Data Explorer

Data Explorer provides a log of every action by every user. Useful for investigations, it presents all data types and multiple ways to filter data. Drill down to event record detail, viewing related Screenshots, and tracking the comments of other Managers or Investigators.

Figure: Data Explorer - Logon Events

What you can do

  • Explore activities by data type.
  • See at a glance the count of events by date, event type, application, flag, or other Group by option.
  • Use the "Group by" charts to filter and arrange the grid data for optimal display and create a PDF or CSV report.
  • View event details (double-click a row).
  • Flag an event as Needs Review, In Review, or Reviewed.
  • View all Android events under Mobile
  • Export event data to PDF or CSV file format.

Data Explorer filteringData Explorer filtering

By default, Data Explorer shows Logon Event data (the first tab) for all users for the last 7 days. Data Explorer offers levels of filtering with multiple options. The above Data Explorer view has been filtered to show ONLY Remote Login Events for 06/09/2022.

  • Date - Click the calendar to select which days of recording data to show:

Today - Show data starting (midnight) this morning until now. Data may not be available if based on productivity calculations.

Yesterday - Data from the previous day.

Last 7 Days - (Default setting) Show the last 6 days + today. 

Last 30 Days - Show the last 29 days + today.

This Month - All the dates from the first of this month + today.

Last Month - All dates in the previous month.

Custom Range - Click two dates on the calendar from any month. You cannot select future or past dates outside your account's data retention period.

Note: Date/times are shown by default "as recorded," that is, the exact date and time in the time zone of the endpoint device. They can be set to show in the context of "Your Timezone," as set up your account. For example, someone 3 time zones away would appear to stop working at 2 PM when it is 5 PM your time. Use the setting to change the date/time view. 

  • Group - By default "All Groups" are included. Open the menu and begin typing to find an select a group.  
  • User - By default, "All Users" (or all users within the selected Group) are included. Start typing to find and select user name or logon account.
  • Device - By default, "All Devices" (or all devices within the selected Group) are included. Start typing to find and select a device name.
  • Tabs - Event types are divided in to tabs. Select a tab to view all events of that activity type (within the top filter settings).

Logon Events - Logon, logoff, remote login, lock, and unlock events.

Email Events* - Email sent and received, all content and addresses.

Chat/IM Events* - Messages exchanged in Skype, Teams, etc.

Applications - Applications used, active time in them, highlighting Unproductive and Productive events.

Websites - Websites visited, active time in time, highlighting Unproductive and Productive events.

File Tracking* - Includes multiple file-related event types.

Keystrokes* -  Keystrokes typed, the application, and the window caption.  

Mobile - Includes Android events of all types - only visible under this tab.

  • Group by - A powerful feature unique to Data Explorer, "Group by" allows you to display and choose additional filters, change the filter order and shift your perspective of the data. Each tab presents different "Group by" options.

 

Group by chartsGroup by charts

Choose an activity and select Group by filters for endless possibilities for data export. Both PDF and Excel charts are available for whatever view you create. The data types have the following groups.

NOTE: When a “Group by” filter is applied, the Show “All” page option is disabled. When the filter is cleared, the option is enabled.

  • Select multiple Group by options from the drop-down as you wish. (You can select an option only once.) Because activities collect different data records, nearly every activity tab has a different set of "groups." Roll over a bar to read the full label and count.

Each event type presents different "Group by" options

  • Select a bar to filter the grid. A filter tag appears below the activity tabs.  For example, if you are in Email and select the Sent or Received chart, click on the Sent bar to show ONLY Sent email in the grid.
  • Remove a chart filter. Click the x on the filter tag.
  • Remove a Group by chart.  Click the x on the top right of the chart. This also removes any filters selected from it. 
  • Show a table. Click the Chart dropdown and select Table.

Email "Group by" charts

Data eventData event records 

At any time before or after filtering a events,  double-click an event row to display its details. Each event record provides: 

  • Event Details - Device, Event Type, Platform, and other relevant fields.
  • Context - Screenshots with additional information, if available, during the event time.
  • Comments - The ability to set a Review Flag and make a comment on a record. Comments and flag changes are visible to all Interguard logins.

