Report Option

Select Report to create a report of the displayed URL/browser information. The report is generated and you are asked for an output option (see Section 6.6.2, Report Output Options).

The following is an example of the URL Accesses Report:

21-Feb-1997 INTOUCH INSA - Network Security Agent Page 1 URL Accesses Accessed since: 21-Feb-1997 URL : http://JR.TTINET.COM/tti/nsa_www.html Browser's IP Count Last Access ---------------------------------------------- ---------- -------------------- 198.177.224.25 1 21-Feb-1997 09:19:38 SLINKS.EDS.COM 2 21-Feb-1997 18:31:16 202.181.183.4 1 21-Feb-1997 20:24:42 203.212.151.210 2 21-Feb-1997 15:43:26 204.95.118.172 3 21-Feb-1997 00:33:37 204.162.79.15 1 21-Feb-1997 14:51:49 206.18.219.23 1 21-Feb-1997 22:57:12 207.35.211.131 1 21-Feb-1997 21:17:31

After the report is created, the list of browsers is again displayed.

Browsers and Other URLs

When the list of browsers is displayed, you can select a browser and find out what other URLs the browser has accessed since the access date. For example, if the browser IP address "204.95.118.172" is selected as shown below:

INTOUCH INSA URL Accesses 21-Feb-1997 +---------------- URL: http://JR.TTINET.COM/tti/nsa_www.html ----------------+ | Report | | | | Browser's Domain/IP Count Last Access | | 198.177.224.25 1 21-Feb-1997 09:19:38 | | SLINKS.EDS.COM 2 21-Feb-1997 18:31:16 | | 202.181.183.4 1 21-Feb-1997 20:24:42 | | 203.212.151.210 2 21-Feb-1997 15:43:26 | | 204.95.118.172 3 21-Feb-1997 00:33:37 | | 204.162.79.15 1 21-Feb-1997 14:51:49 | | 206.18.219.23 1 21-Feb-1997 22:57:12 | | 207.35.211.131 1 21-Feb-1997 21:17:31 | +----------------------------------------------------------------------------+ EXIT = Exit INTOUCH INSA \ = Back HELP = Help

a report is generated which shows the browser's activity. The following is an example of the report.

21-Feb-1997 INTOUCH INSA - Network Security Agent Page 1 Browser Accesses Accessed since: 21-Feb-1997 Browser's IP : 204.95.118.172 Destination URL Count Last Access ---------------------------------------------- ---------- -------------------- http://JR.TTINET.COM/tti_local.html 2 21-Feb-1997 14:51:49 http://JR.TTINET.COM/doc/ 2 21-Feb-1997 00:35:44 http://JR.TTINET.COM/tti/nsa_www.html 3 21-Feb-1997 00:33:37 http://JR.TTINET.COM/tti.html 2 21-Feb-1997 00:26:09

After the report is created, the list of browsers is again displayed.

You can create reports of other browsers' activities or back up to the URL menu and select other URLs to report on.

To exit this report procedure, back up to the URL prompt and enter "EXIT". You will be returned to the Reports menu.

10.6 Active Browsers Report

+-------Reports-------+ | Incident | | Alert | | Recordings | | Browser Accesses | | URL Accesses | | Active Browsers | | Audit | | Page | | Top [>| | Archive [>| +---------------------+

The Active Browsers Report shows the browsers that have been active within the last thirty (30) minutes (approximately). The information includes:

	URL Accessed	last item that was accessed
	Browser IP Address	browser's IP address
	Last Access	time of the last access

Report Creation

When you select the Active Browsers report menu option, the report is generated and you are asked for an output option (see Section 6.6.2, Report Output Options).

