User dossiers is a powerful and easy-to-use solution that enables authorized persons to keep track of computer user activity by using a convenient graphical representation of user action statistics.

The statistical overview of online user activity presented in User Dossiers is based upon various indicators that are enriched with LDAP-compatible directory data (including Active Directory Domain Services). User Dossiers show the frequency of attempts to perform unauthorized actions, transfer large amounts of data, reveal changes in the network user activity, and so forth. The statistical data provided by User Dossiers assists Administrators in analyzing the history of user activity and helps identify typical violations of security policies. Graphical visualization of statistics gives a convenient way to reveal most active users.

User dossiers provide statistical indicators to monitor and assess various aspects of users’ behavior, such as frequency of attempts to perform unauthorized actions or transfer large volumes of data, changes in user online activity, etc. With these indicators, user dossiers make user activity more transparent, and improve the monitoring of users’ actions from an information security standpoint.

User dossiers constitute a single directory that covers all statistics of user activity registered by the DeviceLock Service. The statistical data accumulates in the database of the DeviceLock Enterprise Server, and is retrieved when needed to represent in user dossiers. Statistics are replenished as new data appears in DeviceLock logs on the server. Statistics in user dossiers updates automatically during low server load, as well as on a schedule.

To display additional information about users, a connection to Active Directory Domain Services or another LDAP-compatible directory service can be configured. The DeviceLock Enterprise Server gets user account information from the directory service, and adds it to user dossiers. Removing users from the directory service does not delete their dossiers.

User dossiers are based on audit and shadow logs stored on the DeviceLock Enterprise Server. However, deleting log records does not cause the loss of data already registered in the user dossier. Having been registered in the dossier, the statistical data on user activity no longer depends on the logs from which it was derived as user dossiers are stored separately from the logs.

User dossier data is built upon the records in the shadow log and audit log. Primarily, shadow log records are used, and then they are supplemented with the data from the audit log. To provide meaningful user dossier data, shadow copying must be configured.