain an audit trail on all administrative activity performed in the software system as well as track access to the security monitoring records. Besides being an important aspect of the security process audit, it is required by regulatory compliance norms.


Digital signature and forensic export


Ekran System provides a digital signature and validation option for its records. When enabled, the mechanism allows to digitally sign each monitored session (screenshots and metadata received from Windows Clients) and then check that data integrity in the database has not been altered.

Ekran System permits the export of user activity monitoring results in a forensic format. You can export a full monitored session or a fragment of it into an independent stand-alone protected format. The exported information includes:


  • Video log
  • Synchronized metadata
  • Embedded played and navigation controls


The result is an exe file and to guarantee the integrity of exported monitored data, Ekran System solution signs this file with server-specific e-key, transforming it into a protected format with the opportunity to validate it at any time and use for further investigation and user activity forensics.



Providing multiple tools to organize, securely perform, and report user activity monitoring, Ekran System remains cost-effective for both SMB and big enterprises. Its flexible licensing scheme enables deployments of any size.