M86 Security 700 Instruction sheet
M86 Security Reporter
EVALUATION GUIDE
Models: 300, 500, 700, 705, 730, 735
Software Version: 3.0.00
Document Version: 10.30.10
II M86 SECURITY EVALUATION GUIDE
M86 SECURITY REPORTER INSTALLATION GUIDE FOR
300, 500, 700, 705, 730, 735 MODELS
© 2010 M86 Security
All rights reserved. Printed in the United States of America
This document may not, in whole or in part, be copied, photocopied, reproduced, trans-
lated, or reduced to any electronic medium or machine readable form without prior writ-
ten consent from M86 Security.
Every effort has been made to ensure the accuracy of this document. However, M86
Security makes no warranties with respect to this documentation and disclaims any
implied warranties of merchantability and fitness for a particular purpose. M86 Security
shall not be liable for any error or for incidental or consequential damages in connec-
tion with the furnishing, performance, or use of this manual or the examples herein.
Due to future enhancements and modifications of this product, the information
described in this documentation is subject to change without notice.
Trademarks
Other product names mentioned in this manual may be trademarks or registered trade-
marks of their respective companies and are the sole property of their respective man-
ufacturers.
Part# SR-EG-101030
M86 SECURITY EVALUATION GUIDE 1
CONTENTS
S
ECURITY
R
EPORTER
E
VALUATION
G
UIDE
.......................................................1
Product Overview............................................................................................................ 1
Note to Evaluators. ......................................................................................................... 1
Install, Configure, and Test the Security Reporter. ..................................................... 2
About this Evaluation Guide. ......................................................................................... 2
S
ECTION
1: P
RODUCTIVITY
R
EPORTS
..............................................................3
Understand the most common and useful features. ................................................... 3
Use Custom Category Groups to narrow your search................................................ 4
How to add a Custom Category Group .................................................................................... 4
Use custom User Groups to narrow your search. ....................................................... 5
How to create User Groups ......................................................................................................5
Patterns frame ...................................................................................................................6
IP Ranges frame ................................................................................................................7
Single Users/Exclude frame . .............................................................................................8
How to Rebuild a User Group ..................................................................................................8
Use Security Reporter to conduct an investigation..................................................... 9
Use Summary Reports for a high level overview....................................................... 10
How to generate a Summary Report ......................................................................................11
How to export a Summary Report ..........................................................................................13
Use Drill Down Reports for an investigation. ............................................................. 14
How to generate a Summary Drill Down Report .................................................................... 14
Summary Drill Down Report navigation ........................................................................... 15
Count columns and links ............................................................................................ 15
Bandwidth and Time columns ....................................................................................16
Column sorting tips ................................................................................................... 17
Record exportation.....................................................................................................17
Navigation tips............................................................................................................ 17
How to generate a Detail Drill Down Report ..........................................................................18
Detail Drill Down Report navigation ................................................................................. 18
Report type columns .................................................................................................. 18
Detail Drill Down Report exercise ....................................................................................19
Step A: Select a specific user by Category ................................................................ 19
Step B: Sort by “Filter Action” column ........................................................................19
Step C: Full URL review.............................................................................................19
Step D: Sort by “Content Type”..................................................................................20
Step E: Sort by “Search String”.................................................................................. 20
Create a custom report for a specific user................................................................. 21
How to use the Report Wizard for a single user report ..........................................................21
Step A: Create either a Summary Report or a Detail Report ........................................... 21
Step B: Specify the Report Type .....................................................................................22
Summary report .........................................................................................................22
Detail report................................................................................................................ 22
CONTENTS
2M86 SECURITY EVALUATION GUIDE
Step C: Specify Filters .....................................................................................................22
Step D: Specify Other Report Components .....................................................................23
Step E: Specify when to Generate the Report .................................................................23
Step F: Save the Report . .................................................................................................24
Export Summary Drill Down Reports. ......................................................................... 27
How to export selected records .............................................................................................. 27
Step A: Select records to be exported ............................................................................. 27
Step B: Specify Data to Export ........................................................................................27
