Skip to main content

User Guide

User Guide Overview

Teramind User Guide contains detailed explanation of Teramind’s user interface. It’s also an excellent reference manual that can help you quickly locate information or show you how to use Teramind on a day to day basis.

You can also download a PDF version of the guide by clicking the button below:

 

Download the User Guide

BI Reports

Introduction to BI Reports

BI (Business Intelligence) Reports are powerful tools that simplify visualization and analysis of complex data. With these reports, managers can get timely and quick access to key information such as app and online activity, task and project engagement, work time analysis, security risks and more.

Teramind comes with several pre-built BI report templates for common KPIs important to any business, such as Applications & Webpages, Productivity, Emails, Behavior Alerts, Login Sessions, File Events etc. You can also ‘clone’ any of these built-in reports and customize them to your needs.

mceclip0.png

You can quickly create your own reports with easy to use widgets in visually engaging formats using bars, charts, heatmaps, and tables.  The reports can be filtered by employees, departments, computers and other data points. Each report screen also has its own settings you can use to finetune what data it displays and how.

Accessing the BI Reports Menus

mceclip1.png

  1. To access a BI Report, hover your mouse over the BI Report menu, then
  2. Select a report from the sub-menu, such as Applications & webpages, Productivity

Report Tabs

Each Pre-Built BI Report comes with one or more tabs. This is to help you organize your information and present different views of your data in a compact fashion. You can also add your own tabs on a Custom BI Report.

mceclip0.png

  1. Click the small + icon on top to add a new tab. After you have added a tab, you can then add widgets to populate it. Check out the BI Widgets section to learn more about widgets.
  2. Click the small Trash Can icon to delete a tab.
  3. Click the small Gear icon to rename the tab.

Pre-Built BI Reports

Teramind comes with several pre-built BI reports. You can use them as-is or configure or use them as templates for creating your own Custom BI Reports.

i
While Teramind allows you to edit the Pre-Built BI Reports, the changes are temporary and only available as long as you are on the report page. If you refresh the page or log out, the changes will be lost. To make the changes permanent, use the Custom BI Reports instead.

Applications & Websites

This report highlights app and web usage statistics for employees and departments. It comes with three tabs: Basic, Aggregated and Categories. The Basic tab and the Aggregated tab both contain the same widgets such as Top Employees, Top Departments, Top App/Domains, Top Categories*, Top Browsers etc. The only difference is the Grid Widget(table) that groups employees by App/Web category. For the Basic tab, the Grid Widget shows all employees by timestamp whereas the Grid Widget on the Aggregated tab groups it by app/website. The third tab, Categories has few more Chart Widgets such as Top Security Categories*, Top Reputations*, Classification Timeline etc. And the Grid Widget on this tab groups employees by web/app Categories.

mceclip0.png

i

*About Security Categories and Reputations Widgets

Teramind uses inCompass® NetSTAR, a comprehensive web categorization and filtering technology to automatically classify websites and their reputations.

Classifying Web Pages & Applications as Productive/Unproductive

Productivity Profiles determine how apps/websites are classified as productive/unproductive. This, in turn, will affect how Productive Time, Unproductive Time etc. are reported. You can also quickly classify an item from the Grid Widget on any of the tabs:

mceclip0.png

  1. Right click on a row on any of the Grid Widgets and select the Classify option from the pop-up menu.

mceclip1.png

  1. Select a productivity PROFILE.
  2. Select any of the PRODUCTIVE, UNPRODUCTIVE or UNCLASSIFIED option.
  3. Click SAVE to save the classification. Note that activities are classified as they are performed. If you want to retroactively apply a productivity profile - reset classifications from Configure -> Productivity Profiles.
i
To learn how to classify a group of activities, configure the productivity profiles or reset them, check out the Productivity Profiles section of the User Guide.

Aggregating Similar Items

Both the Aggregate and Categories tabs shows employee times grouped by app/web and category. You can, of course, create a custom report and add your own widgets on it to show aggregated items.

Showing Idle Time

Both the Aggregate and Categories tabs shows idle time on the Grid Widgets. You can, of course, create a custom report and add your own widgets on it to show idle times and compare it with other data points such as Idle Time vs Active Time.

Productivity

This report highlights productivity and performance KPIs for employees and departments. It comes with three tabs: Basic, Departments and Tasks. The Basic tab shows several Chart Widgets such as, Top Employees by Work Time, Idle Time and Productive Time, Time Worked, Activity % etc. The tab also contains a Grid Widget showing Task, Login Sessions Time, Work Time, Idle Time etc. by employees. The Departments tab shows similar information except the Grid Widget groups the information by department. There are also three widgets (Classification, Activity and Top By Idle Time) that shows information by department. The Tasks tab shows similar information like the Basic and Departments tabs but groups them by tasks.

mceclip2.png

i

For an explanation of the productivity metrics, check out the How is Work Time / Idle Time / Activity Percentage / Productive Time / Unproductive Time / Total Time determined? section on the Knowledge Base to learn more.

i

Productive Time vs. Unproductive Time

Productivity Profiles determine how apps/websites are classified as productive/unproductive. This, in turn, will affect how Productive Time, Unproductive Time etc. are reported.

Behavior Alerts

This report shows all the rule violation incidents (triggered by the regular Rules) and any anomalies (triggered by the Anomaly Rules). This report shows details for all alerts, actions taken by the system and risk information for employees and departments. It comes with two tabs: Basic and Risks. The Basic tab contains several Chart Widgets that shows no. of alerts (count) for the timeline, Hourly and Top Employees. There is also a Grid Widget (table) that show the Timestamp, Employee, Computer, Policy, Rule, Action taken by the system and a Description of the alert.

The Risk tab allows you to conduct organization-wide risk assessment. It contains several Chart Widgets that shows various alert and risk comparisons such as Alerts & Risk by timeline, Risk Heatmap, Top Risky Employees/Departments etc. It also has a Grid Widget that shows information similar to the Grid Widget on the Basic tab but shows risk details grouped by tags.

mceclip3.png

Investigating an Employee

Right-click on a row on the Grid Widget then select the Investigate option. You will be taken to the Employee’s Activity Monitoring Report page where you can view the employee's activity log, session log, time worked report, alerts report etc.

Viewing the Session Record of an Employee

Right-click on a row on the Grid Widget then select the View record option. A Session Player widnow will pop up where you can view the employee's desktop, see all the notifications they received, export the video, etc.

Plotting the Risk Trend

The Alerts & Risk Timeline and the Risk Heatmap shows risk trends. You can also create your own custom report and add any trends you want to plot. For example, Risk Score by Departments, Frequency of Risk Violation by Tags etc.

Identifying High Risk Users, Rules and Objects

The Top Risky Employees, Top Risky Departments, Top Risky Rules etc. shows these. You can also create your own custom report and add any rated items you want. For example, Top Risky Object, Top Risky Object Type etc.

Emails

This report displays all the email activity for employees and departments. It comes with several tabs such as Basic, Attachments, Destinations, Sources etc. Each tab contains various Chart Widgets to give you all the details you might need of the email activities of your employees such as incoming/outgoing emails by Timeline, Top Employees by no. of emails sent/received, Attachment Heatmaps, Top Destination Domains, statistics for email Sources etc. There is also a Grid Widget (table) on each tab that shows all the incoming and outgoing emails with timestamps that can also be grouped  employees by employee, attachment, destination, source etc.

mceclip4.png

Viewing / Saving / Printing Email Contents and Attachments

mceclip5.png

  1. Right click on a row on any of the Grid Widgets and select the View email option from the pop-up menu (you might need to expand a grouped row until you see the Timestamps to be able to see this option). A pop-up window will open:

mceclip6.png

  1. If there are any attachments (and you have enabled attachment captures on the Email Monitoring Settings) then, you can click on the attachment(s) to download them.
  2. You can save a copy of the email by clicking the SAVE AS PDF button or print it with the PRINT EMAIL

Saving Email Attachments

mceclip7.png

  1. Right click on a row on any of the Grid Widgets and select the Download attachment option and the file to download (you might need to expand a grouped row until you see the Timestamps to be able to see this option). Note: you can also save an attachment from the email view window.

Keystrokes

This report shows statistics of all keystrokes entered by the users. In addition to regular characters the report also tracks words and phrases, special commands (i.e. clipboard copy/paste), use of special keys and hidden symbols such as the <Print Screen>, <CapsLock>, <Backspace> etc. The report comes with two tabs: Basic and Categories. The Basic tab comes with several Chart Widgets: Timeline (shows no. of words vs no. of characters/letters typed for the duration), a Heatmap of no. of characters typed and a Top App/Domains where the most keyboard activity occurred. There is also a Grid Widget (table) that shows all keystrokes by Timestamp, Employee, Task and App/Domain etc.

The Categories tab shows similar information but for app/web Categories, Security Categories and Reputation Categories.

mceclip8.png

File Events

This report shows statistics of all file events on the local drives, external drives (such as USB drives), network and even Cloud files. The report comes with only one tab, Basic, that shows several Chart Widgets: Timeline (by the volume of file activities such as Access, Copy, Create, Rename, Upload etc.), Top Employees (who had the most file activities) and Top File Extensions. There is also a Grid Widget (table) that shows all file events by Timestamp, Employee, Process, Description etc.

mceclip9.png

i

Note that Teramind cannot track the copy operation for a file from one network server to the same network server (e.g. source and destination is the same). For example, copying of a file from \\103.247.55.101\source_folder to \\103.247.55.101\destination_folder cannot be tracked. Copy to and from same local drives is detected as usual.

Also copying of an empty file cannot be tracked since it will be impossible for the system to distinguish between the file create and copy operations due to the zero size of the file.

Web File Events

This report shows statistics of all web file events (upload/download, cloud sync etc.). The report comes with two tabs, Basic and Details. The Basic tab shows several Chart Widgets: Timeline (by the volume of web upload and web download), Top Employees (who had the most web file activities) and Top Domains (by uploads/downloads). There is also a Grid Widget (table) that shows all web file events by Timestamp, Employee, Event Type, Domain, Category*, File etc.

The second tab, Details, shows more details related to web file events such as charts for the size of uploads/downloads, volumes of upload/download by hour, top domains by size etc.

mceclip10.png

i

*About Categories

Teramind uses inCompass® NetSTAR, a comprehensive web categorization and filtering technology to automatically classify websites.

Console Commands

This report shows statistics of console/terminal commands executed by a user or an application from the command line. Console Commands can be useful to keep an eye on privileged users (system admins, power users etc.) as these commands are often used to execute system-level applications and scripts. In the wrong hands, such commands can be dangerous and need overseeing.

The report comes with only one tab, Basic, that shows several Chart Widgets for no. of commands for the Timeline, Hourly and Top Commands. There is also a Grid Widget (table) that shows all console commands by Timestamp, Employee, Executable (app), the actual Command etc.

mceclip11.png

Searches

This report shows statistics on user searches on sites like Google, Bing, YouTube etc. The report comes with only one tab, Basic, that shows several Chart Widgets for no. of searches for the Timeline, Top searches by Employees, Sites and Keywords. There is also a Grid Widget (table) that show all searches by Timestamp, Employee, Site, Search Phrase etc.

mceclip12.png

Printing

This report shows statistics on documents sent to the local or network printers. The report comes with only one tab, Basic, that shows several Chart Widgets: Timeline (shows no. of print jobs, pages and copies), Top Employees (by no. of print jobs) and an Hourly heatmap of the print jobs. There is also a Grid Widget (table) that shows all printing activity by Timestamp, Employee, Printer Name, Document Name, Pages, Copies etc.

mceclip13.png

Viewing / Saving Copies of a Printed Document

mceclip14.png

  1. Right click on a row on the Grid Widget and select the View Document option from the pop-up menu. A pop-up window will open that will show the printed document:

mceclip15.png

  1. Click one of the buttons at the bottom to print the document or download it as a PDF.

Social Media

This report shows statistics of employee social media activities for popular platforms such as Facebook, Twitter, LinkedIn etc. The report comes with only one tab, Basic, that shows several Chart Widgets: Timeline (shows no. actions for post, comment, edit post etc.), Top Employees (by no. of social media activities) and Top keywords. There is also a Grid Widget (table) that shows all social media activity by Timestamp, Employee, Computer, Keyword, Platform, the actual Message etc.

mceclip16.png

Login Sessions

This report shows an immutable logs of user sessions. The report comes with only one tab, Basic, that shows several Chart Widgets for session counts by Top Source Computer, Top Source IPs, Top Employees, Session Count by Hour, Session Count by Timeline and Session Time. There is also a Grid Widget (table) that shows all sessions by Timestamp, Employee, Computer, Source IP, Time (total logged in time including any locked sessions) etc.

mceclip17.png

Enabling/Disabling the Report Edit Mode

mceclip18.png

  1. Click the Pencil icon near the top-right corner of a BI report to toggle its edit mode.

When the edit mode is enabled, you will be able to clone the report (see the Custom BI Reports section below), add/remove widgets and tabs, change widget settings and tab settings, etc.

