® Enterprise Reporter
EVALUATION
GUIDE
Models: ER HL/SL
Software Version: 5.0.00
Document Version: 01.07.09
ENTERPRISE REPORTER EVALUATION GUIDE
© 2009 8e6 Technologies
All rights reserved. Printed in the United States of America
Local: 714.282.6111 • Domestic U.S.: 1.888.786.7999 • International: +1.714.282.6111
This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine readable form without prior written consent from 8e6 Technologies.
Every effort has been made to ensure the accuracy of this document. However, 8e6
Technologies makes no warranties with respect to this documentation and disclaims
any implied warranties of merchantability and fitness for a particular purpose. 8e6
Technologies shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the
examples herein. Due to future enhancements and modifications of this product, the
information described in this documentation is subject to change without notice.
Trademarks
Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are the sole property of their respective manufacturers.
ii 8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVA LUATION GUIDE
CONTENTS
8E6 E
NTERPRISE REPORTER EVALUATION GUIDE
............................................1
Overview. ......................................................................................................................... 1
Note to Evaluators. ......................................................................................................... 1
I
NSTALL THE ENTERPRISE REPORTER
ONFIGURE
C
, T
EST THE ENTERPRISE REPORTER
..............................................................2
..............................................3
Understand the most common and useful features. ................................................... 3
Use custom Category Groups to narrow your search................................................. 4
How to create custom Category Groups ..................................................................................4
Group Information frame ................................................................................................... 4
How to add a Category Group ..................................................................................... 4
Group Definitions frame ..................................................................................................... 5
How to add Categories to a Category Group ............................................................... 5
Use custom User Groups to narrow your search. ....................................................... 6
How to create User Groups ......................................................................................................6
Group Information frame ................................................................................................... 6
Add a User Group ........................................................................................................ 6
Group Definitions frame ..................................................................................................... 7
Define a User Group .................................................................................................... 7
Rebuild Groups .................................................................................................................. 8
Use Enterprise Reporter to conduct an investigation................................................. 9
Use Enterprise Reporter Canned Reports.................................................................. 10
How to generate a Canned Report ........................................................................................ 11
How to export a Canned Report ............................................................................................. 13
Use Enterprise Reporter Drill Down Reports. ............................................................ 13
How to generate a Summary Drill Down Report .................................................................... 14
Summary Drill Down Report navigation .................................................................................15
Report columns ...............................................................................................................15
Filter columns and buttons ......................................................................................... 15
Count columns .......................................................................................................... 16
Sort records by another column ................................................................................. 17
Navigation tips ................................................................................................................. 17
Back button ................................................................................................................ 17
Record navigation field...............................................................................................17
Detail Drill Down Report navigation ....................................................................................... 18
Report type columns ........................................................................................................ 18
Page links ........................................................................................................................ 19
Evaluation steps ..................................................................................................................... 20
Step 1: Select a specific user by Category ...................................................................... 20
Step 2: Sort by “Filter Action” column .............................................................................. 20
Step 3: Full URL review ................................................................................................... 20
Step 4: Sort by “Content Type” ........................................................................................ 21
Step 5: Sort by “Search String” ........................................................................................ 21
8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVALUATION GUIDE iii
CONTENTS
Create a Custom Report for a specific user. .............................................................. 22
How to use the Custom Report Wizard .................................................................................. 22
Generate a new Custom Report ...................................................................................... 22
Next steps for documenting, monitoring specific user activity .........................................24
Export a Custom Report............................................................................................. 24
Save a Detail Custom Report .................................................................................... 25
Schedule a report to run ............................................................................................ 27
Appendix A: Samples of Commonly Used Reports................................................... 29
How to generate a Sample Custom Report ........................................................................... 29
Report format ................................................................................................................... 30
Examples of available Sample Custom Reports ....................................................................30
Sample Report 1: “Top 20 Users by Category/User” ....................................................... 30
Sample Report 2: “Top 20 Sites by User/Site” .................................................................31
Sample Report 3: “By Category/User/Site” ......................................................................32
Appendix B: Export and Save Summary Reports...................................................... 33
Record exportation tip ............................................................................................................ 33
Step 1: Select records to be exported ............................................................................. 33
Step 2: Use header buttons for report customization ...................................................... 33
Step 3: Export a Summary Drill Down Report ................................................................. 34
How to save a Summary Drill Down Report ...........................................................................35
Other Summary Report tools .................................................................................................37
Set Result Limit ...............................................................................................................37
Report fields .................................................................................................................... 37
Type field.................................................................................................................... 37
Date Scope and Date fields ....................................................................................... 37
Display and # Records fields...................................................................................... 38
Search and Filter String fields .................................................................................... 39
Sort by and Order fields ............................................................................................. 39
Break type field .......................................................................................................... 39
Format field ................................................................................................................ 39
For double-break reports only .................................................................................... 40
Amount shown field ............................................................................................. 40
# Records field..................................................................................................... 40
For pie and bar charts only ........................................................................................ 40
Generate using field............................................................................................. 40
Methods for exporting a Drill Down Report ............................................................................41
Email option .....................................................................................................................41
View and print options ..................................................................................................... 42
View and print tools ................................................................................................... 43
Sample report file formats ............................................................................................... 43
PDF ...........................................................................................................................44
iv 8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVALUATION GUIDE
8E6 ENTERPRISE REPORTER EVALUATION GUIDE OVERVIEW
8E6 ENTERPRISE REPORTER EVALUATION GUIDE
Overview
Thank you for choosing to review 8e6 Technologies’ Enterprise Reporter. The
Enterprise Reporter helps administrators manage internal Web-based threats by
documenting historical Internet usage information by user.