Step C: Export data via Email or PDF Download ............................................................ 27
Email option ............................................................................................................... 27
View and print options................................................................................................28
Sample report file formats ......................................................................................................29
Summary Drill Down Reporting tools. ........................................................................ 30
How to use other Summary Drill Down Report tools ..............................................................30
Limit Detail Result ............................................................................................................30
Report fields ....................................................................................................................30
Type field.................................................................................................................... 30
Date Scope and Date fields .......................................................................................30
# Records fields .........................................................................................................31
Filter and Filter String fields ...................................................................................... 32
Sort By and Limit summary result to fields.................................................................32
Break Type field .........................................................................................................32
Format field ................................................................................................................ 32
For additional-break reports only .............................................................................. 33
For pie and bar charts only ........................................................................................ 33
Hide un-Identified IPs checkbox.................................................................................33
E-Mail / For e-mail output only fields ..........................................................................34
Commonly used reports............................................................................................... 35
How to generate a Sample Report .........................................................................................35
Report format ...................................................................................................................36
Examples of available Sample Reports . .......................................................................... 37
Sample Report 1: “Top 20 Users by Category/User” .................................................37
Sample Report 2: “Top 20 Sites by User/Site” ...........................................................37
Sample Report 3: “By Category/User/Site” ................................................................38
S
ECTION
2: R
EAL
T
IME
R
EPORTS
..................................................................39
Understand the most common and useful features. ................................................. 39
Monitor URL gauges. .................................................................................................... 39
How to drill down into a URL gauge .......................................................................................40
Step A: How to read a URL gauge ..................................................................................40
Gauge Name..............................................................................................................40
Gauge Score .............................................................................................................. 40
Timespan ................................................................................................................... 40
Threat Level .............................................................................................................. 41
Step B: Identify the source of a gauge’s activity ..............................................................41
Step C: View a list of Threats the end user accessed . ....................................................42
Step D: View URLs visited by the end user .....................................................................42
Step E: Further investigate a user’s activity .....................................................................43
How to view URL Trend Reports ............................................................................................ 44
Step A: View overall activity in URL gauges .................................................................... 44
Step B: View a line chart for a single URL gauge ............................................................45
How to view a pie chart for a URL gauge ...............................................................................46
CONTENTS
M86 SECURITY EVALUATION GUIDE 3
Monitor Bandwidth gauges. ......................................................................................... 47
How to view the Bandwidth gauges Dashboard ..................................................................... 47
How to drill down into a Bandwidth gauge .............................................................................48
Step A: View Bandwidth protocol traffic information ........................................................48
Step B: View a user’s protocol usage information ...........................................................48
Step C: View a user’s port usage information .................................................................. 49
How to view Bandwidth Trend Chart activity ..........................................................................50
Step A: View overall activity in Bandwidth gauges .......................................................... 50
Step B: View a line chart for a single Bandwidth gauge . .................................................51
How to view charts for a specific Bandwidth gauge ...............................................................52
Get the complete picture.............................................................................................. 53
How to view Overall Ranking of user activity ......................................................................... 53
How to create a New Gauge ..................................................................................................54
Step A: Select Add/Edit Gauges ...................................................................................... 54
Step B: Add a New Gauge .............................................................................................. 54
Step C: Specify Gauge Information .................................................................................55
Step D: Select users to be monitored by the gauge ........................................................56
Step E: Save gauge settings ........................................................................................... 57
How to create an automated gauge alert ...............................................................................57
