Help Menu

PA File Sight - Custom Data Set Report

The Custom Data Set Report is a very flexible report which offers the most filtering options to see exactly what you are searching for.

This monitor has the standard report tabs: Report Display Type, Source Data, and Report Group tabs as the rest of the monitors, and as usual, the most important settings are on the Filters and Parameters tab.

The fields that can be set include:

Starting date:
Ending date:
Hours/days filter
See the standard report tabs for information
File Name
This field will be used to match against the full path of files and directories in the database. It accepts the * wild-card. You do not have to specify the full path for matching files - if the text you enter is found anywhere in the path, that is a match.

You can use a comma to separate multiple file names. You can put an exclamation mark (!) in front of a file to indicate NOT that file.

Some examples:

.mp3 - return any file that contains .mp3 anywhere in the full path of the file

*.mp3 - the same as above

.docx, .xlsx, .pdf - return any files that contain .docx, .xlsx or .pdf anywhere in the full path

\DOCS\ - return any files that contain \docs\ anywhere in the filepath (checks are not case sensitive)

!authorized - return any files that do NOT contain 'authorized' in the full path

.docx,!authorized - return all .docx files unless 'authorized' is in the full path

File or Directory
Indicate whether the search should work on just files, just directories, or both.

Type of Change
Filter the files by the operation that was performed on them. The change can be one or more of:
    Audit Changed (file security setting)
    Copy (detected by the PA File Sight Endpoint)
    Created
    Deleted
    Failed to Change Audit
    Failed to Change Group
    Failed to Change Owner
    Failed to Change Permission
    Failed to Create
    Failed to Delete
    Failed to Move
    Failed to Read
    Failed to Rename
    Failed to Write
    Group Changed (file security setting)
    Moved
    Owner Changed
    Permission Changed
    Read
    Renamed
    Wrote
Server
Select the server from which file activity is being reported on
User
Select a specific user for which file activity is being reported. A list of users seen will be loaded from the database.
User Address
Select a specific user IP address for which file activity is being reported. A list of user IP addresses that have been seen will be loaded from the database.
User Computer
Select a specific user's computer name for which file activity is being reported. A list of user computer names that have been seen will be loaded from the database.
Server Process
A list of all server processes will be loaded and shown from the database. Specify those that you want to report on. The special System or Network entry is used when the server operating system was the source of a file operation, OR when the operation came from a remote computer (a request from the network).
Output Fields
Control the size of the report by only showing the columns you are interested in
Hide Empty Columns
Depending on the report settings and the information available, some fields might be empty. This setting can automatically hide columns where all values within the column are empty.

PA File Sight

Help Map