Endpoint Diary

The Endpoint Diary provides information about all activities that occurred on ObserveIT monitored endpoints.

The Endpoint Diary is used to see all of the activity on a particular endpoint so anytime a user logs into a monitored endpoint, all actions performed on the endpoint are collected.

In the Endpoint Diary, you can:

  • View endpoints by name or IP address.

  • Locate recorded sessions by date range, endpoint name, and/or specific login or secondary user name.

  • View endpoint statistics such as, login IDs and user activity charts.

  • Display session time by the endpoint or server location.

  • Search for sessions per specified data type, endpoint name, endpoint IP address, and date range, and showing the context in which a user action was performed.

  • Search for sessions per specified data type, endpoint name, endpoint IP address, and date range, and showing the context in which a user action was performed.

  • Watch video replays of sessions.

  • Identify sessions that have alerts.

  • View session details i.e., date, duration, login or secondary user, endpoint, client, number of slides (or commands in the case of Unix sessions).

  • Expand sessions to view more details such as, configured messages, user replies/acknowledgements, ticketing messages, user comments or feedback.

  • View summary information about file activity during a session.

  • View applications or websites that the user accessed during a session according to the titles of the windows opened.

  • Add comments to sessions.

  • Print metadata and export it to Excel.

  • View applications accessed on endpoints.

If configured as the default user page, the Endpoint Diary will open by default when the user logs on to the Web Console. See Creating and Managing Local Console Users.

You can also view sessions which include user actions to copy files, insert USB external storage devices, or print sensitive data, with intent to exfiltrate data. For details, see Detecting Data Loss in ObserveIT and Detecting the Printing of Files.

The Endpoint Diary includes the following views:

  • Endpoint Activity View: display and configure "who did what" on selected endpoints within specified date and time ranges.

  • Endpoint Applications View: display and configure resources, such as applications, files, and directories that were accessed on an endpoint.

  • Messages View: display and configure messages that appear to users upon login to an endpoint.

The following two views are available only if configured in the System Settings page (see Configuring System Settings).

  • Inventory View: displays a list of the resources (hardware and software) on a specific endpoint.

  • Software View: displays a list of the software currently installed on a specific endpoint.