Step A: Set up a new alert ...............................................................................................57
Step B: Specify Alert Information ..................................................................................... 59
Step C: Specify criteria in the right side of the panel .......................................................60
Step D: Save the alert .....................................................................................................60
S
ECTION
3: S
ECURITY
R
EPORTS
...................................................................61
Understand the most common and useful features. ................................................. 61
Use security reports for a view of network activity. .................................................. 61
How to modify the current report view .................................................................................... 62
Page navigation tool ........................................................................................................62
Report view icons ............................................................................................................ 62
Create a customized security report........................................................................... 64
How to generate a customized security report ....................................................................... 64
Step A: Choose a Run option ..........................................................................................64
Option 1: Report Settings’ Run feature ......................................................................64
Option 2: Report Wizard’s Run feature ...................................................................... 64
Step B: Populate the Report Details frame ......................................................................65
Step C: Use accordions in the Users frame ..................................................................... 66
Step D: Run the report .....................................................................................................67
Capture the security report in PDF format. ................................................................ 68
How to export current report view data ..................................................................................68
Step A: Specify records to include in the report .............................................................. 68
Step B: Specify Break Type and URL limitation criteria ................................................... 68
Step C: Download or email the report . ............................................................................ 69
Option 1: Download the report ...................................................................................69
Option 2: Email the report .......................................................................................... 69
Security Report format ...........................................................................................................70
Save the security report you generated...................................................................... 72
How to save a security report .................................................................................................72
Step A: Select Report Settings, Save option ...................................................................72
Step B: Specify criteria in the Report Details frame .........................................................73
Step C: Select the users or group in the Users frame .....................................................73
CONTENTS
4M86 SECURITY EVALUATION GUIDE
Step D: Populate the Email Settings frame . ....................................................................74
Step E: Save the report ................................................................................................... 74
Two methods for scheduling security reports. .......................................................... 75
How to use Wizard panels for scheduling reports ..................................................................75
Step A: Choose the method for scheduling the report .....................................................75
Method 1: Use the current report view ....................................................................... 75
Method 2: Create a report using the Wizard .............................................................76
Step B: Fill in the Report Details frame ............................................................................76
Step C: Include the users or group in the Users frame ....................................................77
Step D: Complete information in the Email Settings frame .............................................. 77
Step E: Set the schedule for running the report . ............................................................. 78
Step F: Save the report ................................................................................................... 78
How to access and view the Report Schedule panel .............................................................79
View Details for a Scheduled Report Run Event . ............................................................ 80
SECURITY REPORTER EVALUATION GUIDE PRODUCT OVERVIEW
M86 SECURITY EVALUATION GUIDE 1
SECURITY REPORTER EVALUATION GUIDE
Product Overview
The Security Reporter (SR) from M86 Security consists of the best in breed of M86
Professional Edition reporting software consolidated into one unit, with the capa-
bility to generate productivity reports of end user Internet activity from M86 Web
Filter and/or M86 Secure Web Gateway (SWG) appliance(s), real time reports
from a Web Filter, and security reports from an SWG.
Using a Web Filter, you have the option to use an SR 300, 500, 700 or 730 Equus
model, or an SR 705 or 735 IBM model.
Using an SWG, you have the option to use an SR 705 or 735 IBM model.
Using both a Web Filter and an SWG, you have the option to use either an SR 705
or 735 IBM model.
Logs of end user Internet activity from a Web Filter and/or SWG are fed into SR,
giving you an overall picture of end user productivity in a bar chart dashboard, and
the ability to interrogate massive datasets through flexible drill-down technology,
until the desired view is obtained. This “view” can be memorized and saved to a
user-defined report menu for repetitive, scheduled execution and distribution.
Web Filter logs provide content for dynamic, real time graphical snapshots of
network Internet traffic. Drilling down into the URL categories or bandwidth gauges
dashboard quickly identifies the source of user-generated Web threats. SWG logs
provide content for bar charts detecting security threats on the network so that
prompt action can be taken to terminate them before they become a liability on
your network.
Using the SR, threats to your network are readily targeted, thus arming you with
the capability to take immediate action to halt the source, secure your network, and
protect your organization against lost productivity, network bandwidth issues, and
possible legal problems that can result from the misuse of Internet and intranet
resources.
Note to Evaluators
Thank you for taking the time to review the M86 Security Reporter (SR) appliance.