The Enterprise Reporter is unique in that it is the only dedicated appliance that
processes and displays Internet filtering logs without compromising filtering perfor-
mance or impacting network functions. Built on a dedicated MySQL server data-
base that works in conjunction with 8e6’s R3000 Internet filtering appliance, the
Enterprise Reporter handles substantial amounts of Internet traffic because of its
unique processing approach, which pre-processes and indexes data in a format
conducive to high-speed retrieval.
Note to Evaluators
Thank you for taking the time to review 8e6’s Enterprise Reporter Appliance. Your
interest in our company and product is greatly appreciated.
This Evaluation Guide Is designed to provide product evaluators an efficient way to
install, configure and exercise the main product features of the Enterprise
Reporter.
8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVALUATION GUIDE 1
INSTALL THE ENTERPRISE REPORTER NOTE TO EVALUATORS
INSTALL THE ENTERPRISE REPORTER
To install the appliance, configure the box and to test reporting is operational
please refer to the step-by-step instructions found in the Enterprise Reporter
Quick Start Guide provided in the box.
Please note that prior to reviewing the Enterprise Reporter you should install the
R3000 Internet Filter, which is required for sending logs to the Reporter. See the
R3000 Internet Filter Evaluation Guide for instructions on how to setup the filter.
Disable Pop-up Blocking Software: Please note that a user with pop-up blocking soft-
ware installed on his/her workstation will need to disable pop-up blocking in order to use
the Client.
Evaluation Best Practice: Once the appliance is installed, allow the Enterprise Reporter
to run for several days prior to evaluating reports in order to optimize the evaluation expe-
rience. This will allow the Enterprise Reporter to accumulate multiple days of data and
present more meaningful reports. Having performed these preliminary steps, the Reporter
will function properly on day one of the install with some reports showing no data (e.g.
canned reports).
2 8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVA LUATION GUIDE
CONFIGURE, TEST THE ENTERPRISE REPORTER UNDERSTAND THE MOST COMMON AND USEFUL FEATURES
CONFIGURE, TEST THE ENTERPRISE REPORTER
Understand the most common and useful features
One of the advantages of a hardware appliance, in addition to its compatibility and
extremely low profile on the network, is its ease of use. Configuration of the Enter-
prise Reporter can seem disarmingly simple at times, but when the hardware and
software are designed to work together, the levels of complication decrease and
robust power and efficiency significantly increase.
The Enterprise Reporter version 5.0 series has an enhanced Web-based user
interface that is designed to be very intuitive, utilizing an easy-to-navigate menu
tree that is organized to follow the natural flow of an investigation of anomalous
Internet activity.
This section of the evaluation guide leads the evaluator, in a linear fashion, through
the most common and useful features of the Enterprise Reporter, starting with the
elements that should be configured first, then moving on to the usage of the many
different types of reports available in the Reporter. You are directed through the
normal path of initial setup, and then led through a standard use case that explains
how to investigate a violation of your Internet Acceptable Use Policy.
After stepping through this evaluation guide, you will understand how to set up
powerful reports that can be e-mailed on a regular basis, thus minimizing the effort
required for ongoing configuration of the product. In short, this evaluation guide
demonstrates that the Enterprise Reporter is both easy-to-use while at the same
time best-in-class in the level of detailed reporting it provides.