The following is an example of the Active Browsers Report:

17-Feb-1997 INTOUCH INSA - Network Security Agent Page 1 Active Browsers Report Last URL Accessed Browser IP Address Access ----------------------------------------- --------------------------- -------- http://TR.TTINET.COM/doc/app_guide.html 214.237.104.51 11:32:25 http://TR.TTINET.COM/microed/ 206.217.168.219 11:08:11 http://TR.TTINET.COM/sst/ WELCH.ABC.COM 11:19:08 http://TR.TTINET.COM/sst/blades.html 224.187.59.87 11:21:20 http://TR.TTINET.COM/sst/humor.html 219.128.135.45 11:16:55 http://TR.TTINET.COM/sst/pong/ SIGGATE.SEO.COM 11:08:11 http://TR.TTINET.COM/sst/practical.html 164.91.21.143 11:32:25 http://TR.TTINET.COM/sst/practical.html ATO2-933.TAMUK.EDU 11:10:22 http://TR.TTINET.COM/sst/practical.html 31OC2040.UISI.EDU 11:08:11 http://TR.TTINET.COM/sst/simpsons.html 138.92.52.48 11:30:12 http://TR.TTINET.COM/sst/tasteless.html 228.196.16.245 11:10:22 http://TR.TTINET.COM/sst/wbnews.html VAORLON.CS.WASHIN.EDU 11:08:11 http://TR.TTINET.COM/sst/ww2.html 148.159.250.64 11:28:01 http://TR.TTINET.COM/tti_local.html TWELLS.CTS.COM 11:30:12

10.7 Audit Reports

The audit reports are created from data in the current audit data file. You can refer to Section 10.20, Archive Audit Reports, for information on creating reports from archived audit data files).

+-------Reports-------+ | Incident | | Alert | | Recordings | | Browser Accesses | | URL Accesses | | Active Browsers | | Audit | | Page | | Top [>| | Archive [>| +---------------------+

INTOUCH INSA Audit Report 13-Jan-1997 +------------- Sort Order -------------++------------ Report Type -------------+ |1) || | |2) || File: current | |3) || Type: | |4) || | +--------------------------------------++--------------------------------------+ +--------- Selection Criteria -------------------------------------------------+ |Begin date : | |End date : | |Source names: | |Item names : | +------------------------------------------------------------------------------+ +----Sort Order----+ | default order | |------------------| | Date | | Time | | Source | | Item | |------------------| | Exit | +------------------+ EXIT = Exit INTOUCH INSA \ = Back HELP = Help

Before a report is created, you are asked some questions about the type of report to create, what to include on the report, time period to report on, etc.

When the Audit option is selected, the Audit Report screen is displayed and you are asked for a sort order.

Sort Order

You choose how to sort the report data.

The default sort order is by date and time. If you wish to accept the default sort order, select default order. If the default order is selected, the primary sort field "Date" is displayed in the "Sort Order" box:

+------------- Sort Order -------------+ |1) Date | |2) | |3) | |4) | +--------------------------------------+

and you proceed to the next report criteria prompt.

If you wish to specify a different sort order, use the mouse to select sort field items from the menu. For example, you could select "Source" as the primary sort field, select "Item" as the second sort field, etc. Select accept current default when you are done selecting sort fields.

+--------Sort Order---------+ | accept current default | | reset | |---------------------------| | Date | | Time | |---------------------------| | Exit | +---------------------------+

The fields you select are displayed in the "Sort Order" box.

+------------- Sort Order -------------+ |1) Source | |2) Item | |3) | |4) | +--------------------------------------+

To change the sort order, select the reset menu item which appears on the menu after you have made your first selection. reset clears the sort order box and you can start over with your sort order selections or take the default.

Dates and Times

You choose a time period to include on the Audit report. For example, you might want to include the period of January 1, starting at 5:01pm, through January 3, ending 8:30am. To specify a particular time period, you provide a begin date and time and an end date and time.

To include all dates and times on the report, select "Earliest" as the begin date and "Latest" as the end date.

Select a Begin Date Option

Select a beginning date option from the menu.

+--Begin Date---+ | Earliest | | Enter Date | |---------------| | Exit | +---------------+

	Select Earliest to start with the oldest date and time
	Select Enter Date if you want to enter a begin date.
	Select Exit if you want to abandon this report creation procedure and return to the Reports menu.