Your interest in our company and product is greatly appreciated.
This Evaluation Guide Is designed to provide product evaluators an efficient way to
install, configure and exercise the main product reporting features of the Security
Reporter: Productivity Reports, Real Time Reports, and Security Reports.
SECURITY REPORTER EVALUATION GUIDE INSTALL, CONFIGURE, AND TEST THE SECURITY REPORTER
2M86 SECURITY EVALUATION GUIDE
Install, Configure, and Test the Security Reporter
To install the SR appliance, configure the server, and test the unit to ensure that
reporting is operational, please refer to the step-by-step instructions in the M86
Security Reporter Installation Guide provided inside the carton containing the
chassis.
Please note that prior to reviewing the SR, the M86 Web Filter and/or M86 Secure
Web Gateway (SWG) appliance(s) must already be installed. Either of these appli-
ances are required for this software release in order to send logs to the SR.
NOTE: See the M86 Web Filter Installation Guide or M86 WFR Installation Guide for infor-
mation on setting up the Web Filter on your network. See the M86 SWG Setup and
Configuration Guide for information on setting up the Secure Web Gateway on your
network.
About this Evaluation Guide
The M86 Security Reporter Evaluation Guide is divided into three sections to cover
each of the basic reporting types:
• Section 1: Productivity Reports
• Section 2: Real Time Reports
• Section 3: Security Reports
SECTION 1: PRODUCTIVITY REPORTS UNDERSTAND THE MOST COMMON AND USEFUL FEATURES
M86 SECURITY EVALUATION GUIDE 3
SECTION 1: PRODUCTIVITY REPORTS
Understand the most common and useful features
This section of the Evaluation Guide leads the evaluator through the most common
and useful features of the Security Reporter, starting with the elements that should
be configured first, then moving on to the usage of the many different types of
reports available in the SR. You are directed through the normal path of initial
setup, and then led through a standard use case that explains how to investigate a
violation of your Internet Acceptable Use Policy.
After stepping through this section of the Evaluation Guide, you will understand
how to set up powerful reports that can be e-mailed on a regular basis, thus mini-
mizing the effort required for ongoing configuration of the product. In short, by
pursuing these exercises, you will discover that the Security Reporter is both easy
to use while at the same time best in class in the level of detailed reporting it
provides.
TIP: After the SR appliance is installed, allow the Security Reporter to run for several days
prior to evaluating reports in order to optimize the evaluation experience. This will allow
the SR to accumulate multiple days of data and present more meaningful reports. Having
performed these preliminary steps, the SR will function properly on day one of the install
with some reports showing no data (e.g. “canned” Summary Reports).
SECTION 1: PRODUCTIVITY REPORTS USE CUSTOM CATEGORY GROUPS TO NARROW YOUR SEARCH
4M86 SECURITY EVALUATION GUIDE
Use Custom Category Groups to narrow your search
Prior to running any reports, there are a few recommended configuration steps that
create a more customized experience for the evaluator. The first step is to create
Custom Category Groups, which are customized groupings from the M86 Security
library of more than 100 filter categories. For example, most customers prefer to
set up a category group for those categories that are not allowed under their orga-
nization’s Acceptable Use Policy. Creating such a category group reduces the time
it takes to identify violations of this policy.
To create, edit, or delete a Custom Category Group, navigate to Administration >
Custom Category Groups to display the Custom Category Groups panel:
Custom Category Groups panel
The Custom Category Groups panel is comprised of two frames used for setting up
and maintaining category groups: Custom Category Group, and Custom Category
Group Detail.
How to add a Custom Category Group
1. At the bottom of the Custom Category Group frame, click Add.
2. In the Custom Category Group Detail frame, type in the Category Group
Name.
3. Specify the Service Type to use: “URL” or “Bandwidth”.
4. Include the following Member Categories based on the Service Type selec-
tion:
• URL - Select Available Categories from the list and click Add > to move the
selection(s) to the Assigned Categories list box.