This feature will help you keep your reports, especially the custom reports from changes by accident or by other users who have access to the reports.

Custom BI Reports

In addition to the pre-built BI reports, you can create your own custom BI reports by ‘cloning’ an existing report (a pre-built report or another custom report). You can also share these custom reports with your team.

Creating a Custom BI Report

mceclip19.png

  1. Click the CLONE button near the top-right corner of a report to create a copy/clone of it. You will be automatically switched to the newly created report screen. You can create multiple clones of a report. Each cloned report will have a default name and a number in the bracket, for example: Applications & webpages (1), Emails (2) Once create, you will be able to rename the report later (see the Renaming / Sharing / Deleting a Custom BI Report section below).

Saving / Restoring a Custom BI Report

Any newly created custom report is automatically saved. However, if you change it (e.g. add/change a widget), you can save or restore it:

mceclip20.png

  1. Click the RESTORE button to discard any changes you made to the report. If you made multiple changes, clicking the RESTORE button each time will undo the last change.
  2. Click the SAVE button to save any changes.

Accessing a Saved Custom BI Report

Any custom report you create is automatically saved. You can access them from the BI REPORTS menu:

mceclip21.png

  1. The custom reports will show up under the BI REPORTS menu, below the pre-built reports. Click a report to open it.

Renaming / Sharing / Deleting a Custom BI Report

mceclip22.png

  1. Click the small Gear con near to top-right corner of a custom BI report. An Edit report window will pop up:

mceclip23.png

  1. Enter a new name in the NAME field to rename it.
  2. Select employees from the SHARE VIEW-ONLY drop-down list to share the report in view-only mode.
  3. Select employees from the SHARE VIEW & EDIT drop-down list to share the report in view and edit mode. Selected employees will be able to edit the report.
  4. Click the DELETE button to delete the report.
  5. Click the OK button to save any changes.
  6. Click the CANCEL button to cancel the changes.

Deleting a Custom BI Report from the BI Report Menu

You can delete a custom BI Report from the Edit report panel (see the above section). You can also delete a custom BI Report from the BI REPORTS menu itself:

mceclip24.png

  1. Click the BI REPORTS menu.
  2. On the sub-menu, scroll down until you can see the Saved dashboards Under this section you will see all your custom reports. Click the X button next to a report to delete it.

Setting a Date Range for the BI Reports

mceclip25.png

  1. Each BI Report screen has a dates selector at the top-left corner. Click the Dates Selector.
  2. Select a start date (left) and an end date (right) from the dates-selector window.
  3. Click the APPLY
  4. You can also select one of the pre-defined date sets (i.e. Today, Yesterday, Last 7 Days etc.) from the left of the dates selector window without having to select the start/end dates.
i

The data displayed on the BI widgets is not real-time. It can take up to 4 hours for it to refresh.

Drilling-Down / Filtering a BI Report

Using the Quick Drill-Down Feature

You can quickly drill-down/filter a Bar or Column chart to view the report for the select data point(s):

mceclip26.png

  1. Click on a bar/column on a Bar or Column Chart Widget to drill-down. SHIFT + Click to select/deselect multiple bars or columns. All the other widgets (and the Filter Panel) will update to show data for the selected bar’s/column’s data point.
  2. Click on an empty area inside the chart canvas to deselect and return to the original chart.

Using the Filter Panel

The Filter Panel allows you to configure all filters available for a report. Each BI report has a time-range filter and a set of common filters that let you narrow down the number of items displayed. You can filter by employees, departments, computers, tasks etc. Additionally, each report also has its own content-specific filters. For example, the Emails BI Report has filters for subject, body, mail directions, email clients, attachments etc. To use the Filter Panel:

mceclip27.png

  1. Click the Filter icon near the top-right corner of a report to open/close its filter panel:

mceclip28.png

  1. Use the Time Zone drop-down menu to select a time zone for the report. You can also drag the Timeslot Sliders to set a time range.
  2. Click the Filter buttons (such as Common Filters, Applications & Webpages, Behavior Alerts) to expand/collapse the filter.
i

Common Filters such as EMPLOYEES, DEPARTMENTS etc. are available to all BI Report. Other filters may be available depending on what widgets are displayed on the report. For example, if you use a widget that displays data sources from the emails, then you will see an Emails filter on the list. Check out the BI Widgets section below to learn more about widgets.

  1. When you expand a filter, you will see fields to set the filter’s criteria. For example, you can select specific employee(s) or department(s) under the Common Filters. The clicked element will then highlight, and rest of the chart will become semi-transparent. The Filter panel will automatically update with the selected field.
  2. If you have Active Directory integration setup, you will see an additional filtering option: LDAP Attributes. Click the filter to expand it. You can then select ATTRIBUTE and VALUE pairs to filter the report. You can add as many attributes as you need by clicking the ADD FILTER button.
i

Note that Active Directory attributes are not available as data points and cannot be displayed on the BI reports. However, you can still use them to filter any report.

  1. Click the RESET button on top of the panel to reset any changes you made on the Filter Panel.
  2. Click the SAVE button to save the filter. Note that, this option is available for custom reports only.
  3. Click the RESTORE button to restore the filter to its latest saved version. Note that, this option is available for custom reports only.

Exporting a BI Report

A BI report can be exported as a Zip file or scheduled for auto-delivery to email address(es). The Zip file will contain a PDF for the Charts Widgets and a CSV file for the Grid Widgets. Follow the instructions below to export/schedule a report:

mceclip29.png

  1. Click the green EXPORT button near the top right corner. A pull-down menu will open.
  2. Select the Keep dashboard layout option to export the charts in the original dashboard layout. Select the Full page charts option to export each chart on its own page. Once you click either of these options, you will see a message that the report is queued for export. Once the report is ready you will see a download message like below. Click it to download the report:

mceclip30.png

  1. Select the Schedule export option to schedule automated delivery of the report over emails. When you click this option a pop-up window will open where you can configure the export options:

mceclip31.png

i

You can schedule only Custom BI Reports for auto-delivery. If you try to export a Pre-Built BI Report, you will see an error message, "Please Clone dashboard first to configure scheduled export."

  1. Click the Enable Auto-Export check box to turn auto-export on/off.
  2. Select an EXPORT PERIOD. You can choose from DAY/WEEK/MONTH.
  3. You can specify the EXPORT DAYS (for daily/weekly period) or EXPORT DAY OF MONTH (monthly period). This option essentially lets you define how long exported data will be. Daily reports will be sent every day with single day only. Weekly reports will contain last 7 days and sent on everyday basis too. Note that, for the daily/weekly reports, auto export will happen only on the selected days of the week (Sun-Sat). For the monthly reports, you can specify exact day when auto export should happen. For this type of report, it will contain data from same day (including) in previous month to export day (exclusive).
  4. Enter or select the EXPORT TIME you want to receive the exported report. Note that, the exported data will not contain the selected export day.
  5. If you enable the KEEP DASHBOARD LAYOUT option, the PDF containing the charts will be kept in their original dashboard layout. Otherwise, each chart will be exported in their own page.
  6. You can specify who will receive the reports in the EXPORT TO EMAIL(S) You can specify multiple email recipients.
  7. Click the SAVE button to save and schedule the export or the CANCEL button to discard any changes.
i

You can later view and download the exported reports from the System > Report export menu.

BI Widgets

Widgets are the main components of a BI report. Widgets are dynamic tiles that displays snippets of information on selected data point(s) or KPIs. Teramind has many BI widgets you can place on your BI reports according to your needs.

The widgets are placed on a virtual grid. They can be moved around or resized. When you move or resize a widget, other widgets around it will reposition themselves to make room for it.

i

The data displayed on the BI widgets is not real-time. It can take up to 4 hours for it to refresh.

Managing (Add/Copy/Edit/Remove/Arrange) the BI Widgets

mceclip32.png

  1. To add a new widget: Click the green +WIDGET button. Note that you can only add widgets to a custom report (see the Editing / Configuring a BI Widget section below to learn how to edit a newly created widget).
  2. To copy/clone/duplicate a widget: Click the Copy mceclip33.png icon near the top-right corner of a widget. You can then edit the duplicated widget (see below).
  3. To edit a widget: Click the Gear mceclip34.png icon (see the Editing / Configuring a BI Widget section below to learn how to edit a widget).
  4. To delete/remove a widget: Click the mceclip35.png icon.
  5. To move a widget: Click and drag the widget’s title bar to move it around.
  6. To resize a widget: Click and drag the widget’s bottom-right corner, bottom or left-side.
  7. To navigate/scroll in a widget: If a (large) chart has a minimap, you can drag the small yellow rectangle mceclip36.png to scroll through the chart.
  8. To restore a widget: Click the RESTORE button to discard any changes you made to the report. If you made multiple changes, clicking the RESTORE button each time will undo the last change.

Editing / Configuring a BI Widget

Clicking the green +WIDGET button (new widget) or the Gear/Edit  icon (edit widget) next to a widget,  will launch the Edit widget pop-up window:

mceclip37.png

  1. Enter a NAME for the widget.
  2. Select a widget TYPE such as GRID or CHART.
  3. Select one or more DATA SOURCE for the widget such as, APPLICATIONS & WEBPAGES, INPUT ACTIVITY, WORK TIME etc.

Editing / Configuring a Chart Widget

If you select the CHART as the widget TYPE, the Edit widget window will expand to show more options:

chart_w.png
  1. Enter a NAME for the widget.
  2. Select CHART from the TYPE options.
  3. Select one or more DATA SOURCE for the widget such as,  APPLICATIONS & WEBPAGES, INPUT ACTIVITY, INPUT TIME etc.
  4. Select a CHART TYPE such as BAR, COLUMN, AREA etc. For some chart types, you might see a SHOW MINIMAP option. This is useful for large charts. You can drag the yellow area of the minimap to scroll through the chart.
  5. Select a data point for a chart’s axis from the DIMENSION #1 pull-down menu. Note that, if you have chosen multiple data sources in Step 3, then only dimensions common to all the selected data sources will be shown on this list. You can delete a DIMENSION by clicking the small Trash Can mceclip4__4_.png icon next to it.
  6. You can optionally select a ranking order for the data sources under the RANKING option.
  7. You can optionally enter how many of the data sources are shown at a time on the COUNT field.
  8. If you have chosen a RANKING option, you can select the RANKING BY option and choose a data source.
  9. You can optionally select a second set of data points to be displayed on the chart from the DIMENSION #2 menu. The options are similar to DIMENSION #1 (Step 5).
  10. You can optionally enter what values the chart will display in the MEASURES field.
  11. You can optionally add one or more sorting orders for the data under the SORT option. Chose either ASC-ending or DESC-ending option and then select a data point the sort will apply to. You can click the green ADD SORTING button to add multiple sort orders. You can delete a SORT by clicking the small Trash Can mceclip4__4_.png icon.
  12. You can optionally limit the number of items displayed on the chart by entering it in the LIMIT field.
  13. You will be able to see a preview of the chart near the bottom of the Edit widget window.
  14. Click the OK button to save or the CANCEL button to discard any changes.

 

Editing / Configuring a Grid Widget

The GRID widget does not have any settings other than NAME and DATA SOURCE on the Edit widget window. However, you can change its options from the widget’s panel:

mceclip39.png

  1. Click the Columns tab on the right side of the widget to open/close it.
  2. Click on the small checkbox mceclip38.png in front of a data point to add/remove it as a column on the grid. Use the top checkbox to select/deselect all data points.
  3. You can search for a data point using the Search… field.
  4. You can group multiple rows by dragging one or more data point(s) and dropping them under the Row Groups For example, create group by Employees, Departments etc. You can also create sums for some of the data points by dragging them to the Σ Values section. Use the small grid mceclip39.png icon to drag the data point(s) you need. Note that, you cannot drag and drop certain data points to the Row Groups. For example, Productive/Unproductive time cannot be grouped. Similarly, you cannot drag and drop data points which cannot be summed up. For example, Employee, Date etc. If a data point cannot be dropped to a Row Group/ Σ Values section, you will see a small no mceclip40.png symbol as you drag it.
i

You can also create Row Groups or Σ Values quickly from a column’s menu (see Step 5 below).

  1. If you hover over a column, you will see a small column menu mceclip41.png. Clicking it will display a small pop-up menu. From this menu you can pin columns, auto-size them or reset the changes. You can also create a Row Group or Σ Values for the selected column.
  2. Click a column title to sort it. Click again to change the sort order (between ascending mceclip42.png or descending mceclip43.png ). Note that, you cannot sort a Group column.
  3. You can also click and drag a column name to move it left/right.
  4. You can click a Group row’s right arrow mceclip44.png icon to expand it and the bottom arrow mceclip45.png icon to collapse it.

