8e6 Technologies TAR HL/SL/MSA manual How to Read a Gauge, Drill Down Into a URL Gauge

Page 8

CHAPTER 2: DRILL DOWN INTO A URL GAUGE STEP 1: HOW TO READ A GAUGE

CHAPTER 2: DRILL DOWN INTO A URL GAUGE

This section will step you through the manual monitoring of users in real-time via the URL gauge dashboard. Note that this is simply one of many ways to use TAR to monitor insider threats. There is also a robust automated alert component that does not require the system administrator to be monitoring gauges in order to be notified of a violation in process.

Step 1: How to Read a Gauge

The graphic below describes how to read gauges on the URL dashboard:

Anatomy of a gauge diagram

Gauge Name

The gauge name is the customized name of the gauge created by the adminis- trator. TAR has five default sample gauges that correspond with five of 8e6’s super-categories: Adult Content, Security, Shopping, Bandwidth and Illegal. Administrators can create their own gauges as well as delete the default gauges.

Score

The score is the large number in the center of the gauge that is based upon the number of URL page hits (see NOTE below) that occur in this specific category in a given period of time.

NOTES: In addition to page hits, TAR also counts “blocked object” hits. For reference, “pages hits” are files that typically end in .html and represent a main page view. “Object hits” are files that typically end in .gif or .jpg and represent image files.

To streamline your task, TAR does not track a score for “non-blocked objects,” since these gauges are designed to provide a clear picture of how many times a user has requested a page, and objects are images hosted within a page. TAR includes blocked object data to cover instances in which harmful images are hosted on a non-harmful site.

4

8E6 TECHNOLOGIES, THREAT ANALYSIS REPORTER EVALUATION GUIDE

Page 7 Page 9
Image 8
Page 7 Page 9
Contents Guide Threat Analysis Reporter Evaluation Guide Contents Hapter 5 V IEW a URL T Rend R Eport Threat Analysis Reporter Evaluation Guide Install, Configure, and Test TAROverview Access the TAR WEB Client Login windowLaunch IE Type in the URLURL dashboard with URL gauges Drill Down Into a URL Gauge How to Read a GaugeAnatomy of a gauge diagram View Child Gauges Select the Security parent gaugeOpen the child gauges window View a List of Users Affecting a Child GaugeView an Individual User’s Gauge Activity Take Action on an Individual’s Activity View Category DetailsView a summary of an end user’s activity View a list of sub-categoriesView the Actual Web Page Visited by the User View URL DetailsSelect the Gauges Menu Item Add a Gauge GroupCreate a NEW URL Gauge Select Gauges from left panelDefine the Gauge Define components for the gaugeAdvanced Settings Specify thresholds and the gauge methodSelect Alerts Add a New AlertCreate AN Automated Alert Select Alerts from left panelSpecify Alert Components Specify alert criteriaAccess Trend Charts Select Trend Chart from left panelView URL Trend Charts Change the Time SpanSelect Bandwidth and Outbound Select the FTP Protocol GaugeMonitor Bandwidth Gauges Select Bandwith and OutboundSelect Port 21 Child Gauge View the User SummaryFTP Port 21 gauge View User SummaryView Port Traffic View bandwidth used by end userSelect Bandwidth and Trend Chart View Bandwidth Trend Chart DataBandwidth and Trend Chart selection View Bandwidth Trend chart
Top Page Image Contents