SECTION 1: PRODUCTIVITY REPORTS USE CUSTOM USER GROUPS TO NARROW YOUR SEARCH
M86 SECURITY EVALUATION GUIDE 5
• Bandwidth - In the Port Number field, type in a specific value in the pre-popu-
lated field, and/or use the up/down arrow buttons to increment/decrement the
current value by one, and then click Add Port > to move the selection to the
Assigned Ports list box.
NOTE: At least one library category/protocol/port must be selected when creating a
gauge. The maximum number of library categories/ports that can be selected/added is 15.
5. Click Save to save your settings and to include the name of the group you
added in the Custom Category Group list.
Use custom User Groups to narrow your search
The next step is to create User Groups, which are customized groupings of users
that reside on the organization’s network. For example, most enterprise customers
prefer to set up user groups for each department within the company, and educa-
tion customers prefer to set up separate user groups for each classroom or grade
level. Creating these user groups reduces the time it takes to identify the source of
violations of your organization’s Acceptable Use Policy.
How to create User Groups
To create, edit, or delete a user group, navigate to Administration > User Groups
to display the User Groups panel:
User Groups panel
The User Groups panel is comprised of two frames used for setting up and main-
taining user groupings: User Groups, and Group Members.
1. From the User Groups list, select an existing user group to be used as the base
group for creating the new user group.
2. Click New to display the New User Group panel:
SECTION 1: PRODUCTIVITY REPORTS USE CUSTOM USER GROUPS TO NARROW YOUR SEARCH
6M86 SECURITY EVALUATION GUIDE
New User Group panel
3. Enter at least three characters for the Group Name to be used for the new user
group.
4. Click the checkbox(es) at the top of the panel to activate the pertinent corre-
sponding frame(s) below: Patterns, IP Ranges, Single Users/Exclude.
5. After making entries in the pertinent frames—as described in the following sub-
sections—click Save to save your edits.
Patterns frame
The Patterns frame is used for adding one or more patterns in order to narrow the
list of users to be included in the new group. A pattern consists of a wildcard, or a
wildcard plus one or more alphanumeric characters.
1. To add a pattern to the new user group, do one of the following:
• To add a pattern included in the base group, select the pattern from the
Parent Patterns box to display that pattern in the field below.
• To add a new pattern, enter the pattern in the field beneath the Parent
Patterns box. For example: Enter 200.10.100.3% to include all IP addresses
with ”200.10.100.3” as part of the IP address.
2. Click Add Pattern to include the pattern in the Assigned Patterns list box below.
TIP: Follow steps 1 and 2 above to include additional patterns for the new user group.
SECTION 1: PRODUCTIVITY REPORTS USE CUSTOM USER GROUPS TO NARROW YOUR SEARCH
M86 SECURITY EVALUATION GUIDE 7
IP Ranges frame
The IP Ranges frame is used for specifying IP ranges to be used by the new group.
Add user group, IP Ranges frame
1. To add an IP address range, do one of the following:
• To make a selection from Parent Ranges, click the row in the Parent Ranges
box to highlight and select that row, and also to add that Starting IP and
Ending IP range in the Starting IP and Ending IP fields below. If necessary,
edits can be made to these fields.
• To add an IP address range without selecting from the Parent Ranges frame:
a. Enter the Starting IP address.
b. Enter the Ending IP address.
• To calculate an IP address range:
a. Click the Calculate IP Range checkbox to activate the IP Address and
Subnet Mask fields below.
b. Enter the IP Address.
c. Enter the Netmask which activates the Calculate Range button.
d. Click Calculate IP Range to display the Starting IP and Ending IP in the
fields above.
2. Click Add IP Range to include that IP range in the Assigned Ranges list box.
SECTION 1: PRODUCTIVITY REPORTS USE CUSTOM USER GROUPS TO NARROW YOUR SEARCH
8M86 SECURITY EVALUATION GUIDE
Single Users/Exclude frame
The Single Users/Exclude frame is used for adding one or more users to the group.