Using the Grid Widget’s Context Menu

Right clicking on the Grid widget will open its context menu.

Single Select Options:

If you right-click on a single cell, depending on the BI report and the type of information being displayed on the grid, the context menu will show different options:

mceclip46.png

  1. The Investigate option is available if the Group column is expanded to show the Timestamps. Selecting this option will take you to the Employee’s Activity Monitoring Report page.
  2. View record option is available if the Group column is expanded to show the Timestamps. Selecting this option will take you to the Session Player and display the recording at the selected timestamp.
  3. Use the Copy option to copy the selected cell’s data to the clipboard.
  4. Use the CSV Export option to download the entire grid data as a CSV file.

Other Options: You might see other options on the context menu depending on which BI report you are on. For example, there might be a View Document (on the Printing BI report), View Email, Download attachment (on the Emails BI report) option(s).

 

Viewing / Changing Productivity Classifications:

mceclip47.png

  1. On the Grid Widget of the Applications & Websites BI Report, click on the right arrow icon on the first column to expand it until you can see the app/domains (e.g. exe, www.yahoo.com etc.).
  2. Right click on any of the expanded row. You will see a Classify option. Select this option to be able to change/edit the Productivity Profiles for that particular site/app.
i

You can classify any app or website from your custom BI reports too. As long as a Grid Widget has an expanded App/Domain column, you can right-click on it to classify the app/website.

i

To learn more about app/web classifications or to change them in groups, check out the Productivity Profiles section.

 

Multi-Select Options:

If you select multiple rows/columns (SHIFT+Click or Click+Drag) and then right-click on them, you will see a different context menu:

mceclip48.png

  1. The Copy with Headers option will let you copy the selected cells along with the column headers to the clipboard.
  2. The Copy option is similar to the Copy with Headers option but will not copy the column headers.

Dashboards

Introduction to Dashboards

The dashboard is the place where the manager or administrator can have a quick snapshot of what’s happening in the company. The dashboards are easy to configure using drag-and-drop widgets. You can also create your own custom dashboards. Each user’s dashboards are specific to their own login account and of them can have their own set of dashboards.

Teramind comes with two default dashboards:

Focused Dashboard

The Focus dashboard is designed for department managers, security analysts and administrators who might want to view detailed information on online employees, user activities or a live montage of online users.

image-23.png

 

Enterprise Dashboard

Enterprise dashboard is primarily useful for business owners, executives, senior management, HR management and CSOs who might want to keep an eye on the organization’s overall security and productivity health. As such, this dashboard focuses on Enterprise KPIs.

image-24.png

Accessing the Dashboard Menu

image-25.png

  1. To switch among dashboards, hover your mouse over the DASHBOARD menu, then
  2. Select a dashboard from the sub-menu.

Creating a New Dashboard

There are two ways you can create a new dashboard:

image-27.png

  1. Hover your mouse over the DASHBOARD menu, then click the Green CREATE DASHBOARD at the bottom of the sub-menu.
  2. Or, click the DASHBOARD menu, which will take you to a screen titled, List of dashboards. Click the Green NEW DASHBOARD button on this screen.
image-29.png
  1. On the pop-up window, give your dashboard a unique name and optionally, a description.
  2. You can also make it the default dashboard by enabling the DEFAULT DASHBOARD checkbox.
  3. Click CREATE to save the dashboard.

Editing / Deleting a Dashboard

image-30.png

  1.  Click the EDIT button on the top right corner.
image-31.png
  1. On the pop-up window, you can change the name and description of the dashboard.
  2. You can also make it the default dashboard by enabling the DEFAULT DASHBOARD checkbox.
  3. To delete the dashboard, click the Trash Can icon. Note that, if you have only one dashboard, it cannot be deleted.

Introduction to Widgets

Widgets are tiles that displays snippets of information on a particular activity or KPI. Teramind has many widgets you can place on your dashboard according to your need.

The widgets are placed on a virtual grid. They can be moved around on it. When you move or resize a widget, other widgets around it will reposition themselves to make room for it.

Good to know: If you set the Dashboard’s date to current date (Today), the data of all the widgets will refresh automatically every 5 minutes.

Widget Types and Usage

There are three different types of widgets you can choose from:

Monitoring Widgets

appUsageDonutThumbnail.png

App Usage

Shows the time spent on each application.

webUsageDonutThumbnail.png

Web Usage

Shows the time spent on each web page.

netUsageDonutThumbnail.png

Network Usage

Shows network usage by time, bytes or connections count.

metricsSummaryThumbnail.png

Combined Report

Shows behavioral and productivity data in a combined table format with trend graphs comparing select metrics.

agentsOnlineTableThumbnail.png

Online Employees

Shows the data of all the currently online employees.

agentsStateCountersThumbnail.png

State of Employees

Shows no of employees online, idle, late, absent etc.

mceclip1__5_.png

Live Montage

Shows a live montage of the desktops of online employees.

agentSnapshotsThumbnail.png

Latest Snapshots

Shows the latest snapshots of the employees’ screens.

activityLogThumbnail.png

Activity Log

Shows a list of employee activates for the given time range.

emailingLogThumbnail.png

Emailing Log

Similar to Activity log, but for emailing only.

cliLogThumbnail.png

Commands Log

Shows a log of all commands run on the command prompt.

keystrokesLogThumbnail.png

Keystrokes Log

Shows a log of all keystrokes pressed by the users.

 

Productivity Widgets

activityCatTimeDonutThumbnail.png

Activity Category

Activity category by active, idle, productive, unproductive time.

activityCatBarChartThumbnail.png

Activity Category Breakdown

Activity category breakdown in a bar graph format.

hoursRatingThumbnail.png

Time Worked / Hours Rating

Rates the employees by the hours they have worked.

productivityRatingThumbnail.png

Activity / Productivity Rating

Rates the employees by their productivity.

payrollRatingThumbnail.png

Payroll Rating

Rates the employees by their payroll.

agentPayrollDonutThumbnail.png

Employee Payroll

Shows the money spent on each employee.

departmentPayrollDonutThumbnail.png

Department Payroll

Shows the money spent on each department.

taskPayrollDonutThumbnail.png

Task Payroll

Shows the wage/salary spent on each task.

projectPayrollDonutThumbnail.png

Project Payroll

Shows the wage/salary spent on each project.

taskHoursDonutThumbnail.png

Task Hours

Shows the time spent on each task.

projectHoursDonutThumbnail.png

Project Hours

Shows the time spent on each project.

Security and Risk Widgets

notificationsLogThumbnail.png

Alerts / Notifications Log

Shows a log of all alerts and notifications.

riskWidgetThumbnail.png

Risk Widget

Shows risky users, rules or activities.

Adding Widgets to the Dashboard

image-40.png

  1. Click the ADD WIDGETS button on the top right corner of a dashboard.
image-41.png
  1. On the Add widgets pop-up window, click on the MONITORINGPRODUCTIVITY or the SECURITY AND RISK tab.
  2. A small Orange Circle in the corner indicates that the widget is already used on the dashboard.
  3. To add a widget to the dashboard, click the ADD TO REPORT button. You can add multiple copies of a widget. You can then configure each widget to show the same type of information (such as App Usage) but for different employees, departments or other criteria. This way, you can compare between them.

Moving and Resizing the Widgets

image-42.png

  1. To move a widget, click and drag its title/header. As you move the widget around, other widgets will rearrange themselves to make space for it automatically.
  2. To resize a widget, hover over the bottom-right corner of the widget. A small triangle will appear. Click and drag the triangle to resize the widget. As you resize the widget, other widgets will rearrange themselves to make space for it automatically.

Configuring / Editing a Widget

image-43.png
  1. Click the Cog Wheel button on the top right corner of a widget to access its settings window.
image-44.png
  1. On the pop-up window, you can assign the widget a name and filter the employees you want to display on the widget. Note that, some widgets may have additional settings and filters you can use to further fine tune what information is displayed on the widget.

Removing Widgets from the Dashboard

image-45.png
  1. Click the “X” button on the top right corner of a widget to remove it from the dashboard. The widgets around it will automatically rearrange to fill up the empty space. Note that, any changed you made to the widget’s settings or filters will be lost when you remove it from the dashboard.

Monitoring Reports [deprecated]

i
DEPRECATED FEATURE
The Monitoring Reports are deprecated. Please use the new BI Reports which offers more information, drill-down capabilities, enhanced export, and faster load time. Please contact Teramind support if you have any questions.

Introduction to the Monitoring Reports

Monitoring reports are individual activity reports for all the system objects (i.e. Websites, Apps, Network) tracked by Teramind. The data is usually displayed in a tabular format, but some reports may also have a trend graph near the top of the report. The reports can be viewed for a select date range. They can be searched; filtered by employees, departments or computers; exported as PDF/CSV files or scheduled to be delivered to email accounts at regular intervals. Each report screen also has its own setting you can use to configure if for your needs.

image-47.png
i
To change what and how Teramind monitors user activity, check out the Monitoring Settings section of the User Guide. 

Note that, not all reports are available in all Teramind offerings. The table below shows which reports are available on what product:

Monitoring Report Teramind Starter Teramind UAM Teramind DLP
OCR      
Webpages & Applications      
Emailing      
Console Commands      
File Transfers      
Networking      
Online Meetings      
Instant Messaging      
Social Media      
Keystrokes      
Searches      
Printing      
Screen Snapshots      
Sessions      
Video Export      

Accessing the Monitoring Report Menus

image-50.png
  1. To access a monitoring report, hover your mouse over the MONITORING menu, then
  2. Select a report from the sub-menu.

Performing Common Reporting Tasks

Setting a Data Range

image-51.png
  1. Each monitoring report screen has a dates-selector at the top-left corner. Click the dates-selector.
  2. Select a start date and an end date from the dates-selector window.
  3. Click the APPLY button.
  4. You can also select one of the pre-defined date-sets (i.e. Today, Yesterday, Last 7 Days etc.) from the left of the dates-selector window without having to select the start/end dates.
Good to know: If you set the date to current date (Today), the data on the report will refresh automatically every 5 minutes.

 

Sorting the Report Columns

image-52.png

Some of the report columns are sortable (i.e. Date/time, Employee etc.). Click on such a column’s title/header to toggle it’s sorting by Ascending or Descending order.

Searching in a Report

You can search for an item (i.e. activity, application name, website, document) in the monitoring reports. Note that, some reports (i.e. Screen Snapshots) do not have any Search option.

image-53.png
  1. Each report screen has a Search bar near the top-right corner. Type your text and click the Search button or press Enter.

Exporting Reports

You can export a monitoring report in PDF or CSV format. Note that, some reports (i.e. Screen Snapshots) do not have any export option.

image-54.png
  1. Click the PDF export mceclip2__2_.png button or the CSV export mceclip3__2_.png button near the Search bar at the top-right corner to export the report in those formats. You will see a message that the report is queued for export. Once the report is ready you will see a download message like below:

mceclip1__6_.png

  1. Click the message to download the report.
i
You can later view and download all the exported reports from the System > Report export menu.

Changing the Report Settings

You can change which columns to Show/Export and the Daily Export settings for each monitoring report independently. Note that, some reports (i.e. Screen Snapshots) do not have any Settings/Export options.

image-55.png
  1. Click the Cog Wheel button to access the report’s settings window.
image-56.png
  1. Click the COLUMNS tab to change which columns are displayed (Active grid columns) and which of them are exported (Active export columns).
mceclip0__6_.png
  1. Click the DAILY EXPORT tab to change which columns will be exported.
  2. You can also turn on the Enable Auto-Export feature for a scheduled delivery of the report.
  3. EXPORT PERIOD will let you define how long exported data will be. Daily reports will be sent every day with single day only. Weekly reports will contain last 7 days and sent on everyday basis too.
  4. You can specify the EXPORT DAYS (daily/weekly reports) or EXPORT DAY OF MONTH (monthly reports). Note that, for the daily/weekly reports, auto export will happen only on the selected days of the week (Sun-Sat). For the monthly reports, you can specify exact day when auto export should happen. For this type of report, it will contain data from same day (including) in previous month to export day (exclusive).
  5. You can select PDF or CSV from the EXPORT FORMAT.
  6. You can specify who will receive the reports in the EXPORT TO EMAIL(S) field. You can specify multiple email recipients.
i
You can later view and download all the exported reports from the System > Report export menu.

Using the Report Filters

Most of the monitoring reports have a set of common filters that let you narrow down the number of items displayed. You can filter by employees, departments, computers etc. Additionally, each report also has its own content-specific filters. For example, the Emailing Monitoring Report has filters for mail directions, email clients, presence of attachments etc.

image-58.png
  1. Report filters are usually located on the second row of the screen, at the top-right corner.
image-59.png
  1. Reports which have a graph/chart may also have additional filters. These are usually located on top of the chart, at the top-left corner. For example, the File Transfers Monitoring Report has filters for the chart to compare two different file activities.

