Comodo Secure Box

• Introduction To Comodo SecureBox
  • Initial Setup
  • Quick Start
  • Login To The Management Console
• The Central Management Console
• The Home Screen
• Manage Organizations
  • Add A New Organization
  • Edit And Deactivate An Organization
• Users And User Groups
  • Manage Users
  • Manage User Groups
• Endpoints And Endpoint Groups
  • Manage Endpoints
    • Enroll Endpoints For Management
    • Assign Endpoints To Groups
    • Quarantine Endpoints
    • Delete Endpoints
  • Manage Endpoint Groups
    • Create A New Endpoint Group
    • Edit Endpoint Groups
• Policies
  • Manage Policies
    • Create A New Policy
    • Edit A Policy
• Configure The Management Console
• Reports
  • Threats Report
  • Activity Report
• License Information
• Management Console Details And Support
• About Comodo Security Solutions

Activity Report

 

The report for the activities generated here for the computer groups depends on the settings configured in the log filter section of the computer group properties dialog. The available activities are:

• App Start – Indicates a secure application is started

• Exit Application – Indicates a secure application is closed

• Network Changed – Indicates the endpoint IP address changed to another subnet.

• Switch In – Indicates the switching in from Windows desktop to the CSB environment

• Switch Out – Indicates the switching out from CSB environment to Windows desktop

• Install – The CSB was installed

• Uninstall – The CSB was uninstalled

• Upgrade – The CSB is updated to the latest version

• Integrity Check Failed – Indicates the failure of integrity check when a secure app was launched. When a secure app is started, CSB will check the secure environment and will produce a log if the check fails.

The logs for the selected activities will be received by the management console and saved into database. Reports can be generated for different time periods and the data will be fetched from the database. Report data will be empty if an activity log was disabled in log filter for the selected report generation period. For example, if you had disabled 'Network Changed' last week, no data for this activity will be available in the generated report for the period last week. However, data will available in the generated reports for other time periods when the activity log was in enabled status.

To view the activity report, click 'Reports' on the left and then 'Activity Report' below it:

Activity Report – Table of Column Description
Column	Description
Date	The date and time of activity on the endpoint
Group	The computer group to which the endpoint belongs. Refer to the section 'Managing Endpoint Groups' for more details.
Computer	The name of the endpoint that was detected by CSB on enrollment. Refer to the section 'Enrolling Endpoints for Management' for more details.
Endpoint	The ID for the endpoint assigned by CSB on enrollment.
Secure App	The name of the secure application for which the activity is recorded.
SecureBox Version	The details of the CSB version that is installed on the endpoints.
OS Version	The details of the endpoint's operating system
Installation Date	The date and time when the CSB was installed on the endpoints
Action	The name of the activity that was recorded on the enrolled endpoints: AppStart – Indicates a secure application is started ExitApplication – Indicates a secure application is closed   Network Changed – Indicates the endpoint IP address changed to another subnet. SwitchIn – Indicates the switching in from Windows desktop to the CSB environment SwitchOut – Indicates the switching out from CSB environment to Windows desktop Install – The CSB was installed Uninstall – The CSB was uninstalled Upgrade – The CSB is updated to the latest version Integrity Check Failed – Indicates the failure of integrity check when a secure app was launched. When a secure app is started, CSB will check the secure environment and will produce a log if the check fails. For configuring the activity email notifications, the name of the activity should be provided in the 'Action' column in the 'Preferences' interface > 'Activity Notifications' > 'Add New' button. Refer to the section 'Configuring the Management Console' for more details.
SHA 1	The SHA1 value of the secure application.

Sorting, filtering and searching options

Sorting the entries

Clicking any column heading sorts the entries based on the ascending/descending order of the entries as per the information displayed in the respective column.

Using the filter option

The activity report can be filtered using the date range and can be further filtered by providing the 'From' and 'To' dates.  Please note the availability of past reports (up to one year) depends on the settings configured in 'Report Settings' from the 'Preferences' screen.

• Click the 'Date Range' drop-down box.

By default, 'Week' will be selected for the date range and the dates in the 'From' and 'To' will be for the last 7 days and the results displayed.

• To refine the search further, provide the 'From' and 'To' dates by clicking on the combo boxes and selecting the dates from the calendar.

The results will be displayed per the dates and the date range selected. For example, if the selected date range is 'Week', the results will be displayed for 7 days or less according to the dates selected.

To export the report

CMC allows administrators to save the generated threat report to your system.

• Click the 'Export' button (currently only .xls format is supported)

You can choose to save the file or open with any spreadsheet application.

• Click 'OK'

The file will be saved in your default download location.

Using the search option

• Enter the search details of items under any of the columns in the box fully or partially.

The search will begin automatically and results displayed.