8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVALUATION GUIDE 3
CONFIGURE, TEST THE ENTERPRISE REPORTER USE CUSTOM CATEGORY GROUPS TO NARROW YOUR SEARCH
Use custom Category Groups to narrow your search
Prior to running any reports, there are a few recommended configuration steps that
create a more customized experience for the evaluator. The first step is to create
category groups, which are customized groupings from the 8e6 library of more
than 99 filter categories. For example, most customers prefer to set up a category
group for those categories that are not allowed under their organization’s Accept-
able Use Policy. Creating such a category group reduces the time it takes to iden-
tify violations of this policy.
How to create custom Category Groups
To create, edit, or delete a category group, click Category Groupings in the
Settings menu to display the Category Groupings window in the right panel:
Category Groupings window
The Category Groupings window is comprised of two frames used for setting up
and maintaining category groupings: Group Information, and Group Definitions.
Group Information frame
The Group Information frame displays to the left in the Category Groupings
window. In this frame you can add, rename, or delete a category group.
Any category groups that were created display in alphanumerical order in the list
box in this frame.
How to add a Category Group
1. In the field to the left of the Add button, type in the name for the category group.
(For this evaluation, name the category group “Unacceptable Sites”.)
2. Click the Add button to add this entry to the list box above.
NOTE: The category group you added also displays in the Group Name pull-down menu
in the Group Definitions frame to the right.
4 8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVA LUATION GUIDE
CONFIGURE, TEST THE ENTERPRISE REPORTER USE CUSTOM CATEGORY GROUPS TO NARROW YOUR SEARCH
Group Definitions frame
The Group Definitions frame displays to the right in the Category Groupings
window. In this frame you define a category group by specifying which categories
will belong to that group.
How to add Categories to a Category Group
1. Select a category group from the Group Name pull-down menu. Any categories
previously entered display in the list box in this frame. (For evaluation purposes
select “Pornography/Adult Content” as the only category in this category
group.)
2. Click the Add To Group button to open the Add To Group pop-up box:
Add To Group
3. Select a category from the pop-up box by clicking on your choice to highlight it.
TIP: To select multiple categories, press the Ctrl key on your keyboard and then click on
categories to highlight them.
4. Click the Add To Group button in the pop-up box to specify the selected cate-
gories to be added to the Group Definitions frame list box.
5. Click the "X" in the upper right corner of the Add To Group pop-up box to close
it, and to add all selected categories to the list box in the Group Definitions
frame.
8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVALUATION GUIDE 5
CONFIGURE, TEST THE ENTERPRISE REPORTER USE CUSTOM USER GROUPS TO NARROW YOUR SEARCH
Use custom User Groups to narrow your search
The next step is to create user groups, which are customized groupings of users
that reside on the organization’s network. For example, most enterprise customers
prefer to set up user groups for each department within the company, and education customers prefer to setup separate user groups for each classroom or grade
level. Creating these user groups reduces the time it takes to identify the source of
violations of your organization’s Acceptable Use Policy.
How to create User Groups
To create, edit, or delete a user group, click User Groupings in the Settings menu
to display the User Groupings window in the right panel:
User Groupings window
The User Groupings window is comprised of two frames used for setting up and
maintaining user groupings: Group Information, and Group Definitions.
Group Information frame
The Group Information frame displays to the left in the User Groupings window. In
this frame you can add, rename, or delete a user group.
Any user groups that were created display in the list box in this frame.
Add a User Group
1. In the field to the left of the Add button, type in the name for the user group.
(Use “Sales” for this evaluation.)
2. Click the Add button to add this entry to the list box above.
NOTE: The user group you added also displays in the Group Name pull-down menu in the
Group Definitions frame to the right.
6 8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVA LUATION GUIDE
CONFIGURE, TEST THE ENTERPRISE REPORTER USE CUSTOM USER GROUPS TO NARROW YOUR SEARCH
Group Definitions frame
The Group Definitions frame displays to the right in the User Groupings window. In
this frame you can view members of a user group, and can define a user group by
specifying which users will belong to that group.
Define a User Group
When defining a user group, you can add and/or exclude users to/from that group.
Modifications to a user group can be made at any time, as necessary.
1. Select a user group from the Group Name pull-down menu. Any users previously entered display in the list box in this frame. (Select “Sales” for this evaluation.)