Data FieldsData Fields

 All events return:

  • Flag - The Review status of the event: Red, Yellow, Green or none (Black).
  • Date / Start Time - Date and time of the event or when the event started.
  • Device - Name of the device the agent is reporting from.
  • User - Name of the logged in user.

Logon Events 

Actions returned for these events are:

  • Login - The user logged in.
  • Logout - The user logged out.
  • Remote Login - The user logged in remotely to another machine.
  • Remote Disconnect - The remote connection was disconnected.
  • Lock Screen - Inactivity locked the device screen.
  • Unlock Screen - The user unlocked the device to continue activity.

Email Events

Sent and received email events return the following fields:

  • Group - Group the user is assigned to.
  • From - Address the email was sent from.
  • To - Address the email was sent to.
  • Subject - The email subject. If detected, Alert words are highlighted.
  • Email Body - In the event details, the entire text contents of the email appears. If detected, Alert words are highlighted.
  • Email Type - Yahoo, Gmail, Outlook

Chat/IM Events

Chat conversations return the following fields:

  • Group - Group the user is assigned to.
  • From - Address the email was sent from.
  • To - Address the email was sent to.
  • Subject - The email subject. If detected, Alert words are highlighted.
  • Email Body - The entire text contents of the email. If detected, Alert words are highlighted.

Application Events

Activity in applications returns the following fields:

  • Application - Application executable name; for example, "notepad.exe."
  • Window Title - The caption on top window bar. For example, "Untitled - Notepad."

Website and Search Events

Each website visited and each web search returns the following:

  • Website - Domain name of the website. For example, "healthline.com."
  • Window Title - The title displayed on the browser tab. For example, "12 of the Healthiest Foods."
  • URL - The full address of the web page viewed.  
  • Website Category - The site is recognized as belonging to one of the pre-defined categories in Productivity Settings, or the site is "Not Categorized."
  • Search - A search the user entered to a page of results. For example, "what to eat for breakfast."

File Tracking  

The File Tracking tabs filter activities to: File Activity, Downloads, Uploads, Dropbox, Printed Files, and USB.
Action Type:

  • Action Type:
    Added - A new file was created or copied to a new location.
    Modified - A file was edited.
    Renamed - A file was renamed or copied.
    Deleted - A file was deleted.
    Downloaded - A file was transfered from elsewhere to the user's device.
    Uploaded - A file was transferred from the user's device to elsewhere.
  • Original Filename - Path and filename (or IP address) of the document before changes, upload, or download.
  • New Filename/Webmail client - Path and filename (or IP address) of the document after being added, renamed, or downloaded.
  • Alert Words - Alert words, if any, detected in the file name or path.

Keystrokes

  • Application - Name of the app the keystrokes occurred in.
  • Window Title - The caption on the app's top bar or website tab where keystrokes occurred.
  • Alert Words - Alerts words, if any, detected in the keystroke contents.

Mobile Events

These events are from Android mobile devices only. See Mobile Events.

  • Mobile Applications 
  • Mobile - Calls
  • Mobile -Text Messages
  • Mobile - Text Messages Conversations
  • Mobile - Photos
  • Mobile - Geolocate
  • Mobile - Screenshots
  • Mobile - File Tracking

Screenshots Screenshots  

Go to Data Explorer | Screenshots to view screenshots from Windows, Mac, and Chromebook devices. The grid lists all Continuous Screenshots, Alert Words Screenshots, adn Smart Screenshots. Double-click a row to open the Screenshot Viewer and playback the screenshots. 

NOTE: Look for mobile screenshots under the Data Explorer Mobile tab.

The Screenshot Viewer allows you to:

  • Play or pause the video and return to the beginning or jump to the end.
  • Expand to a full-screen view   
  • Download an .avi file  download
  • Set the speed of the playback (in seconds per screen). 

NOTE: Continuous screenshots are taken even without user activity, as long as the computer is not "Locked."  This is why you see blank (black) screenshots in the Screenshot Viewer or in Event Details. 

Drill into Screenshots from the Data Explorer "Screenshot" tab

Drill into Website Events (or Others) to See Screenshots as Context

 

 

Updated: 06/13/2023