The Device Details page (Inventory> Removable Storage > User Investigation > click a Device-Friendly Name) displays device details for the device you select. The page shows all the details from the device's perspective. The Device Details page is divided into the following tabs:

• 1. Device Details

  This section displays the vendor ID, product ID, and serial number of the connected device.

  Close
• 2. Actions

  You can create a new removable storage device rule based on the parameters of the device you selected.

  1. Click Actions > Create a Device Rule.

     The Add Removable Storage Device Rule page appears.

  2. In the Add Removable Storage Device Rule page, modify the settings as required.

     See Image.

     

     Close

  3. Click Save and activate the change.

  Close
• 3. Overall Total

  This section consists of the following widgets:

  • Activities: The total number of activities performed by the user over the last month.
  • Incidents: The total number of incidents over the last one month.
  • Users: The total number of users accessing the storage device over the last month.
  • Endpoints: The total number of endpoints accessed over the last one month.

  

  Close
• 4. Overview

  The Overview tab displays the Users Using the Device table with the following information:

  • User: The email address of the user.
  • Department: The name of the department that the user belongs to.
  • Endpoint Name: The name of the endpoints connected to the user's device.
  • Action: The action taken when the policy rule is triggered.
  • Date: The date the device was plugged in.

  

  Close
• 5. Activities & Incidents

  Activities & Incidents tab shows activities and incidents associated with the selected device from the following perspectives:

  1. Filter the data shown in this tab by its Type (Activity or Incident), Actions, Severity, DLP Engines, AI & ML Categories, and User.
  2. Analytics: You can view the following information:
     • Activities and Incidents by Severity over the Last Month: The graph shows the number of activities and incidents trend by their severity for the last 30 days. Hover over a date in the graph to view the number of activities, incidents, and split by severity (Info, Low, Medium, or High) for that day.
     • Top DLP Engines: The DLP engines that the file triggered.
     • Top AI & ML Categories: The AI & ML categories under which the file is classified.
     • Top Destinations: This section shows the top destinations for the activities and incidents performed by the user along with the total count (Removable Storage, My Printer, etc.).
  3. Timeline: Shows the following information for each activity or incident:
     • Rule Name: Name of the rule that got triggered.
     • Action: The action taken when the policy rule got triggered.
     • Destination: The destination of the file involved in the activity or incident
  4. Event Details: Click on a particular time on the timeline to view the following details:
     • Severity: Displays the severity of the violation.
     • Transaction ID: Allows you to copy the transaction ID for further analysis.
     • Time/Date: The date and local time at the endpoint location when the activity or incident was performed.
     • Who: Displays the user name and device name that triggered the rule.
     • Why: Displays the triggered rule (the other rules that matched) and DLP engine name.
     • What: Displays details of file name, source path, true file type, file extension, and SHA-256 details.
     • How: Displays the destination, destination path, vendor ID, and product ID.

  

  Close