This knowledge article outlines the Resource Activity reports available with One Identity Manager Data Governance Edition (DGE) and the useful features utilized to track employee resource access.
What platforms are supported for Resource Activity tracking?
- Local Windows computers, fully supported, agent deployed locally, no problems with resource activity.
- Remote Windows, not fully supported however you will receive real time security updates monitoring security changes on Windows.
- NetApp Cluster Mode CIFS/ NFS/ 7 Mode, fully supported, both NetApp modes, we do collect activity through F-Policy.
- EMC CIFS/ NFS, fully supported, for EMC Isilon devices running on CIFS or NFS DGE can support all activity collection.
- SharePoint 2010, 2013, fully supported as long as you have this activity enabled on SharePoint, DGE will be able to read from the SharePoint database and report back activity.
- Distributed File System, supported, however you can collect and report activity from DFS dependent upon agent deployment configurations.
- Generic SMB, not supported, we are unable to collect any type of activity, there is no way for DGE to collect any type of activity.
Activity Scanner Configuration
By default, when an agent is deployed, the agent behaviour is set to not collect any activity. This can be enabled by selecting the host where the agent is located and selecting "Edit Host Settings" followed by selecting the "Resource Activity" tab:
Although the out-of-the-box behaviour disables ‘read’ events, it can be enabled by simply selecting the option, providing you 4 options for data collection periods:
- 5 minutes
- 1 hour
- 8 hours
- 1 day
These aggregation levels are based on how often a read, write, create, occur in the environment in which an agent is monitoring. This will enable an administrator to review how frequently a user engages in one of these behaviours given the specified time period.
Resource Activity Exclusions
This option gives you the ability to add accounts and or file extensions to be excluded from resource activity tracking.
Data Governance Agent Log
When wanting to examine the activities being monitored by the DGE Agent, simply open the DGE agent log:
This log will show all the actions the agent has been doing from startups, to activity being sent up to the DGE server.
Activity Database Data flow
After activities are collected by the agent and sent to the DGE server, the DGE server has a connection to its activity database:
This database records activity sent from the DGE agent, to the DGE server then from the DGE server to the DGE activity Database. It is important to note data within the DGE Activity Database should never be modified.