2. Click the Add To Group button to open the pop-up box where you define users
to be added/excluded to/from the group:
Add Users to group
TIPS: To view a list of all users, go to the Individual Adds/Removes frame and click the
Show All button to display the list of users in the list box. To clear your entries in this popup box without accepting them, do not click any of the buttons in the frames described
below. Instead, click the Close button in the pop-up box, and return to step 1.
3. Make entries in one of the three frames:
• Username Pattern - This frame is used for including users from a specific
group (such as “sales”) on the network. In the Pattern field, enter the appro-
priate characters and wild card “%” to add specified users to the group. For
example, type in sales% to add anyone to the group who has a “sales” desig-
nation on your network. Click the Add Pattern button to add the pattern.
8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVALUATION GUIDE 7
CONFIGURE, TEST THE ENTERPRISE REPORTER USE CUSTOM USER GROUPS TO NARROW YOUR SEARCH
• Please Enter IP Range - This frame is used for including users based on a
range of IP addresses. For example, you might have one range of IP
addresses for sales, and another for admin. Enter the IP address range in the
From and To fields. Click the Add IP Range button to add the IP address
range.
• Individual Adds/Removes - This frame is used for including and/or
excluding specified users. Click the Show All button to display a list of all
users in the list box. To narrow down the list of users, make an entry in the
Please enter a filter field using the “%” wild card, and click the Apply Filter
button to only display the users you specified. To select from users in the list
box, click on the user(s) to highlight your choice(s). After making all choices,
click Add to Individuals to include the selected users to the group, or click
Add to Exceptions to exclude the users from the group.
TIP: In the Individual Adds/Removes frame, if you know which users you would like to add/
exclude to/from the group, you can bypass the step for showing all users and making your
selections. To use this shortcut, enter the criteria in the Please enter a filter field along with
the “%” wild card, and then click the Apply Filter button to display your results in the list
box.
4. After you have made your entries, click Close to close the pop-up box.
The following information displays in the Group Definitions frame list box when
a selection for the group is made from the Group Name pull-down menu:
• If an entry was made in the Username Pattern frame, “PATTERN” and the
character(s) you entered display(s).
• If entries were made in the IP Range frame, “IP RANGE(‘X.X.X.X’ AND
‘X.X.X.X’)” displays, in which ‘X.X.X.X’ represents the IP address that was
entered in the From or To field.
• If entries were made in the Individual Adds/Removes frame, “INDIVIDUAL
(...)” and/or “EXCEPTION (...)” displays, in which ‘(...)’ represents specific
details about the entry.
NOTE: A combination of any of items above may display in the Group Definitions frame
list box, based on entries you made in any of the frames in the pop-up box.
Rebuild Groups
After making all additions, modifications, or deletions in the User Groupings
window, click Rebuild Groups.
8 8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVA LUATION GUIDE
CONFIGURE, TEST THE ENTERPRISE REPORTER USE ENTERPRISE REPORTER TO CONDUCT AN INVESTIGATION
Use Enterprise Reporter to conduct an investigation
Once custom category groups and user groups have been created, administrators
can begin running their first reports. In most cases, administrators will employ the
Enterprise Reporter as a forensic tool to determine if anomalous Internet behavior
exists in their organization. In order to facilitate this process, the Enterprise
Reporter menu structure is organized to follow the normal process flow of an investigation.
1. First, the administrator is greeted with a dashboard of high-level reports called
“Canned Reports.” By viewing these canned reports, an administrator can
quickly determine if there is any anomalous behavior that needs investigation.
For example, a high level of spyware site activity might be found under a
specific username, or a high rate of traffic identified in the “PornographyAdult
Content” category. If something is detected that warrants further investigation,
one would then proceed to the “Drill Down Report” section.
2. The next stage of the investigation is to select the Drill Down Report menu. The
Drill Down Report is a multi-dimensional database that allows the user to drill
down to the source of any Internet threat.
For example, if there is unusually high page count in the “Pornography/Adult
Content” category, the administrator can drill down into the Category/User
section to determine who is viewing this material. Once a specific end user is
identified, the administrator can then delve into the detail page view section to
see the exact pages that end user has been visiting.
This detailed information provides a wealth of information on the exact time the
page was visited, the user’s IP address, whether the site was blocked by the
R3000 filter, how it was blocked (e.g. in URL library, blocked keyword, proxy
pattern blocking, etc), and the full-length URL. By viewing this detail, the administrator can obtain an accurate gauge of the user’s intent—whether the user
repeatedly attempted to go to a forbidden site or whether it was an isolated incident.