NOTES: Only users previously selected from the base user group will be included in the
Available Users list. A user name preceded by an asterisk ( * ) indicates an auto-assigned
user that can only be removed by adjusting the pattern or IP range for that user’s group.
Add user group, Single Users frame
To add users to the Assigned Users list, make your selections from the Available
Users list. If the Available Users list is long, you can reduce the number of results
that display in this list by using the Available Users Filter.
To use the Available Users Filter:
1. Enter filter terms to narrow the selection of Available Users. For example: Type
in 150% to only display results matching an IP address that begins with “150”.
2. Click Apply to display filtered results in the Available Users box.
To make selections from the Available Users box:
1. Select one or more IPs from the list to highlight the record(s).
2. Click [+] Add to include the selected user(s) in the Add tab.
How to Rebuild a User Group
A user group should be rebuilt if it is edited.
1. To rebuild a user group, select the user group to be rebuilt.
2. Click Rebuild to initiate the rebuild process for that user group.
3. After a few minutes, click the Refresh button to refresh the display in the panel.
Note that the Last Rebuilt column for user group you rebuilt now displays the
date and time of the rebuild.
SECTION 1: PRODUCTIVITY REPORTS USE SECURITY REPORTER TO CONDUCT AN INVESTIGATION
M86 SECURITY EVALUATION GUIDE 9
Use Security Reporter to conduct an investigation
Once Custom Category Groups and User Groups have been created, administra-
tors can begin running their first reports. In most cases, administrators will employ
the Security Reporter as a forensic tool to determine if anomalous Internet
behavior exists in their organization. In order to facilitate this process, the Security
Reporter menu structure is organized to follow the normal process flow of an inves-
tigation.
1. First, the administrator is greeted by a Dashboard of high-level productivity
report information showing data for Blocked Requests and bar graph charts for
Top Categories by Requests, Top Security Risks by Requests, Top Blocked
Users by Requests, and Top Users by Requests. At a glance, the administrator
can see if there is any anomalous behavior that needs investigation.
Additional productivity report content is available by consulting “Summary
Reports.”
By viewing either of these types of reports, a specific username might be iden-
tified as receiving a large number of blocked requests. Or a high rate of traffic
might be identified in the “PornographyAdult Content” category. If something is
detected that warrants further investigation, one would then proceed to the
“Drill Down Reports” section.
2. The next stage of the investigation, Drill Down Reports, lets the administrator
probe the multi-dimensional database to target the source of any Internet
threat.
For example, if there is unusually high page count in the “Pornography/Adult
Content” category, the administrator can drill down into the Category/User
section to determine who is viewing this material. Once a specific end user is
identified, the administrator can then delve into the detail page view section to
see the exact pages that end user has been visiting.
This detailed information provides a wealth of information on the exact time the
page was visited, the user’s IP address, whether the site was blocked by the
Web Filter or SWG, how it was blocked (e.g. in URL library, blocked keyword,
proxy pattern blocking, etc), and the full-length URL. By viewing this detail, the
administrator can obtain an accurate gauge of the user’s intent—whether the
user repeatedly attempted to go to a forbidden site or whether it was an isolated
incident.
3. The last stage of an investigation is to document the long-term activity of a
policy violator, since most organizations require more than one or two events to
reprimand a user. Once the administrator determines the name of the user and
the Web sites visited in the Drill Down Report, the next step is to run a custom
report. The administrator can run a specific search of the policy violator for a
custom time period by selecting the “Report Wizard” option. When generating
this type of report, a custom time scope, specific category, and name of a
specific end user can be specified.
As an example, the administrator would probably run a custom report for the
policy violator by specifying the category “Pornography/Adult Content” and all
activity within that category within the last month. The administrator can then
save a PDF version of the report for documentation purposes. This custom
SECTION 1: PRODUCTIVITY REPORTS USE SUMMARY REPORTS FOR AHIGH LEVEL OVERVIEW
10 M86 SECURITY EVALUATION GUIDE
report provides the necessary forensic information to support any internal repri-
mand and to protect the organization in the event the incident goes to court.