If you select Enter Date, you are asked for a begin date.

Begin date (MMDDYYYY)? Earliest___

To specify a begin date, enter the date in MMDDYYYY format.

Enter Earliest to start with the oldest date.

Press [Return] to accept the default.

Begin date (MMDDYYYY)? 01081997___

Select a Begin Time Option

If a begin date is provided, you can enter a begin time.

+--Begin Time---+ | Earliest | | Enter Time | |---------------| | Exit | +---------------+

	Select Earliest to start with the earliest time on the entered date.
	Select Enter Time if you want to enter a begin time.
	Select Exit if you want to abandon this report creation procedure and return to the Reports menu.

If you select Enter Time, you are asked for a begin time.

Begin time (HH:MM)? Earliest

To specify a begin time, enter a time in HH:MM format (24-hour format). For example, enter 03:15 for 3:15 AM or enter 15:15 for 3:15 PM. The following example shows how to enter the time for 1:01 AM:

Enter Earliest to start with the earliest time.

Press [Return] to accept the default.

Begin time (HH:MM)? 01:01___

Select an End Date Option

+---End Date----+ | Latest | | Enter Date | |---------------| | Exit | +---------------+

	Select Latest to include the most current date and time.
	Select Enter Date if you want to enter an end date.
	Select Exit if you want to abandon this report creation procedure and return to the Reports menu.

If you select Enter Date, you are asked for an end date.

If you want to specify an end date, enter the date in MMDDYYYY format.

Enter Latest to include the most current date and time.

Press [Return] to accept the default.

End date (MMDDYYYY)? 01091997___

Select an End Time Option

If an end date is provided, you can enter an end time.

+---End Time----+ | Latest | | Enter Time | |---------------| | Exit | +---------------+

	Select Latest to include the latest time on the entered date.
	Select Enter Time if you want to enter an end time.
	Select Exit if you want to abandon this report creation procedure and return to the Reports menu.

If you select Enter Time, you are asked for an end time.

To specify an end time, enter a time in HH:MM format (24-hour format).

Enter Latest to include the latest time on the entered date.

Press [Return] to accept the default.

End time (HH:MM)? 01:02_

The date and time information is displayed in the report "Selection Criteria" box.

+--------- Selection Criteria -------------------------------------------------+ |Begin date : 08-Jan-1997 at 01:01 | |End date : 09-Jan-1997 at 01:02 | |Source names: | |Item names : | +------------------------------------------------------------------------------+

Source Names

A menu list of the source names is displayed. You can include all the source names on the Audit Report or select specific source names.

+Select Source Names+ | all | |-------------------| | Manager | | Scanner | | System | |-------------------| | Exit | +-------------------+

To include ALL source names, select all. "ALL" is displayed in the "Selection Criteria" box, and you proceed to the next report criteria prompt.

To select a source name, use the mouse to select the name you want from the menu of source names. The name is displayed in the "Selection Criteria" box. Select as many names as you wish.

+--------- Selection Criteria -------------------------------------------------+ |Begin date : 08-Jan-1997 at 01:01 | |End date : 09-Jan-1997 at 01:02 | |Source names: Manager,Scanner | |Item names : | +------------------------------------------------------------------------------+

To remove one of the selected names, select the Remove Source Name option at the bottom of the menu. A menu list of the selected source names is displayed.

+----Select Source Names----+ | accept current default | | all | | reset | |---------------------------| | System | |-------------------------+Remove Source Name+ | Remove Source Name | Manager | |-------------------------| Scanner | | Exit +------------------+ +---------------------------+

Use the mouse to select the name you want to remove. The name is removed from the list shown in the "Selection Criteria" box. Remove as many names as you wish.

Select accept current default when you are done selecting source names.

Use the reset menu option to erase the current selections and start over.

Your final selections are displayed in the "Selection Criteria" box.