INTOUCH® INSA
Network Security Agent


Previous Contents Index

Proceed



                                 +-Proceed-+ 
                                 |  Yes    | 
                                 |  No     | 
                                 |---------| 
                                 |  Exit   | 
                                 +---------+ 

You can:
  Select Yes to create the report.
  Select No to go back to the minimum incidents prompt (the previous prompt).
  Select Exit to abandon report creation and return to the Reports menu.

Note

If you wish to go back and change some information, select NO to go back to the previous prompt, or press the \ (backslash) key until you back up to the item you want to change.

Report Creation

If you elect to create the Alert Report, the report is generated and you are asked for an output option (see Section 6.6.2, Report Output Options). After the report has been output, you are returned to the Reports menu.

If no alerts are found for the report criteria, the message:

No alerts recorded for given criteria

is displayed, and you are asked for other alert report criteria.

Report Example

The following is an example of part of an Alert Report:


06-Mar-1997             INTOUCH INSA - Network Security Agent             Page 1 
                                     Alert Report 
 
Alert name                   Alert description 
---------------------------- --------------------------------------------------- 
INVALID_LOGIN                Invalid login attempt 
    Priority : 5      Action       : email 
    Incidents: 223    Last incident: 06-Mar-1997 15:17:33 
 
MGMT                         System management function (authorize, sysgen, ...) 
    Priority : 2      Action       : email 
    Incidents: 742    Last incident: 05-Mar-1997 20:44:22 
 
URGENT                       Urgent action to monitor in realtime 
    Priority : 9      Action       : email 
    Incidents: 116    Last incident: 06-Mar-1997 22:00:44 

The information for each Alert Name on the Alert Report includes:

10.3 Recordings Reports

If you specify "record" as one of the alert actions, INTOUCH INSA records the session from the time an incident was detected until log off. The Recordings menu option creates reports of sessions that have been recorded and are in the current recordings file. (Refer to Section 10.19, Archive Recordings Reports, for information on creating reports from archived recordings files).



                       +-------Reports-------+ 
                       |  Incident           | 
                       |  Alert              | 
                       |  Recordings         | 
                       |  Browser Accesses   | 
                       |  URL Accesses       | 
                       |  Active Browsers    | 
                       |  Audit              | 
                       |  Page               | 
                       |  Top              [>| 
                       |  Archive          [>| 
                       +---------------------+ 

Before a report is created, you are asked some questions about the type of report to create, what to include on the report, time period to report on, etc.

When the Recordings option is selected, the Recordings Report screen is displayed and you are asked for a sort order.



 INTOUCH INSA                  Recordings Report                    27-Jan-1997 
 
+------------- Sort Order -------------++------------ Report Type -------------+ 
|1)                                    ||                                      | 
|2)                                    ||                                      | 
|3)                                    ||File: current                         | 
|4)                                    ||Type:                                 | 
|5)                                    ||                                      | 
+--------------------------------------++--------------------------------------+ 
+--------- Selection Criteria -------------------------------------------------+ 
|Begin date :                                                                  | 
|End date   :                                                                  | 
|User names :                                                                  | 
|Alert names:                                                                  | 
|Locations  :                                                                  | 
+------------------------------------------------------------------------------+ 
                         +-------Sort Order--------+ 
                         |  default order          | 
                         |-------------------------| 
                         |  Recording start date   | 
                         |  Recording start time   | 
                         |  User name              | 
                         |  Alert name             | 
                         |  Location               | 
                         |-------------------------| 
                         |  Exit                   | 
                         +-------------------------+ 
 
EXIT = Exit                       INTOUCH INSA             \ = Back  HELP = Help

Note

Selecting "Exit" from any of the menu prompts or entering "EXIT" at an input prompt stops the recordings report procedure and returns you to the Reports menu.

To back up to previous prompts, use the \ (backslash) key.

Sort Order

You choose how to sort the report data.

The default sort order is by recording start date. If you wish to accept the default sort order, select default order. If the default order is selected, the primary sort field "Recording start date" is displayed in the "Sort Order" box:



        +------------- Sort Order -------------+ 
        |1) Recording start date               | 
        |2)                                    | 
        |3)                                    | 
        |4)                                    | 
        |5)                                    | 
        +--------------------------------------+ 

and you proceed to the next report criteria prompt.

If you wish to specify a different sort order, use the mouse to select sort field items from the menu. For example, you could select "User name" as the primary sort field, select "Alert name" as the second sort field, select "Recording start date" as the third sort field, etc. Select accept current default when you are done selecting sort fields.