To summarize, the aforementioned steps were provided to give the user a most-
likely use case for the Security Reporter. The next sub-section provides a more in-
depth view of how to navigate within each of the main producitivity reporting areas
of the Security Reporter: Summary Reports, Drill Down Reports, and Custom
Reports.
Use Summary Reports for a high level overview
As previously mentioned, Summary Reports provide an administrator an at-a-
glance view of any anomalous behavior that warrants an investigation. These
“canned reports” contain pre-generated data for a specified period of time
(Yesterday, Last Week, Last Month, Week to Yesterday, or Month to Yesterday)
for any of the following report topics or entities showing Internet activity:
•Top 20 Users by Blocked Requests - Bar chart report depicting each top end
user’s total Page Count for Blocked and Warn Blocked requests. If using a Web
Filter only, this report is available if the Block Request Count feature is enabled
in the Optional Features screen in the System Configuration administrator
console.
•Top 20 Users by Bandwidth Consumption (for SWG only) - Bar chart
depicting each top end user’s total Mega Bytes for bandwidth requests.
•Top 20 Users by Virus Hit Count (for SWG only) - Bar chart report depicting
each top end user’s total Virus Count detected by the anti-virus engine.
•Top 20 Categories - Bar chart report depicting the total Page Count in the top
requested filtering library categories.
•Top 20 Users - Bar chart report depicting each top end user’s total Page Count.
•Top 20 Viruses Detected by (for SWG only) - Bar chart report depicting the top
viruses and Virus Count detected by the anti-virus engine.
•Top 20 Users by Malware - Bar chart report depicting each top end user’s total
“Blocked” and “Permitted” Hit Count from the following categories in the Secu-
rity, Internet Productivity, and Internet Communication (Instant Messaging)
category groups: BotNet, Malicious Code/Virus, Bad Reputation Domains,
Spyware, Adware, and IRC.
NOTE: For SWG users, results that display in the Top 20 Users by Malware report reflect
library contents mapped to the M86 Supplied Categories.
•Top 20 Sites - Bar chart report depicting the total Page Count for the most
popular sites accessed by end users.
•Top 20 User Groups - Bar chart report depicting the total Page Count for the
top scoring user groups.
•Top 20 Blocked Searched Keywords - Bar chart report depicting the total
blocked keyword requests Page Count. For Web Filter users, this report is only
available if the Block Searched Keywords Report feature is enabled in the
Optional Features screen in the System Configuration administrator console.
SECTION 1: PRODUCTIVITY REPORTS USE SUMMARY REPORTS FOR AHIGH LEVEL OVERVIEW
M86 SECURITY EVALUATION GUIDE 11
•Total Permitted vs. Blocked Requests - Pie chart report depicting the total
Page Count for all filtering categories Permitted to pass and all filtering catego-
ries set up to be Blocked.
•Category Group Comparison - Pie chart report depicting the total Page Count
in each top scoring filtering category group.
•Category Comparison - Pie chart report depicting the total Page Count in each
top scoring filtering category.
•User Group Comparison - Pie chart report depicting the total Page Count in
each top scoring user group.
Once you have obtained an overview of Internet activity using Summary Reports,
you can drill down to access more detailed information about specified end user
activity.
How to generate a Summary Report
1. To generate a Summary Report, go to the navigation panel and click Reports >
Summary Reports to display yesterday’s report view showing the Top 20
Users by Blocked Request:
Yesterday’s Top 20 Users by Blocked Requests Report
NOTES: On a newly installed SR unit, the panel will not show any thumbnail images or bar
chart report. If there was no activity for a given report type, the message “No Data to
display.” displays in the panel.