Viewing Session Records

You can access a user’s desktop session live or view records of their past sessions.

image-60.png
  1. Wherever you see the Movie Camera icon, click it to access the Session Player. Usually, the icon is displayed on the Date/time column of a report or on a dashboard widget.
i
For more information about session recordings and playback check out the Session Player section.

Creating / Saving a Custom Report

You can create and save your own custom report. To do so, go to one of the Monitoring Reports. Configure the filters or settings the way you want it, then do the following:

image-61.png
  1. Click the Dot Menu near the top-right corner of the Dashboard. A pop-up menu will appear.
  2. Click the Save as button to save the report. The report will show up on the main MONITORING menu under Saved reports.

Converting a Saved Monitoring Report to a BI Custom Report

mceclip0.png

  1. Open your custom/saved Monitoring Report. Click the CONVERT TO BI button at the top. This will create a custom BI Report with widgets that show the same data as your Monitoring Report. Any filters you applied to your Monitoring Report will be preserved on the BI Report. See the Custom BI Reports section for more information.
i
Note that, at the moment not all of your saved monitoring reports can be converted. Only Monitoring Reports which have equivalent BI Report types can be converted.

Deleting a Saved Report

image-62.png
  1. Click the MONITORING menu. A list of monitoring reports will appear.
  2. Scroll down until you see Saved reports. Under it, you will see all your saved reports. Click the small X button at the right side of a saved report to delete it.

Printing a Report

image-63.png
  1. Click the Dot Menu near the top-right corner of the Dashboard. A pop-up menu will appear.
  2. Click the Print button to print the report.

OCR (Optical Character Recognition)

Teramind’s advanced OCR feature allows you to discover onscreen text in real-time. The OCR engine continuously captures, indexes and analyses a user’s desktop using machine learning and sophisticated pattern recognition algorithms. With OCR, you can quickly search for textual information even inside images or videos, build powerful rules or conduct forensic investigation easily.

image-64.png

The OCR works with multi-monitor setups and virtual desktops, including the ones from the Terminal Servers.

Using the OCR Search Feature

To conduct an OCR search, do the following:

image-82.png
  1. Click the pull-down menu in-front of the search bar near the top-right corner of the screen (or at center of the screen if you are using the OCR report for the first time). Select a search type from the list. You can conduct four types of OCR search:
  • Fulltext: full text search with natural language processing (NLP).
  • Regexp: Regular expressions, e.g. [a-zA-Z]{4}[0-9]{12}.
  • Wildcard: Use ‘*’ as a wildcard, e.g. *doe will match John doe, jdoe, ddoe, etc.
  • Contains: Find any phrase that contains the text specified. Same as *term*.
  1. Enter your search criteria and press Enter or click the Search button.
  2. Optionally, you can use the second search box (Search apps/websites) to further narrow down the results.

Viewing the OCR Snapshots

OCR snapshots show a still picture of the screen where OCR located a search term. To access the snapshot, do the following:

image-66.png
  1. Click the Still Camera icon on the Date / time column to view the OCR snapshot for the searched item at a specific date and time. The OCR snapshot window will pop-up.
image-67.png
  1. On the OCR snapshot window, you will be able to see the user’s desktop with the areas highlighted in semi-transparent Yellow color where the OCR text were detected.

Web Pages & Applications

Web Pages & Applications report shows all the application processes run by the users and the web pages they have visited. In addition to the common report filters, you can view the report by individual website/app or aggregate the items by similar apps/websites.

mceclip0__7_.png

i

Classifying Web Pages & Applications as Productive/Unproductive

We have enhanced the web pages & applications classification feature and moved it under the Configure > Productivity profiles menu. We have also moved all the productive, unproductive and unclassified time reporting from the monitoring reports to the BI Reports (e.g. Applications & Websites and Productivity reports). These changes will give you more control and options for classifying employee productivity and reporting.

Aggregating Similar Items

image-68.png
  1. Click the AGGREGATE button near the top-right corner of the screen to turn it on or off. When aggregation is turned on, the report will aggregate similar web pages and apps together and the report columns will change to Process/URL, Duration, Agents (users) and Applications.

Showing Idle Time

mceclip0__8_.png

  1. Click the SHOW IDLE TIME button to see idle times on the applications/websites.

Console Commands

Console Commands monitoring report tracks any console/terminal commands executed by a user or an application from the command line. The report shows: Date time, employee, computer, username, PID (program ID), the executed command and how long the program had been running.

image-70.png

Console Commands can be useful to keep an eye on privileged users (system admins, power users etc.) as these commands are often used to execute system-level applications and scripts. In the wrong hands, such commands can be dangerous and need overseeing.

Emailing

The Email monitoring report tracks all emails being sent or received including information about the senders, recipients, email subject and body. The system can also save a copy of outgoing attachments (see the note below). All the email records are indexed so you can search for information related to the email actions, preventing security compromises and sensitive data from being transferred out of a system.

image-71.png

The report has a chart you can use to compare between the volumes of incoming and outgoing emails.

The software covers all email platforms, such as Outlook (web & desktop), Gmail, Yahoo, Yandex, and more.

Identifying the Email Origin

image-72.png
  1. The first icon on the Date/time column shows if it’s an incoming or outgoing mail.
  2. The second icon on the Date/time column shows what email client was used, for example Outlook, Gmail, Yahoo Mail etc.

Viewing / Saving / Printing Email Contents

image-73.png
  1. To view the email content, click the Envelope icon. A pop-up window will open.
mceclip1__7_.png
  1. If there are any attachments (and you have enabled attachment captures on the Email Monitoring Settings) then, you can click on the attachment(s) to download them.
  2. You can save a copy of the email by clicking the SAVE AS PDF button or print it with the PRINT EMAIL button.

Saving Email Attachments

image-75.png
  1. If there are any attachments (and you have enabled attachment captures on the Email Monitoring Settings) then, you can click on an attachment to download from the Attachments column.  Note: you can also save an attachment from the email view window.

File Transfers

Use the File Transfers report to monitor all file transfer activity on the local drives, external drives (such as USB drives), network and even Cloud files. The report shows file action (access, write, upload/download etc.), the source (i.e. local disk, network), the full path of the file, file name, extension and what app initiated the file operation. File transfer monitoring helps prevent unauthorized access to sensitive files.

image-76.png

The report also has a chart you can use to compare between two file activities such as Upload vs. Download.

i

Note that Teramind cannot track the copy operation for a file from one network server to the same network server (e.g. source and destination is the same). For example, copying of a file from \\103.247.55.101\source_folder to \\103.247.55.101\destination_folder cannot be tracked. Copy to and from same local drives is detected as usual.

Also copying of an empty file cannot be tracked since it will be impossible for the system to distinguish between the file create and copy operations due to the zero size of the file.

Online Meetings

You can use the Online Meetings report to monitor online meeting activities for apps such as Zoom, Webex, AirCall, Microsoft Teams, BlueJeans, 8x8, RingCentral, etc. The report shows employee/computer, when the meeting took place, duration, app, direction (incoming/outgoing) and participants. If you have enabled screen recording and/or audio recording from the monitoring settings screen, you will be able to view and/or hear the meetings by clicking the session player mceclip0__10_.png icon.

mceclip0__9___1_.png

Instant Messaging (IM)

Instant Messaging monitoring report helps you track any chat conversation, whether on the web or in-app. It can track  Google Hangout, Skype Web, Skype Desktop, Slack, Facebook Messenger etc. You can monitor incoming and outgoing messages and group chats.

image-77.png

The report shows the source, participants, no. of messages and the first line of the message. You can view a full copy of the conversation and export it as a PDF or CSV file.

Viewing / Saving the Message

image-78.png
  1. To view the messaging content or conversations, click the Envelope icon. A pop-up window will open:
mceclip0__11_.png
  1. If more than one agent participated in the conversation, you can use the AGENT FILTER drop-down list to view a selected agent’s conversation only.
  2. Click the PDF/CSV download buttons to save the whole conversation as a PDF/CSV file.
  3. Click the LOAD OLD MESSAGES button to view older messages.

Social Media

Social Media monitoring report lets you track popular social media platforms such as Facebook, Twitter and LinkedIn. You can track new comments, edit comments, new posts and edit posts activities.

image-80.png

The report shows the source, action (post, comment etc.), name of any attachments being shared and the actual message.

i
Note that, you can only see the name of the files being shared on the Attachment columns. At the moment, you cannot download them.

 

Keystrokes

Keystrokes monitoring report shows all the keystrokes enter by the users. In addition to regular keys, you can monitor the clipboard operations (copy/paste), use of special keys such as the Print Screen button,  hidden symbols (i.e. Space, Delete) etc. All the keys are captured, regardless of the user’s selected language.

image-81.png

Keylogging provides a wide range of insight into a user’s behavior. For example, you can detect if an employee is using unprofessional language with a customer; if someone is taking screenshots of an important document (with the likely intention of stealing information); a user repeating easy to guess passwords (hence, creating a security risk) etc.

Showing / Hiding Special Symbols

image-82.png
  1. Click the HIDE SYMBOLS button on the top right corner to show/hide symbols like the <Space>, <Control+C>, function keys etc.

Searches

Searches monitoring report lets you track what the users are searching for on sites like Google, Bing, YouTube etc.

image-83.png

Printing

The Printing monitoring report tracks all documents sent to the local or network printers. You can view or print a copy of the document or save it as a PDF file. The report shows the name of the document, printer, computer and user.

image-84.png

Monitoring employee print logs helps you reduce printing waste. It’s also prevents data leaks over hard copies.

Viewing / Saving / Printing Copies of the Document

image-85.png
  1. Click the document link under the Document column. A window will pop-up.
image-86.png
  1. From the pop-up window, you can print a selected page, all pages or save the document as a PDF file.

Screen Snapshots

The Screen Snapshots monitoring report allows you to have a quick glance over users’ desktops. You can choose multiple users or computers to view.

The snapshots are taken at 10-minute interval.

image-87.png
  1. By clicking a snapshot image, you can view a session recording of the user’s desktop. Check out the Session Player section for more information about session recordings and playback.
  2. Under each snapshot, you will see the Task the user’s working on and their activity level (in percentage). You can also quickly identify how a user is performing by taking a look at the color of this area:
    Green = 71% – 100% activity
    Yellow = 41% – 70% activity
    Orange = 21% – 40% activity
    Red = 0% – 20% activity

Adding / Deleting Time

mceclip0__12_.png

  1. You can quickly add time to an empty slot by hovering over it and clicking the + ADD TIME button.
  2. You can quickly remove a time slot by hovering over it and clicking the X button.
  3. You can also click the ADD/REMOVE TIME button located near the top-right corner of the report to add/remove time. If you click this button, a pop-up screen will appear:

mceclip1__8_.png

  1. Select a user (you need to select a user if you are viewing the screenshots for a computer which has multiple users).
  2. Select a task (you need to select this only if you are adding time).
  3. Drag the two sliders to set the start and end time.
  4. Click the REMOVE TIME button to remove or ADD TIME button to add the selected time.

Sessions

Sessions monitoring report shows an immutable log of all user sessions including: Time Started, Time Finished, Duration, Work Time, Employee, Computer (to which a remote user is connected to), Source Computer (from which a remote user connected from) and the IP. You can also view a trend graph for the sessions.

image-88.png

Network Monitoring

Network Monitoring report allows you to monitor network traffic from all applications and users connected to the internet, identify their locations, time and the exact IPs and ports used for the connections. Additionally, administrators can measure the amount of bandwidth used by employees and the specific computers used to establish the network connections.

image-89.png

The report shows detailed information for each network activity such as, the application processes/URLs, agents (users),  duration of a network session, amount of information sent or received, number of connections, ports and the protocols used (i.e. TCP, UDP, HTTPS).

Monitoring your company’s networks can give you insights into your network and detect potential signs of danger or abuse. For example, you can detect sudden spike in network usage indicating potential intrusion attempts. Or, you can discourage unproductive activities such as online shopping or social media browsing. Or, you can monitor video streaming sites to reduce unnecessary use of network traffic or bandwidth.

Aggregating Similar Items

image-90.png
  1. Click the AGGREGATE button near the top-right corner of the screen to turn it on or off. When aggregation is turned on, the report will group similar application processes/URLs together and the report columns will change to: Process/URL, Agents, Duration, In, Out and Connection count.

Showing / Hiding HTTPS Connections

image-91.png
  1. By default, HTTPS (SSL) connections aren’t shown on the report. To show/hide HTTPS connections, click the SHOW HTTPS button near the top-right corner of the screen.
  2. An extra column named ‘Hostname’ will be added to the table. The Dest. Port will also change to indicate if a connection is on HTTPS port.