                        +--------Sort Order---------+ 
                        |  accept current default   | 
                        |  reset                    | 
                        |---------------------------| 
                        |  Recording start time     | 
                        |  Location                 | 
                        |---------------------------| 
                        |  Exit                     | 
                        +---------------------------+ 

The fields you select are displayed in the "Sort Order" box.



        +------------- Sort Order -------------+ 
        |1) User name                          | 
        |2) Alert name                         | 
        |3) Recording start date               | 
        |4)                                    | 
        |5)                                    | 
        +--------------------------------------+ 

To change the sort order, select the reset menu item which appears on the menu after you have made your first selection. reset clears the sort order box and you can start over with your sort order selections or take the default.

Dates and Times

The "start date" is the date when the recording was started. You choose a "start date" time period to include on the Recordings report. For example, you might want to include "start dates" for the period of January 1, starting at 5:01pm, through January 6, ending 8:30am. To specify a particular time period, you provide a begin date and time and an end date and time.

To include all dates and times on the report, select "Earliest" as the begin date and "Latest" as the end date.

Select a Begin Date Option

Select a beginning date option from the menu.



                              +--Begin Date---+ 
                              |  Earliest     | 
                              |  Enter Date   | 
                              |---------------| 
                              |  Exit         | 
                              +---------------+ 

  Select Earliest to start with the oldest date and time
  Select Enter Date if you want to enter a begin date.
  Select Exit if you want to abandon this report creation procedure and return to the Reports menu.

If you select Enter Date, you are asked for a beginning recording "start date".



Beginning recording start date (MMDDYYYY)? ________ 

To specify a begin date, enter the date in MMDDYYYY format.

Enter Earliest to start with the oldest date.

Press [Return] to accept the default.



Beginning recording start date (MMDDYYYY)? 01011997 

Select a Begin Time Option

If a beginning date is provided, you can enter a beginning time.



                              +--Begin Time---+ 
                              |  Earliest     | 
                              |  Enter Time   | 
                              |---------------| 
                              |  Exit         | 
                              +---------------+ 

  Select Earliest to start with the earliest time on the entered date.
  Select Enter Time if you want to enter a begin time.
  Select Exit if you want to abandon this report creation procedure and return to the Reports menu.

If you select Enter Time, you are asked for a beginning recording start time.



Beginning recording start time (HH:MM)? _____ 

To specify a begin time, enter a time in HH:MM format (24-hour format). For example, enter 03:15 for 3:15 AM or enter 15:15 for 3:15 PM. The following example shows how to enter the time for 1:01 AM:

Enter Earliest to start with the earliest time.

Press [Return] to accept the default.



Beginning recording start time (HH:MM)? 01:01 

Select an End Date Option



                              +---End Date----+ 
                              |  Latest       | 
                              |  Enter Date   | 
                              |---------------| 
                              |  Exit         | 
                              +---------------+ 

  Select Latest to include the most current date and time.
  Select Enter Date if you want to enter an end date.
  Select Exit if you want to abandon this report creation procedure and return to the Reports menu.

If you select Enter Date, you are asked for an ending recording "start date".

If you want to specify an end date, enter the date in MMDDYYYY format.

Enter Latest to include the most current date and time.

Press [Return] to accept the default.



Ending recording start date (MMDDYYYY)? 01271997 

Select an End Time Option

If an end date is provided, you can enter an end time.



                              +---End Time----+ 
                              |  Latest       | 
                              |  Enter Time   | 
                              |---------------| 
                              |  Exit         | 
                              +---------------+ 

  Select Latest to include the latest time on the entered date.
  Select Enter Time if you want to enter an end time.
  Select Exit if you want to abandon this report creation procedure and return to the Reports menu.

If you select Enter Time, you are asked for an end time.

To specify an end time, enter a time in HH:MM format (24-hour format).

Enter Latest to include the latest time on the entered date.

Press [Return] to accept the default.



Ending recording start time (HH:MM)? 23:59 

The date and time information is displayed in the report "Selection Criteria" box.



+--------- Selection Criteria -------------------------------------------------+ 
|Begin date : 01-Jan-1997 at 01:01                                             | 
|End date   : 27-Jan-1997 at 23:59                                             | 
|User names :                                                                  | 
|Alert names:                                                                  | 
|Locations  :                                                                  | 
+------------------------------------------------------------------------------+ 

User Names

You can select specific user names to include on the report or include all the user names.