TIPS: Click the left arrows or right arrows at the edges of the dashboard to display thumb-
nail images that are currently hidden. Mouse over each bar in the bar graph to view the
name of graph entry and number of requests for that entry.
2. Click a Date Scope tab corresponding to the time period to be included in the
report: “Yesterday”, “Last Week”, “Last Month”, “Week to Yesterday”, or “Month
to Yesterday”.
SECTION 1: PRODUCTIVITY REPORTS USE SUMMARY REPORTS FOR AHIGH LEVEL OVERVIEW
12 M86 SECURITY EVALUATION GUIDE
3. Click one of the report type thumbnails beneath the Date Scope to display that
report view.
4. To see details for the generated Summary Report view, at the bottom of the
report view, click a Download Report option for PDF, CSV, or PNG to generate
a report in the specified file format (.pdf, .csv, or .png):
Sample Bar Chart Summary Report in the PDF format
Sample Pie Chart Summary Report in the PDF format
The header of the generated report includes the date range, Report Type, and
criteria Details.
SECTION 1: PRODUCTIVITY REPORTS USE SUMMARY REPORTS FOR AHIGH LEVEL OVERVIEW
M86 SECURITY EVALUATION GUIDE 13
The footer of the report includes the date and time the report was generated (M/D/
YY, HH:MM AM/PM), administrator login ID (Generated by), and Page number and
page range.
The body of the first page of the report includes the following information:
• Bar chart - Name of category, username, username path, URL or site IP
address, user group name, or blocked user request, and corresponding bar
graph. Beneath the bar graph are count indicators and a label describing the
type of Count used in the report.
• Pie chart - Color-coded pie graph showing a maximum of 15 categories or user
groups. Any categories or user groups with page counts totalling less than one
percent are grouped together under the “Others Combined” label.
The body of the pages following the first page of the bar or pie chart report includes
the following information:
• Top 20 Users by Blocked Request report - User NAME and corresponding
BLOCKED REQUEST COUNT—which includes Blocked and Warn Blocked
requests. Total Records and Total Number of Blocked Requests for this Date
Scope display at the end of the report.
• Top 20 Blocked Searched Keywords report - Blocked Keywords and corre-
sponding Blocked Count. A Grand Total of Blocked Count displays at the end of
the report.
• All other reports - Count columns and corresponding totals for all reports. Grand
Total and Count display at the end of the report.
How to export a Summary Report
From the open PDF file, the Summary Report can be exported in some of the
following ways:
• Print the report - Click the print icon to open the Print dialog box, and proceed
with standard print procedures.
• Save the report - Navigate to File > Save a Copy to open the Save a Copy
dialog box, and proceed with standard save procedures.
SECTION 1: PRODUCTIVITY REPORTS USE DRILL DOWN REPORTS FOR AN INVESTIGATION
14 M86 SECURITY EVALUATION GUIDE
Use Drill Down Reports for an investigation
In the event that Summary Reports in the Security Reporter dashboard reveal
abnormal activity, the next step in the investigation would be to drill down into the
particular category or user information.
This section provides information about “drill down” reports that let you query the
database to access more detailed information about end user Internet activity. The
following types of reports can be generated:
•Categories - Includes data in each filter category that was set up for monitoring
user activity.
•IPs - Includes Internet activity by user IP address.
•Users - Includes Internet activity by username.
•Sites - Includes activity on Web sites users accessed.
•Category Groups - Includes activity by Category Groups.
•User Groups - Includes activity by User Groups.
Once you have generated a drill down report view, you can customize your view,
save the view, export the view, and/or schedule the report to run at a designated
time.
How to generate a Summary Drill Down Report
1. To generate a summary Drill Down Report, go to the navigation panel and click
Reports > Drill Down Reports, and choose the report type to be generated.
The first menu selection is “Categories”; making this selection displays today’s
Categories report view by Page Count:
Sample Drill Down Categories Report (summary report)
The report view is horizontally organized into three sections:
This manual suits for next models
5
Table of contents
Other M86 Security Security System manuals