Video Export

From this report screen you can view a list of all videos exported from the Session Player (check out the Downloading / Exporting Videos section to learn how to export the videos).

mceclip1__9_.png

For each exported file, you can view information such as when the video was created, by whom and for which employee etc.

  1. You can enable the Persistent option to keep the file indefinitely. Otherwise, on Cloud deployments, it will be automatically deleted after 3 days.
  2. To download a file, click the Download mceclip1__10_.png  icon in the Size column. This will open a new browser window:

mceclip0__13_.png

  1. Right click anywhere on the window and select Save video as... option to save the file.
  2. You can also hover over the video and then click the small dot icon mceclip1__11_.png at the bottom, select Download to save the file. 

Session Player

Introduction to the Session Player

Teramind visually captures every action that a user makes while on a machine in real-time. Teramind also saves this information complete with meta-data and indexes for later processing. Hence, the Session Player supports both Live View and History Playback features.

image-4.png

Live Mode

With the Live Mode, the Session Player turns into a fully functional remote desktop client. You can view a real-time stream of the user’s desktop, take remote control of it, freeze input or lock out the user.

Note that, the Live Mode is available only when a user is online. You will see the ‘Live’ indicator on top of the player turns Orange when the session player is in Live Mode.

History Playback Mode

With the History Playback Mode, you can use the Session Player to view previous desktop session recordings of the user.

Both modes allow you to see detailed list of Notifications and Activities related to the user. If Audio recording is enabled, you can also hear recordings of both sound outputs and inputs (speakers/line-out, microphone/line-in). Finally, you can forward the recordings to select email addresses or download them as MP4 files.

Basic Navigation

image-93.png
  1. Use the Play/Pause buttons to play/pause the video.
  2. Use the RewindFast Forward,  Beginning/End buttons to control the playback. Note that, these controls aren’t available on the Live View mode.
  3. Use the Speaker button to turn sound on/off.
  4. You can also drag the Play Head to move back and forth on the recording timeline.
  5. When Notifications is turned on (see the Viewing Notifications and Activities section), you can click a Notification Indicator to jump to a time where a rule violation incident occurred.

Live Mode Controls

There are three special buttons available on the Live Mode, using which you can control the user’s desktop.

image-94.png
  1. Invoking the Task Manager (Windows): Use the Warning button to send CTRL+ALT+DEL command to the user’s computer. This will bring up the Windows Task Manager screen, where you can access options to change the account password, switch a user etc.
  2. Freezing User Input: Use the Padlock button to freeze/unfreeze user’s input. When input is frozen the user won’t be able to use their keyboard or mouse.
  3. Remote Control: Use the Remote-Control button to take full control of the user computer.

Taking Screenshots

image-95.png
  1. Use the Camera  button to take a screenshot of the desktop and save it as a PNG file.

Downloading / Exporting Videos

image-96.png
  1. Click the Cloud Download button. A pop-up window will open.
image-97.png
  1. On the Video params pop-up window, select a date and specify time range, video speed and an email address. You can also disable audio if wanted. Click the Start export button.
image-98.png
  1. Once the video is ready, an email will be sent to the specified email address(es) with a link to the video for download.
You can view a list of all the exported videos and download them from the System > Video Export screen. Note, some restrictions apply.
i
Note that, if domain restriction is enabled for exporting data, then you can only send export emails within that domain. If it’s left blank, then any email addresses can be used. Check out the Outgoing Exported Data section for more information.

Viewing Notifications and Activities

image-231.png
  1. Click the Notification button.
  2. You will see a list where you can switch between Notifications and Activities.  You can also search for an activity using the search button.
  3. Click on any notification/activity to move the Player Head to the time when the notification/activity occurred.

Viewing / Adding / Removing Tags

You can add custom tags to the video for auditing, tracking or other purposes. Tags let you mark a time on the video and add a label to it. You can also add notes.

image-6.png
  1. Click on the Notifications icon
  2. Select the Tags tab. You will see a list of existing tags (if any).
  3. Click the Add new tag link to create a tag. This will open a pop-up window where you can specify the tag details such as tag name, date, time and notes.
  4. Click on a Tag to move the player head to the time the tag was created.
  5. Click the X button to delete a tag.

Risk

Introduction to the Risk Report

The Risk report allows you to conduct organization-wide risk assessment. The report shows top risky users, rules and objects (applications and websites). The report also lets you plot risk trend by department, severity, number of violations, tags (tags are used to identify a rule) etc. Unique risk score helps you identify high-risk users or policies so that plans can be developed for treating the risks. You can filter the report by employee, department, severity and tag.

image-100.png
i
Teramind uses a combination of risk inputs derived from the Rules (Advanced Mode)Anomaly Rules (Rule Risk Level) and proprietary algorithms that analyze user behavior to calculate a risk score.

 

Accessing the Risk Menu

image-101.png
  1. You can access the Risk report by clicking the RISK menu.

Plotting the Risk Trend

image-102.png

You can control what the top two graphs on the Risk report will show through their three pull-down menus:

  1. The first menu lets you choose the frequency of the data being plotted. You can choose from DailyWeekly or Monthly options.
  2. The second menu lets you choose the X-axis (horizontal) categories for the graphs. You can choose from TagsDepartments and Severity.
  3. The third menu lets you choose the Y-axis (vertical) values for the graphs. You can choose between Violations or Risk Scores.

Identifying High Risk Users, Rules and Objects

image-103.png

The bottom part of the Risk report has three panels that show the top risky users, rules and objects.

  1. At the top-right corner of the users and rules panels, you can see how many users/rules are identified as the top risk, how many of them are new, and how many risk items were dropped (based on the time period you have selected for the report).
  2. The third column of the risk items shows the updown arrows or no change (no indicator arrow) trend for each risk.
  3. You can click on any risk item to expand it.  When expanded, it shows the top risky items causing the risk. For example, if you click a Rule item, it will show the three top users who are associated with the risk and a break down of their risk contribution (in percentage).

Productivity [deprecated]

i
DEPRECATED FEATURE
These Productivity Reports are deprecated. Please use the new BI Reports > Productivity report which offers more information, drill-down capabilities, enhanced export, and faster load time. Please contact Teramind support if you have any questions.
i

To get an accurate report on employee productivity, make sure you have the following set up properly:

Introduction to the Productivity Reports

The Productivity report lets you track employee productivity and performance. It shows productive, unproductive, active and idle time and how much you are spending on employee wages/salary.

Productivity report aggregates data from the activity monitoring, employee profiles, app/websites classification and other configurations such as departments, schedules, user input from the Revealed Agent etc.

Accessing the Productivity Report

image-104.png
  1. Hover over the PRODUCTIVITY menu, then
  2. Click the Overview or the Time Worked sub-menu.

Productivity Report Explained

image-105.png

Color guide:

The color table below shows the activity %:

  Green = 70% – 100% activity
  Yellow = 11% – 69% activity
  Red = 0% – 10% activity

 

i
For detailed explanations on the the different columns of the report and how each productivity metric such as Work Time, Idle Time etc. are measured, please check out this article: How is Work Time / Idle Time / Activity Percentage / Productive Time / Unproductive Time / Total Time determined?

 

Summary vs. Detailed View

When viewing the report for multiple days, you can expand a row to view details for each day in addition to a summary of all days.

image-106.png
  1. Click the up/down arrow button at the right side of a user’s row to expand/collapse it.
  2. When expanded (Detailed View), each date is shown in separate rows in addition to a summary for all days.
  3. When collapsed (Summary View), the dates are aggregated into a single row for each employee.

Behavior > Policies & Rules

Introduction to the Behavior Policies & Rules

The Behavior menu consists of the Polices, Alerts and Anomaly Rules. These features utilize Teramind’s core Behavioral Engine. With the Rules Editor,  you can set up conditions to detect any unproductive, harmful or dangerous activity in real-time, while having Teramind act on your behalf. When a rule is violated, you can be notified about incident and optionally, the system can take actions automatically in different ways (such as warning the user, blocking the activity etc.). You can see the rule violations report from the Alerts screen. Teramind also lets you create Anomaly Rules. These special types of rules use behavioral baselines to detect and prevent behavioral anomalies that’s harder to implement with the regular policies and rules.

Policies

Policy helps you organize similar rules together. In a sense, policies are like folders where you keep your rules. For example, you can have all your PCI related rules under a policy called ‘PCI compliance’. Or, keep all your HR specific rules such as ‘Preventing email harassment’, ‘Limiting social media use’ etc. under the ‘Business Etiquette’ policy.

image-108.png

Each Teramind solution comes with a sample policy containing several sample rules. You can experiment with the sample rules to learn how the rules work. Once you are comfortable, you can create your own rules with the intuitive yet easy to use Rules Editor.

Accessing the Policies Menu

image-109.png
  1. Hover your mouse over the BEHAVIOR menu, then
  2. Select Policies from the sub-menu.

Creating a New Policy

image-110.png
  1. Click the  CREATE NEW POLICY button. A pop-up window will appear.
image-111.png
  1. On the Create a New Policy window, enter a name for the policy. Select the users the policy will apply to and optionally, select any users you want to exclude from the policy. Click the CREATE button to create the policy.

Moving / Exporting / Editing / Deleting Policies

image-112.png
  1. Click the Dotted menu at the top-right corner of the policy. A pop-up menu will open.
  2. To move a policy up on the list, click the Move Policy up button.
  3. To move a policy down on the list, click the Move Policy down button.
  4. To export a policy, click the Export Policy button. The policy will be saved with a .TM extension.
  5. To edit a policy, click the Edit Policy button. An Edit Policy window will pop-up where you can edit the policy.
  6. To  delete/remove a policy, click the Delete Policy button.

Creating / Editing Rules

image-113.png
  1. Click the the BEHAVIOR > Policies menu. Click the  ADD RULE FOR THIS POLICY button near the bottom of the policy to add a rule to the policy.
  2. Click a rule’s name to edit it.

In both cases, you will be taken to the Rules Editor where you can edit the rule. Check out the Rules Editor for more information on how to create or edit rules.

Moving / Exporting / Editing / Deleting Rules

image-114.png
  1. Click the Dotted menu at the top-right corner of the rule. A pop-up menu will open.
  2. To export a policy, click the Export rule button. The rule will be saved as a .TM file.
  3. To edit a rule, click the Edit rule button. Note that, you can also click the rule’s name to edit it. In both cases, you will be taken to the Rules Editor where you can edit the rule. Check out the Rules Editor for more information on how to create or edit rules.
  4. To duplicate a rule or to move it to another policy, click the Copy or Move Rule button. A pop-up window will open where you can choose to copy or move the rule.
  5. To  delete/remove a policy, click the Delete Policy button.

Rules Editor

i
This section describes the basic principles of configuring a rule. Check out the Rules Guide to learn more about rules and how to create them to detect insider threats, protect your organization from malicious or accidental security incidents, prevent data loss or to conform with regulatory compliances.

The Rules Editor is an intuitive, visual editor where you can create sophisticated behavioral rules easily without going through multiple screens or coding. Here are the main parts of the editor:

image-115.png
  1. The left-most part of the editor is where the main tabs/steps of a rule are displayed. A basic rule has at least three tabs: General, User, Category and Action. Note that, the exact name for the Category will change based on which rule category you select on the General tab. For example, on the screenshot above, the Category is ‘Emails’.
  2. The middle part of the editor is where you specify the actual rule parameters.
  3. The right-most part of the editor displays a summary of the rule in easy to follow language.

General Tab – Setting the Rule Basics

In the first tab, General, you specify the basic settings for the rule. You also select which activity or content the rule will detect.

Rule Name and Description

image-116.png
  1. On the top fields, you can specify a name and optionally, a description for the rule.

Rule Template

image-117.png
  1. When creating a new rule, you can choose from a list of pre-built templates. Click the CHOOSE A TEMPLATE field to choose a template on the General tab. Teramind has many templates for Data Loss Prevention, Email, Applications, Websites, File Operations etc. Once you select a template, the rest of the rule’s tabs will be automatically populated with pre-configured settings and sample data. You can, of course, change the settings.