                             +---User Names---+ 
                             |  ALL           | 
                             |  Enter Names   | 
                             |----------------| 
                             |  Exit          | 
                             +----------------+ 

  Select ALL if you want to include ALL the user names.
  Select Enter Names if you want to specify which user names to include on the report.

If you select Enter Names, you are asked for the user names to include.



User names (AAA,BBB...)? ALL__________________________________________________ 

You can enter a single user name or a comma-separated list of user names. You can also use the asterisk (*) character as a wildcard. Here are some examples:

To select user name ALAN, enter:

To select user names, ALAN, SUE and GEORGE, enter:

To select the user names that:

enter:

Enter ALL to include all user names.

Your selections are displayed in the report "Selection Criteria" box.



+--------- Selection Criteria -------------------------------------------------+ 
|Begin date : 01-Jan-1997 at 01:01                                             | 
|End date   : 27-Jan-1997 at 23:59                                             | 
|User names : ALL                                                              | 
|Alert names:                                                                  | 
|Locations  :                                                                  | 
+------------------------------------------------------------------------------+ 

Alert Names

A menu list of the alert names is displayed. The alert names come from the alert file. You can include all the alert names on the Recordings Report or select specific alert names.



                            +Select Alert Names+ 
                            |  all             | 
                            |------------------| 
                            |  INVALID_LOGIN   | 
                            |  MGMT            | 
                            |  PAYROLL         | 
                            |  PRIV            | 
                            |  URGENT          | 
                            |------------------| 
                            |  Exit            | 
                            +------------------+ 

To include ALL alert names, select all. "ALL" is displayed in the "Selection Criteria" box and you proceed to the next report criteria prompt.

To select an alert name, use the mouse to select the name you want from the menu of alert names. The name is displayed in the "Selection Criteria" box. Select as many names as you wish.



+--------- Selection Criteria -------------------------------------------------+ 
|Begin date : 01-Jan-1997 at 01:01                                             | 
|End date   : 27-Jan-1997 at 23:59                                             | 
|User names : ALL                                                              | 
|Alert names: INVALID_LOGIN,MGMT,PRIV                                          | 
|Locations  :                                                                  | 
+------------------------------------------------------------------------------+ 

To remove one of the selected names, select the Remove Alert Name option at the bottom of the menu. A menu list of the selected alert names is displayed.



                          +--Select Alert Names--+ 
                          |  ...               +Remove Alert Name-+ 
                          |  Remove Alert Name |  INVALID_LOGIN   | 
                          |--------------------|  MGMT            | 
                          |  Exit              |  PRIV            | 
                          +--------------------+------------------+ 

Use the mouse to select the name you want to remove. (In this example, PRIV is removed.) The name is removed from the list shown in the "Selection Criteria" box. Remove as many names as you wish.



+--------- Selection Criteria -------------------------------------------------+ 
|Begin date : 01-Jan-1997 at 01:01                                             | 
|End date   : 27-Jan-1997 at 23:59                                             | 
|User names : ALL                                                              | 
|Alert names: INVALID_LOGIN,MGMT                                               | 
|Locations  :                                                                  | 
+------------------------------------------------------------------------------+ 

Select accept current default when you are done selecting alert names.

Use the reset menu option to erase the current selections and start over.

Locations

You can select specific locations to include on the report or include all locations.



                           +-----Locations------+ 
                           |  ALL               | 
                           |  Enter Locations   | 
                           |--------------------| 
                           |  Exit              | 
                           +--------------------+ 

  Select ALL if you want to include ALL the locations.
  Select Enter Locations if you want to specify which locations to include on the report.

If you select Enter Locations, you are asked for the locations to include.



Locations (AAA,BBB,...)? ALL_________________________________________________ 

You can enter a single location/address, or a list of locations separated by commas. You can use the asterisk (*) character as a wildcard. Here are some examples:

To select LAT addresses that begin with LAT 1, enter:

To select IP domain names that end in .COM and IP addresses that end in .3, enter:

For example, if *.COM is entered,



Locations (AAA,BBB,...)? *.com_______________________________________________ 

all locations ending in ".COM" would be included.

Enter ALL to include all locations. For this example, "ALL" is entered.

The selected locations are displayed in the report "Selection Criteria" box.



+--------- Selection Criteria -------------------------------------------------+ 
|Begin date : 01-Jan-1997 at 01:01                                             | 
|End date   : 27-Jan-1997 at 23:59                                             | 
|User names : ALL                                                              | 
|Alert names: INVALID_LOGIN,MGMT                                               | 
|Locations  : ALL                                                              | 
+------------------------------------------------------------------------------+ 


Previous Next Contents Index