User Guide
After successfully installing the server-side components of ObserveIT, and at least one Agent, you can begin using ObserveIT to record and replay user sessions on monitored endpoints.
This guide covers the basic usage guidelines of the ITM On-Prem Web Console and is intended for ObserveIT Administrators and Security Auditors.
ObserveIT Administrators can use the ITM On-Prem Web Console to:
-
View recorded sessions of all activities on the monitored endpoints. See Viewing Recorded User Sessions.
-
Monitor file activities in order to identify and alert on instances of data exfiltration. See Monitoring File Activity to Identify and Prevent Data Exfiltration.
-
Replay user sessions. See Replaying User Sessions.
-
Monitor SQL queries against the ITM On-Prem (ObserveIT) Databases. See Auditing DBA Activity.
-
View and manage alerts for suspicious user activities. See Monitoring Alerts.
-
Detect potential data leaks when copying files or connecting USB devices. See Detecting Data Loss in ObserveIT.
-
Detect user attempts to exfiltrate data by printing sensitive or confidential data. See Detecting the Printing of Files.
-
Search for sessions and user activities inside the database. See Searching for Sessions and User Activity Data.
-
Generate reports on sessions and user activities. See ObserveIT Reporting.
-
Perform configuration tasks required by business design criteria and operational needs (with relevant permissions as defined by their Admin role).
For details about the tasks related to configuration and customizations, refer to the Configuration Guide.