Rule Category and Type

image-118.png
  1. There are three categories of rules you can select from the SELECT THE TYPE OF RULE drop-down menu on the General tab:
    • Agent schedule: This is the most basic rule type. It’s based on an agent/user’s schedule such as when an employee started work, if they are late at work, if a user is idle etc. The rule takes input from the Schedules you create for employees to determine when a user/agent is supposed to start/finish.
    • Activity: Activity-based rules apply to majority of the monitored objects. With this type of rules, you can detect user and application activities. For example, warn a user when they visit a gambling site, Or, stop them from copying a sensitive file to an external drive.
    • Content sharing: These rules are used to detect content or text inside an object. The object can be a file, a web page, text in an email or IM chat etc. These powerful rules can be used to prevent data exfiltration attempts such as, block transferring of a file when it contains credit card numbers; warn a user when they attempt to send emails containing sensitive keywords etc.
i
Note that Content sharing rule is available on Teramind DLP only..
  1. Optionally, you can assign tags to a rule to easily identify it or use them as filters (i.e. on the Risk or Alerts report).
  2.  Once you select a rule type, you can then select the Types of Activity (for Activity-based rules) or Types of Content (for Content-based rules). You can select multiple activity or contents. If you select multiple activities/contents, the rule will trigger separately for each of the activity/content. Note that, rules based on the Agent schedules do not have this section.

Rule Schedule

image-119.png
  1. By default, the rule stays active for 24 hours. However, you can change the time. For example, you can have the rule active during work hours but disable it during the employee lunch breaks. To change when the rule is active, drag the two small Circles to adjust the time. You can click the Plus (+) and Minus () buttons to add/remove additional time slots.

User Tab – Specifying Users and Groups

Here you specify which users, groups or departments the rule will apply to.

image-120.png
  1. By default, the rule will inherit the user settings from the policy. However, you can turn it off to select users manually.
  2. You can specify who the rule will apply to and optionally, exclude anyone you don’t want to be included using the EXCLUDE FROM RULE field.

Categories Tab – Setting Rules Conditions

Categories is where you define the conditions for the rules.

image-121.png
  1. The Categories tab will change depending on what Types of activities / Types of content you choose from the General tab. So, for example, if you choose Applications and Files, you will have two tabs named Applications and Files here.
  2. Condition Parameters – Option 1: For categories that support it, click the Plus (+) button to add parameters to a condition. A small pop-up menu will appear where you can select a parameter. You can select multiple parameters for a condition. In such cases, the conditions will show up as separate tabs. Condition parameters are different for each category. For example, the Application category might have parameter such as ‘Application Name’, ‘Application Caption’ etc. while the Emails category might have ‘Mail Body’, ‘Mail Subject’ etc. You can delete a condition parameter by clicking the small X button next to its name.
image-122.png
  1. Condition Parameters – Option 2: For categories (i.e. Files) that do not have a  Plus (+) button, the CONDITION field is used to set its rule parameters.
image-123.png
  1. Conditions Values: For categories that support it, you use the CONDITION field to specify what values to compare the rule parameters with. Start typing, then select an option from the pop-up to tell Teramind what type of value it is. There are may ways you can use the conditions. For example, to block certain applications from running, you can type them in the CONDITION field and choose the Contains or Equals from the list. Or, you can create a Shared List containing all the names (see Shared Lists section for more information on how to create shared lists). For complex matches, such as Credit Card Numbers, Social Security Numbers etc., you can use the RegEx option. Each value is considered as an ‘OR’ clause. So, in the above example, the rule will trigger if the ‘Application Name’ matches with ‘regedit’ or ‘pseditor.exe’. Each condition parameter is considered as an ‘AND’ clause. So, in the above example, the rule will trigger if the ‘Application Name’ and the ‘Launch from CLI’ parameters meets the condition.
  2. Addition Conditional Blocks: To add additional condition blocks, click the ADD CONDITION button. Each new condition is considered as an ‘OR’ clause. So, if either of the conditions meets the criteria, the rule will be triggered.
  3. Deleting Conditional Blocks: To remove a condition block, click the small  X  button at the top-right corner of the condition block.

Content Tab – Defining Sensitive Data Types

This tab allows you to define what makes the content sensitive and specify values to look for. Note that, Content tab is available only on Teramind DLP and is shown only when you select the Content sharing rule type.

image-232.png
  1. You can specify several content types depending on what Types of activities / Types of content you have selected in the General tab (i.e. Clipboard, Files, Emails, IM).

Data Content

image-125.png
  1. Data content can be used to look for text or binary data for any of the content types. You usually use the Data content rule where you are looking for information in all the supported objects. For example, by using it with the Clipboard, you can detect anything copied on the clipboard.
  2. You can use Contains, Equals, Regular Expression match, List match etc. from the SELECT MATCH TYPE pull-down menu.

Clipboard Origin

image-126.png
  1. Clipboard Origin detects data that’s pasted into the clipboard from a specific webpage or application. By using it you can, for example, build a rule that prevents copy pasting customer data from your CRM site.
  2. You can use Contains, Equals, Regular Expression match, List match etc. from the SELECT MATCH TYPE pull-down menu.

File Origin

image-127.png
  1. File Origin detects file sharing based on their origin or source. It supports local, Cloud and web file sharing. By using it you can, for example, build a rule that prevents sharing of files residing in certain PATH (or folder) to Cloud drives.
  2. You can select from a list of Cloud providers if you choose the CLOUD option.
  3. You can use Contains, Equals, Regular Expression match, List match etc. for the FILE PATH field.

File Properties

image-128.png
  1. File Properties detect files based on their meta-tags. By using it you can, for example, build a rule that prevents sharing of any Microsoft Word documents outside your company that has a Tags property containing the string value of ‘internal only’. You can create such tags/fields/properties from an application (such as Microsoft Word) or from the Windows Explorer.
  2. You can use Contains, Equals, Regular Expression match, List match etc. from the SELECT MATCH TYPE pull-down menu.

Classified Data

image-129.png
  1. Classified Data detects content based on predefined data categories, such as, credit cards, Personally Identifiable Information (PII), Protected Health Information (PHI) etc. By using it you can, for example, build a rule that warns a user when they share credit card numbers over the emails or IM chats.
  2. There are several types of data categories you can choose from: Financial Data, Health Data, Personally Identifiable Data and Code Snippets.
  3. The SENSITIVE DATA TO DETECT will have different menu options depending on what you choose in the SELECT SENSITIVE DATA CATEGORY field. For example, if you choose Financial Data in the previous field, you can choose from ‘All credit card numbers’, ‘Magnetic data’, ‘SWIFT code’ etc. Similarly, if you choose the Health Data, you can choose from ‘Common drug names’, ‘Common disease names’, ’DNA profile’ etc.
  4. Finally, you can specify how often a data pattern can appear in the content before the rule is triggered. As an example, you might not care if a single credit card number is detected in an email, but if more than 5 such numbers are detected then you would like to warn the user.

Actions Tab – Responding to Rule Violation Incidents

Actions tab is where you specify what the system will do when a rule is violated. You can warn a user or block them, receive notification, record a video of the desktop etc. Note that, not all rule categories support all actions. For example, most of the Agent Schedule-based rules only support the NOTIFY action (except for the Login and Idle schedules). Same way, different Activity Type or Content Type may also have their own special actions. For example, Webpages have an action called REDIRECT which is not available for other activity types. Also, not all actions are available on all the operation systems. For example, the LOCK OUT USER action does not work on the Mac OS at the moment.

In some cases, you can use multiple actions as long as they do not conflict with each other. For example, you can use the NOTIFY and BLOCK actions together as they do different things. But you cannot use the BLOCK and LOCK OUT USER actions together because they both prevent the user from doing something. The Rule Editor will automatically grey-out/disable actions that conflict with the currently selected action(s).

There are two ways you can setup actions: Simple Mode and Advanced Mode.

Simple Mode

Simple Mode is the easiest way to create rules and is recommended for beginners. In the Simple Mode, you can specify actions, but you cannot set any risk thresholds.

image-130.png

 Here are some of the actions you can use:

image-131.png

Notify

Teramind will send an email n>otification to the specified admins/managers whenever any user violates the rule.

mceclip0__14_.png

Block

Blocks the user activity and shows a message. You can use a HTML template to display the message (see the Behavior > Alerts article for more information on using an HTML template with your rule messages).

image-133.png

Lock Out User

Shows a warning message to the user and then when they press the OK button, they are locked out of the system. If the user logs back in, they will be logged out automatically. An administrator has to unlock the user for them to be able login again (See the Employee Action Menu section for more information on unlocking a user).

i
This action works on Windows only.
image-134.png

Redirect

Redirects user to a different website when they try to access certain URL(s).

i
This action applies to Website-based rules only.
image-135.png

Warn

Warns a user with a message. Similar to the Block rule, but without blocking the action. You can use a HTML template to display the warning message.

image-136.png

Set User’s Active Task

You can automatically assign the user a task based on their activities.

i
Applicable only if the user is using a Stealth Agent.
image-137.png

Record Video

If video recording is disabled in your Screen Monitoring Settings, you can still record a video of the rule violation incident with this action. The system will automatically record for the specified number of minutes before and after the incident.

image-138.png

Record Video

With this action, you can execute a Windows command automatically when a rule is violated.

i
This action works on Windows only.

 

Advanced Mode

In the Advanced Mode, you can specify risk thresholds for a rule. You can add multiple thresholds, assign risk levels and take different actions depending on how often the rule is violated. For example, you can set an email rule that sets a Low risk and a Warn action when a user sends 5 emails in a day.  However, if they send more than 10 emails a day, then set a Moderate risk level and trigger a Notification action.

The risk levels that you assign in the Advanced Mode are used by Teramind to calculate risk scores (see the Risks section to learn more about risk analysis) and can also be used to filter other reports (i.e. Alerts).

image-139.png
  1. You can choose the time period for the thresholds such as Hourly, Daily, Monthly etc.
  2. The threshold slider lets you adjust the frequency once you have added one or more thresholds.
  3. Click the ADD THRESHOLD button to add new threshold (actions). For example, in the picture above, we added two actions (action 1 and action 2).
  4. You can use the Frequency field to set a frequency.
  5. Use the Define a risk level field to set a risk level. You can choose from: No Risk, Low, Moderate, High and Critical.
  6. Use the small Plus (+) button to add an action for the frequency/risk level.
  7. You can set additional risk levels and associated action as you need.

Behavior > Alerts [deprecated]

i
DEPRECATED FEATURE
The Alerts report is deprecated and will be removed from the dashboard. Please use the new BI Reports > Behavior Alerts report which offers more information, drill-down capabilities, enhanced export, and faster load time. Please contact Teramind support if you have any questions.

Introduction to the Alerts

The Alerts report shows all the rule violation incidents (triggered by the regular Rules) and any anomalies (triggered by the Anomaly Rules). The report shows the date/time the incident happened, which user was involved, what policy and rule were violated, what action was taken by the system and a description of the incident (i.e. what applications the employee was using and what triggered the alert).

image-140.png

The report also shows a trend graph for the number of alerts triggered over the period. Like all other reports, you can view a session recording of an alert incident by clicking the movie camera icon on the Employee column. Same way, you can also export an alert report or schedule it for auto delivery to selected email addresses. Check out the Performing Common Reporting Tasks section to learn how to perform these common report actions.

Accessing the Alerts Menu

image-141.png
  1. Hover your mouse over the BEHAVIOR menu, then
  2. Select Alerts from the sub-menu.

Applying the Alert Filters

image-142.png
  1. There are multiple ways to filter the Alerts report. You can do so by using the drop-down menus located at the top-left corner of the report. You can filter by Policy, Severity, Tags or Actions. This is helpful if you have many alerts and wanted to narrow down the list.

Showing / Hiding Alert Triggers

image-143-1024x141.png
  1. You can use the SHOW TRIGGERS button to toggle the display of additional information about a rule violation incident. When triggers are turned on, the Display column will show additional information such as what part of the rule condition was trigger and for which activity or content.

Behavior > Anomaly Rules

Introduction to the Anomaly Rules

Anomaly rules are special types of rules that allow you to identify anomalies in a user’s behavior by utilizing behavioral baselines. It also allows you to assign risk levels to any anomalous behavior and a notification action to inform admins or managers about the anomaly.

image-144.png

Accessing the Anomaly Rules Menu

image-145.png
  1. Hover your mouse over the BEHAVIOR menu, then
  2. Select Anomaly rules from the sub-menu.

Filtering / Editing / Deleting / Copying Anomaly Rules

image-146.png
  1. If you have many anomaly rules, you can decide what’s displayed by using the filters on the left side of the Anomaly Rules screen. You can clear the filters by clicking the small Funnel icon.
  2. To edit an anomaly rule, click the Pencil icon. You will be taken to a rule editor. Follow the Anomaly Rules Editor section to learn how to edit an anomaly rule.
  3. Click the Copy icon to duplicate a rule.
  4. Click the X icon to delete a rule.

Creating Anomaly Rules

image-147.png
  1. Click the ADD ANOMALY RULE button at the top-right corner of the screen. A pop-up window will open.
image-148.png
  1. Click the CREATE NEW RULE button if you want to create a rule from the scratch. You will be taken to the Anomaly Rules Editor. Follow the Anomaly Rules Editor section to learn how to edit an anomaly rule.
  2. Click the USE TEMPLATE button to create a rule based on a template. Teramind comes with many anomaly rules templates. You can choose from a list of types such as: Applications, Emails, File Operations etc. Click on a type to expand it. Pick a rule template and click the LOAD TEMPLATE TO USE button. You will be taken to the rule editor. Follow the Anomaly Rules Editor section to learn how to edit an anomaly rule.