3. The last stage of an investigation is to document the long-term activity of a
policy violator, since most organizations require more than one or two events to
reprimand a user. Once the administrator determines the name of the user and
the Web sites visited in the Drill Down Report, the next step is to run a custom
report. The administrator can run a specific search of the policy violator for a
custom time period by selecting the Custom Report Wizard option in the
Custom Reports menu. When generating this report, a custom time scope,
specific category, and name of a specific end user can be specified.
As an example, the administrator would probably run a custom report for the
policy violator by specifying the category “Pornography/Adult Content” and all
activity within that category within the last month. The administrator can then
save a PDF version of the report for documentation purposes. This custom
report provides the necessary forensic information to support any internal reprimand and to protect the organization in the event the incident goes to court.
To summarize, the aforementioned steps were provided to give the user a mostlikely use case for the 8e6 Enterprise Reporter. The next section provides a more
in-depth view of how to navigate within each of the main sections of the Enterprise
Reporter: Canned Reports, Drill Down Reports, and Custom Reports.
8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVALUATION GUIDE 9
CONFIGURE, TEST THE ENTERPRISE REPORTER USE ENTERPRISE REPORTER CANNED REPORTS
Use Enterprise Reporter Canned Reports
As previously stated, the first thing the administrator will see when logging into the
Enterprise Reporter is a dashboard of graphical reports called “Canned Reports”.
By viewing these reports, an administrator has an at-a-glance view of any anomalous behavior that warrants an investigation.
Canned reports contain pre-generated data for a specified period of time
(Yesterday, Last Week, Last Month, Week to Yesterday, or Month to Yesterday) for
any of the following report topics or entities showing Internet activity:
• Top 20 Users by Blocked Request - bar chart report that shows the end users
with the most attempts to view blocked content as determined by the filter
policy.
• Top 20 Categories by Page Count - bar chart report based on the total page
count for each filtering category set up in the Category Description list from the
Settings menu.
• Top 20 Users by Page Count - bar chart report based on each end user’s total
page count.
• Top 20 Users by Malware Hit Count - bar chart report based on each end
user’s total hit count from the following categories in the Security, Internet
Productivity, and Internet Communication (Instant Messaging) category groups:
BotNet, Malicious Code/Virus, Bad Reputation Domains, Spyware, Adware,
and IRC.
• Top 20 Sites by Page Count - bar chart report based on the total page count
for the most popular sites accessed by end users.
• Top 20 User Groups by Page Count - bar chart report based on the total page
count for each user group set up in the User Groupings list from the Settings
menu.
• Category Comparison - pie chart report based on the total page count for each
filtering category set up in the Category Description list from the Settings menu.
• User Group Comparison - pie chart report based on the total page count for
each user group set up in the User Groupings list from the Settings menu.
Once you have obtained an overview of Internet activity using canned reports, you
can drill down to access more detailed information about specified end user
activity.
10 8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVA LUATION GUIDE
CONFIGURE, TEST THE ENTERPRISE REPORTER USE ENTERPRISE REPORTER CANNED REPORTS
How to generate a Canned Report
To generate a canned report:
1. Go to the navigation panel and click Canned Reports to display yesterday’s
Top 20 (Internet Filtering) Categories by Page Count report view in the right
panel:
Yesterday’s Top 20 Categories by Page Count Report
TIP: Click the left arrow or right arrow at the edges of the dashboard to display thumbnail
images that are currently hidden.
NOTE: If the ER Server does not contain any data—as on a newly installed unit—the
default report page will not show any thumbnail images or bar chart report in the right
panel, and the following text displays: “This report cannot be displayed because there is
no data to show for this report.”
2. Click a menu topic in the navigation panel for the time period to be included in
the report: “Yesterday”, “Last Week”, “Last Month”, “Week to Yesterday”, or
“Month to Yesterday”.
3. Click a thumbnail in the dashboard for the selected report option to display as
the report view.
NOTE: If necessary, click another time period or thumbnail to display that specified report
view in the right panel.
4. To see details for the generated canned report view, click the Printable Version
link to the left, just below the dashboard. This action opens a separate browser
window containing the canned report in the PDF format:
8E6 TECHNOLOGIES, ENTERPRISE REPORTER EVALUATION GUIDE 11
Loading...