How to Use Indicators in the Reporting System - AnySecura Manual

This guide will help you understand how to use indicators within the AnySecura Reporting System to automatically classify security events by their severity. You'll see how these predefined metrics turn raw log data into clear, actionable alerts.

We'll walk through setting up conditions for different data types, like print or USB copy logs, so you can tailor reports to highlight exactly what matters for your organization's security posture.

Indicators are predefined metrics that define alert levels based on operation limits within a specified time. Indicator levels are classified as Severe, Important, and General.

Example: For print operations:

• Printing more than 100 pages per day → Severe
• Printing more than 50 pages per day → Important
• Printing more than 20 pages per day → General

Indicator conditions include General and Filter settings:

• General: Set time intervals and threshold values for each level.
• Filter: Define relevant filtering criteria.

When creating an Indicator Report or Trend Report, administrators must select the indicator conditions. Data that meets the filter criteria and reaches the threshold within the specified time interval will be included in the statistics.

By clicking Reports → Indicator Condition Management, administrators can predefine indicator conditions for reports. Supported data types for indicators include:

• USB copy logs
• Print operation logs
• Instant messaging logs
• Web browsing logs
• Document operation logs
• Application usage logs
• Email logs
• Sensitive information external transfer logs

By default, indicator conditions are defined for:

• Email logs
• USB copy logs
• Print operation logs
• Document operation logs

System-defined indicator conditions can be modified or deleted.