Anomaly Rules Editor

The Anomaly Rules Editor is an intuitive, visual editor. The single-page interface of the editor makes it easier to view and edit the rules.

General Settings

You can specify basic rule settings on the General Settings section of the Anomaly Rules Editor.

image-149.png
  1. Give the rule a name on the RULE NAME field.
  2. Select the users the rule will apply to on the APPLIES TO field.
  3. Select any users that should be excluded on the EXCLUDING field.
  4. Optionally, you can assign tags to a rule on the TAGS field to easily identify it.

Rule Trigger

The Rule Trigger section lets you specify which activity the rule engine will monitor and what conditions it will evaluate.

image-150.png
  1. Select a trigger from the list. You can choose from many pre-built options such as Webpages, Applications, Emails, Productivity, Network etc.
  2. Under CONDITIONS, you can choose different types of conditions such as:
  3. Time (%): with this you can create a rule for time spent on certain task. For example, you can create a rule that gets triggered if a user spends more than 10% time on a certain website.
  4. Anomaly baseline: uses algorithm to determine if certain user behavior is outside their normal behavior. This can be the user’s current behavior compared to their past behavior; an employee’s behavior compared to their departmental baseline; or an employee’s behavior compared to baseline of the entire organization. Using a baseline lets you, for example, set an anomaly rule to notify you when a user sends an unusual number of emails than they normally do in a day-to-day basis.
  5. Other Conditions: depending on what trigger you selected, you may see additional conditions. For example, if you choose the Webpages trigger, you will see the Url condition listed as an option on the menu.
  6. Click the ADD CONDITION button to add a new condition row.
  7. Click the X button next to a condition to delete it.

Rule Risk Level

Rule Risk Level section lets you assign a risk level to the rule. The risk level is used by Teramind to calculate risk scores (see the Risk section to learn more about risks) and can also be used to filter reports (i.e. Alerts).

image-151.png
  1. Click and drag the Circle  to adjust the risk level.
  2. You can turn risk accumulation on/off. If turned on, the risk associated with this rule will be counted multiple times for multiple violations. Otherwise it will be counted once for all violations.

Rule Actions

Anomaly rules only support the NOTIFY action.

image-152.png
  1. Turn the notification on/off by using the NOTIFY button.
  2. Select the users who will get notified when the rule is violated.

Saving the Rule / Creating a Rule Template

image-153.png
  1. Click the SAVE AND LAUNCH RULE to save and activate it.
  2. Click the SAVE RULE AS TEMPLATE button to save it as a template. This way, the template will be available when you are creating a new anomaly rule (see the Creating Anomaly Rules section to learn how to use an anomaly rule template).

Employees

Introduction to the Employees

The Employees screen is where all your employees and other users are listed. You can see when a user logged in, which computer they logged in from, their status (i.e. active, idle, locked etc.) and if they are currently being monitored.

image-232__1_.png

From the Employees screen, you can also perform actions such as add/import/delete/restore employees, lock/unlock their computers etc.

Accessing the Employees Menu

image-154.png
  1. Click the EMPLOYEES menu to access its screen.

Adding a New Employee

image-155.png
  1. Click the NEW EMPLOYEE button near the top of the screen. A pop-up window will open where you can edit the employee’s profile details such as their personal information, account security, monitoring options etc. See the following section to learn how to enter these details for a new employee.

Entering / Editing Employee Profiles

When either creating a new employee or editing an existing employee, a pop-up window will open where you can enter/edit the employee details such as their personal information, account information, authentication and monitoring options:

Here are some of the actions you can use:

image-157.png

Personal Info

On the first tab of the employee details window, you can enter the user’s personal details such as names, contact info, department, position etc. You can also upload a photo for the employee. If you enter any wage/salary information, you will be able to see the user’s contribution on the Productivity widgets and the Productivity report.

i
Please do not change the email address of the employee if they are using the Hidden Agent. As the email address is used to identify the employee in the system.
image-190.png

Account Information

On this tab, you can specify the user’s default task (if the employee is using a Hidden Agent). You can also set their access level. There are four types of access levels you can choose from:

  • Employee – cannot change any settings.
  • Infrastructure Admin – has access to the system settings but cannot browse any recordings.
  • Operational Admin – has access to the system settings, rules, computers, other users and access control settings of other users.
  • Administrator – is the most powerful access level. They can monitor all employees, other admins and change any settings with no restrictions.

On this tab, you can also specify other account security settings, such as: if the employee can view their own dashboard, what reports they can access, if they are an external user etc.

Finally, you can change the password for the employee here.

image-159.png

Authentication

Here you can enable/disable 2-Factor Authentication for the user. Scan the barcode in your 2FA application (such as Authy or Google Authenticator) then apply the code from the application in the Code from Authenticator app field.

image-160.png

Monitoring Option

On this tab, you can specify which monitoring profile to use for this employee and also manually control what they will be tracked for. Check out the Monitoring Settings section to learn more about monitoring profiles.

mceclip0__15_.png

Productivity Profile

On this last tab, you can see which productivity profile is used for this employee. However, you cannot edit it from here. To learn how to edit a productivity profile, check out the Productivity Profiles section of the User Guide.

 

Adding Employee and Sending Invitation

After entering/editing the user details, do the following:

If you are adding a new employee:

image-161.png
  1. Click the ADD USER & SEND INVITATION button to add the new employee and send them an invitation to install the Teramind Agent.
  2. Click the ADD USER button to just add the user without sending an invitation.

If you are editing an existing employee:

image-162.png
  1. Click the RESEND INVITATION button to send the employee an invitation to install the Teramind Agent.
  2. Click the APPLY CHANGES button to save any changes you have made to the profile.

Importing Employees

image-163.png
  1. Click the IMPORT button near the top of the Employees screen. You will be taken to the Import employee screen.
image-164.png
  1. Click the UPLOAD CSV FILE button to upload a CSV file containing employee information.
  2. If you want, you can click the DOWNLOAD SAMPLE CSV button to download a sample CSV file that shows you how the CSV file containing a list of employees should be formatted for importing into Teramind.
  3. Additionally, there is a table at the lower part of the screen that shows what CSV fields Teramind can import, their expected values and which fields are mandatory.
  4. Turn on the Invite users by email to send out invitations to install the Teramind Agent to the newly added employees.

Employee Action Menu

You can perform various actions such as lock/unlock a user, delete/restore their profile or enable/disable monitoring for them.

mceclip1.png
  1. Click the check mark in front of the employee names to select employees.
  2. From the top-left corner of the screen, select the action you want to perform. Here are the actions you can perform:
  3. Lock: locks a user’s computer. The Status column on the employees list will change to show it as locked. When a computer is locked, the user will not be able to use it.
  4. Unlock: unlocks a user’s computer previously locked by the Lock menu option or by a rule’s ‘Lock Out User’ action.
  5. Delete: deletes the selected user. Note that, when you delete a user, they are not permanently deleted, just hidden from the employee list and all monitoring reports. If you are on a Cloud deployment, deleting a user will also free up a license.
  6. Restore: restores previously deleted employee(s).
  7. Enable Monitoring: enables monitoring for a user.
  8. Disable Monitoring: disables monitoring for a user. The Monitored column will change to show the user is no longer being monitored.
  9. Bulk Edit: allows you to edit the profile information of the selected employees in bulk. Clicking the button will open the Bulk edit window where you can make the changes that will apply to the selected employees:

mceclip0__16_.png

Viewing an Employee’s Monitoring Reports

If you click an employee name from the list of employees, you will be taken to the Employee’s page where you can see their detailed reports such as, Activity Log (similar to the Applications & Websites), Session Log, Time Worked, Alert Log etc.

Check out the Monitoring Reports section and the individual monitoring reports for an explanation of the information they provide.

These reports are similar to the other monitoring reports except for the Time Worked screen:

image-167.png
  1. The Time Worked screen shows slightly different information compared to the Productivity Reports. It shows Task, Work Time, Activity, Idle, First Launch and Total salary/wage.
  2. You can also edit the employee’s profile or turn off their monitoring settings from this screen.

Editing / Deleting an Employee

image-168.png
  1. Click the EDIT INFO button from the Employee’s page. A pop-up window will open where you can edit their profile information. Check out the Entering / Editing Employee Profiles section to learn how to edit the profile.
  2. Click the small, Red Trash Can icon to delete the employee. You can also delete/restore an employee from the Employee Action Menu. Note that, when you delete a user, they are not permanently deleted, just hidden from the employee list and all monitoring reports. If you are on a Cloud deployment, deleting a user will also free up a license.

Computers

Introduction to the Computers

The Computers screen shows all the computers you have added to Teramind, when they were last seen, online counts, currently online users/agents, IP addresses, operation systems, client (Teramind Agent) versions and FQDNs (Fully Qualified Domain Names).

mceclip4__2_.png

Note: if you do not see a column, click the Settings mceclip3__3_.png button near the top-right corner of the report to enable it.

Accessing the Computers Menu

image-170.png
  1. Click the COMPUTERS menu to access its screen.

Remote Installing the Teramind Agent

i

This option is only available on Teramind On-Premise and Private Cloud deployments.

image-171.png
  1. Click the REMOTE INSTALL AGENTS button near the top-right corner of the screen. You will be taken to the Remote Agent Installation screen where you can deploy the Agent remotely.
i

Computer Action Menu

You can perform various actions such as enable/disable monitoring, enable offline notifications, update the Agent etc.

image-233.png
  1. Click the check marks in front of the computer names to select computers.
mceclip0__17_.png
  1. From the top-left corner of the screen, select the action you want to perform. You can choose from the following actions:
    • Enable Monitoring: enables monitoring for all users on the selected computers.
    • Disable Monitoring: disables monitoring for all users on the selected computers.
    • Delete: Delete / remove a computer. Note that, when you delete a computer, it is not  permanently deleted, just hidden from the computers list and all monitoring reports. Monitoring is also disabled when you delete a computer. If you are on a On-Premise deployment, deleting a computer will also free up a license.
    • Restore: Restore a previously deleted computer. Note that since deleting a computer also disabled monitoring for a computer, you will need to enable monitoring after you restore it.
    • Enable notify when offline: when you click this button, you can specify one or more email addresses which will get an email notification whenever the selected computers go offline.
    • Disable notify when offline: disables offline notification.
    • Uninstall Agent from PC: will uninstall/remove the agent from the computers.
    • Update agents: updates the installed Teramind Agent on the selected computers with the latest version.
    • Cancel agents update: cancels any pending Agent update tasks.

Accessing a Computer’s Details Page

mceclip1__12_.pngClick on a computer from the list of computers on the Computers page. You will be taken to the Computer’s details page:

mceclip5__1_.png

From this page you can view the computers details such as what OS is installed, the IP address, Agent version etc. You can also perform many of the same tasks found on the Computer Action Menu such as enable/disable monitoring, delete a computer, update agent etc. However, there are two new options you can access from the Computer’s details page: viewing/editing the computer’s profile and exporting session recordings. See the sections below for more information.

Exporting Session Recordings of Users/Agents on a Computer

Click the Video Camera mceclip4__3_.png icon on a Computer’s details page to export session recordings of select users/agents on the computer. Clicking this button will open a Video params window:

mceclip6__1_.png

From this window you will be able to specify export date and time, select agents/users and other parameters for exporting the video/session recordings. See the Session Player section to learn more about session recordings.

Editing a Computer’s Settings

Click the EDIT INFO button on a Computer’s details page to access its settings:

mceclip7__1_.png

You can change the following settings from the Computer settings window:

  • CLEAN PRINT SPOOL (FOR PRINT SERVERS): This option is available when the Teramind Agent is installed on a print server. When Clean Print Spool is enabled, the Teramind Agent will check the print spooler every 10 minutes and delete documents older than 6 hours.
  • NOTIFY WHEN OFFLINE: When you click this button, you can specify one or more email addresses which will get an email notification whenever the selected computers go offline. Note that, same option is available under the Computer Action Menu.
  • OVERRIDE: DELETE RECORDINGS OLDER THAN …: This option lets you delete recording older than certain days. A value other than 0 will override the delete settings you have specified in the ‘DELETE HISTORY AFTER…’ field on the Monitoring Settings > Screen

Configure > Departments

i
Note that, department managers can only view/manager the employees in their respective department(s). Check out this article to learn what permission level a department manager has.

Introduction to the Departments

On the Departments screen, you can see a list of all the departments, how many employees are in each department, who the department managers are etc. You can also create/edit departments and assign managers to them.

image-175.png

Accessing the Departments Menu

image-176.png
  1. Hover your mouse over the CONFIGURE menu, then
  2. Select Departments from the sub-menu.

Creating a New Department

image-177.png
  1. Click the NEW DEPARTMENT button. A New department window will pop-up:
mceclip0__18_.png
  1. Specify a name and optionally, a description. Select the department managers from the list of employees.
  2. Select the employees for the department. You can also assign a employee to this department later. Check out the Assigning an Employee to a Department section below to learn how. 
  3. Click the APPLY CHANGES button to create the department.
i
Note that, you cannot assign an employee to multiple departments. If you add an employee who is already in another department, they will be removed from that department and added to the new department. You can however, have a department manager assigned to multiple departments.

Viewing the Employees in a Department

image-179.png
  1. Click on the name of a department, for example, Sales. You will be taken to the Department page.
image-180.png
  1. On the left side of the Department page, you will see a list of employees assigned to the department.
  2. Check out the Entering / Editing Employee Profiles section to learn how to assign an employee to a department.
  3. On the right-side of the page, you will see a Gantt chart with a list of tasks for each employee and how much time they spent on each task. Check out the Rules Editor > Actions tab section, under ‘Set User’s Active Task’ to learn how tasks can be assigned to an employee automatically by a rule when using a Stealth Agent. Or, check out the How to use the Revealed Agent article to learn how Tasks can be created and self-assigned by users with the Revealed Agent.

Assigning an Employee to a Department

You can assign an employee to a department when creating a department. But you can also change an employee's department from the employee's profile:

  1. Select the EMPLOYEES menu.
  2. Click on an employee's name to open their page.
  3. Click the EDIT INFO button.
  4. You can change the Department for the employee under the PERSONAL INFO tab:

mceclip0__19_.png

Editing / Deleting a Department

image-181.png
  1. While on the Department page, click the EDIT button at the top-right corner. An Edit department window will appear (similar to the New department window) where you can change the department’s name, description and managers.
  2. While on the Department page, click the DELETE button at the top-right corner to delete the department.

Configure > Schedules

Introduction to the Schedules

The Schedules screen allows you to manage schedules for your employees and contractors. You can control employee work time, lunch breaks, days off etc. This information is then used by other Teramind modules. For example, in the Agent Schedule-based rules, in the Productivity Reports or for calculating payroll etc.

mceclip3__4_.png

This screen has two tabs. The SCHEDULING tab allows you to create/edit the  daily and weekly schedules for your employees. The TEMPLATES tab allows you to create/edit templates to make managing schedules for large groups easier.

i

Note that you can also create schedules for various positions in your organization. Check out the Positions section for more information.

Accessing the Schedules Menu

image-183.png
  1. Hover your mouse over the CONFIGURE menu, then
  2. Select Schedules from the sub-menu.

Adding a New Employee

mceclip0__20_.png

  1. Click the NEW EMPLOYEE button near the bottom. This will pop-up the New employee window where you can add a new employee, configure their account details, monitoring options, etc. Check out the entering/editing employee profiles section for more information.

Combined vs Daily Schedules

image-184.png
  1. Click the COMBINED or DAILY button near the top-right corner to switch between a Combined view and a Daily view. On the Combined view, days with the same shift/time slots are combined in a single column while in the Daily view each shift is shown as a separate column.

Managing Employee Schedules

mceclip2__4_.png
  1. You can manage schedules for individual employees from the SCHEDULING tab.

Notifying Employees About Schedule Changes

You can send a notification to employees or departments of any schedule changes.

image-186.png
  1. Click the NOTIFY EMPLOYEES button at the top right-corner of the SCHEDULING screen. A pop-up window will open.
image-187.png
  1. Select the employees you want to inform from the list of employees.
  2. Select a period.
  3. Optionally, add a comment.
  4. Click the APPLY CHANGES to send the notification.

Managing Weekly Employee Schedules

image-188.png

  1. Click the name of an employee on the SCHEDULING screen. You can also click the ADD SCHEDULE button if the employee does not have a schedule already assigned. A pop-up window will be displayed:
image-189.png
  1. You can select an existing template to populate the schedules for the weekdays.
  2. Click on an empty Work time slider to add hours to it.
  3. Drag the Circles mceclip7__2_.png on a slider to adjust its hours.
  4. Click on a day’s name, for example, Tuesday, to turn it on/off (make it a workday/off day). If all the days are turned off for the week, the schedule will be deleted/removed from the employee.
  5. Use the Allowed break field to assign break hours.
  6. Click the Matched List icon to make all hours match with the first day’s hour.
  7. Click the APPLY CHANGES button to save the schedule.

Managing Daily Employee Schedules and Day Offs

image-190__1_.png
  1. Click on a day’s time slot/shift or an empty day on the SCHEDULING screen. A pop-up window will appear:
image-191.png
  1. You can edit the work time and breaks the same way you do for multiple days.
  2. You can delete the shift (turn the day off).
  3. To assign/cancel a day off, click the SET DAY OFF or DEACTIVE DAY OFF.
  4. Click the APPLY CHANGES button to save the changes.

Batch Schedule Editing

This feature allows you to add a schedule to a group of employees at once instead of editing them one by one.

mceclip0__21_.png

  1. Click the BATCH SCHEDULE EDITING button near the top right-corner of the SCHEDULING screen. An Edit schedule pop-up window will open.

mceclip1__13_.png

  1. This is similar to editing a Weekly Employee Schedule, the only additional option is an Employees field where you can select and assign multiple employees to the schedule.

Schedule Templates

Adding a New Schedule Template

mceclip5__2_.png
  1. From the TEMPLATES tab, click the ADD TEMPLATE button at the top-right corner. A pop-up window will open:
image-194.png
  1. Give the template a name.
  2. You can edit the rest of the template the same way you would edit a weekly employee schedule. Please follow the Managing Weekly Employee Schedules to learn how to edit the schedule.

Editing / Deleting a Schedule Template

image-195.png
  1. Click on a template name. A pop-up will open.
image-196__1_.png
  1. Change the template name if needed.
  2. You can edit the template the same way you would edit a weekly employee schedule. Please follow the instructions on Managing Weekly Employee Schedules to learn how to edit a template.
  3. Click the Trash Can mceclip6__2_.pngicon to delete the template. You can also click on the day names (i.e. Monday, Tuesday etc.) to turn them off. If all the days are turned off for the week, the template will be deleted/removed.

Configure > Positions

Introduction to the Positions

The Positions screen allows you to manage schedules for positions/titles. It is very similar to the Schedules screen except that it does not have any Notify Employee or Batch Update option.

mceclip0__22_.png

Accessing the Positions Menu

mceclip1__14_.png
  1. Hover your mouse over the CONFIGURE menu, then
  2. Select Positions from the sub-menu.

Adding / Editing / Deleting a Position

mceclip2__5_.png

  1. Click the NEW POSITION button to add a new position. Note that, you can also create a new position when entering/editing employee profiles, under PERSONAL INFO, in the Position field.
  2. Hover over a position name and click the Pencil mceclip3__5_.png icon to edit the position.
  3. Hover over a position name and click the Trash Can mceclip4__4_.png icon to delete the position.

Managing Position Schedules

You can manage schedules for positions the same way you manage schedules for employees. For example:

mceclip5__3_.png
  1. You can create/edit the daily schedule by clicking a day on the scheduler.
  2. Similarly, you can create/edit weekly schedule of a position by clicking the position name or by clicking the ADD SCHEDULE FOR POSITION button.

Check out the Managing Daily Employee Schedules and Day Offs and the Managing Weekly Employee Schedules sections to learn how to edit the two types of schedules.

Using the Schedule Templates

You cannot create any schedule templates from the Position screen. However, you can use any templates created on the Schedule screen when editing a weekly position schedule.

Configure > Access Control Policies

Introduction to the Access Control

The Access Control screen allows you to control which users/managers have access to what information on the Teramind Dashboard and the settings they are allowed to change. On Teramind, access control is implemented through policies. A policy is composed of the following elements:

  • Privileged Users: They are the users/managers who monitor certain groups of people (Target Users/Subjects). 
i
Note that, you cannot add any admins as the Privileged Users. Admins have their own access control policy set at the account level. For more information, check out this article: How to change a user’s account access level / role permission.
  • Target Users / Subjects: These are the regular users monitored by the Privileged Users.
  • Permission: Defines what the privileged user can do with the information of the Target Users under their responsibility. The permission is grouped into Play, View, Edit and Access Widgets categories.
image-197.png

The main window of the Access Control screen shows a list of policies, privileges and the subjects they manage. You can create a new policy or edit an existing one from this window.

Accessing the Access Control Menu

image-198.png
  1. Hover your mouse over the CONFIGURE menu, then
  2. Select Access control from the sub-menu.

Creating a New Access Control Policy

image-199.png
  1. Click the New policy button at the top-right corner of the Access Control screen. A window will pop-up.
image-200.png
  1. Enter a name for the policy, select the privileged users (for example, Department Managers) the policy will apply to then click the SAVE button. You will be taken to the Create policy screen. Continue with the Access Control Policy Editor section below to learn how you can assign target users and adjust the permission settings for a policy.
i
Note that, you cannot add any admins in this field as admins have their own access control policy set at the account level. For more information, check out this article: How to change a user’s account access level / role permission.

Viewing / Editing / Deleting an Access Control Policy

image-201.png
  1. Click on a policy from the list of policies on the main Access Control screen. You will be taken to the View policy screen where you can see the details for the policy.
image-202.png
  1. On the View policy screen, click the EDIT button to edit the policy. You will be taken to the Edit policy screen. Continue with the Access Control Policy Editor section below to learn how to edit the policy.
  2. On the View policy screen, Click the DELETE button to delete the policy.

Access Control Policy Editor

The Access Control Policy Editor allows you to edit a policy. You access it through the Create policy / Edit policy screens (see the previous sections to learn how to create/edit a policy).

image-203.png
  1. Specify a policy name and select the privileged users (for example Department Managers) the access permission will be granted to.
  2. Click the Create permission button to create a new permission.
  3. Click the Select all targets button to select all target users or the Deselect all targets button to deselect them.
  4. Click the Show all link to show all users or the Show only selected link to show only selected target users.
  5. Click on a target user’s name to select/deselect them.
  6. Click the Select all permissions button to select all permissions or the Deselect all permissions button to deselect them.
  7. Click on a permission category to expand or collapse it.
  8. Click on a permission item to select/deselect it.
  9. Click the Save changes button to save the policy.

Configure > Productivity Profiles

Introduction to the Productivity Profiles

Productivity profiles allow you to create rules to classify productive and unproductive applications and websites and assign them to individual employees, groups or departments. The profiles determine how Productivity Classification, Productive Time, Unproductive Time, etc. are measured and reported on the BI Reports (for example, BI Reports > Productivity and the BI Reports > Applications & Websites).

mceclip0__23_.png

Parent vs Child Profiles and Inherited vs Owned Rules

The main window of the Productivity Profiles screen shows a tree-view of all the parent and their child profiles. Child profiles will inherit all classification rules from its parent profile(s). Each profile can also ‘own’ its unique rules. This parent-child hierarchy and the ability to inherit/own rules allow you save time by avoiding duplicating or manually entering same rules to multiple profiles.

Accessing the Productivity Profiles

mceclip1__15_.png

  1. Hover your mouse over the CONFIGURE menu, then
  2. Select Productivity profiles from the sub-menu.

Viewing and Managing Productivity Profiles

mceclip2__6_.png

  1. To filter profiles: You filter the list of displayed profiles using the Search field and/or the Filter by assignments list.
  2. To view all child profiles: If a profile has any child profile(s) you can click on its Up Arrow /Down Arrow icons to view or hide its child profiles.
  3. To change the parent of a child profile: Click the Inheritance mceclip3__6_.png button to change the parent of the profile.
  4. To delete a profile: Click the Delete mceclip4__5_.png button to delete / remove a profile.
i

When you delete a profile, all of its child profiles and rules will be deleted too.

i

You can also view a user’s productivity profile (but not change it) from the employee profile screen.

Adding a Productivity Profile

mceclip5__4_.png

  1. Click the Add child profile mceclip7__3_.png button at the right side of a profile to add a new child profile under it. A pop-up window will open:

mceclip6__3_.png

  1. Enter a PROFILE NAME.
  2. Select the employees/departments the profile will be ASSIGNED TO.
  3. Click the CREATE button to create the profile. You will be taken to the Edit productivity profile screen. Check Step 2-4 of the Editing Productivity Profiles and Classification Rules section below to learn how to configure a rule.
i

You can only assign one productivity profile to a user. If they are already part of a productivity profile, assigning them to a new profile will remove them from the previous profile.

Editing Productivity Profiles and Classification Rules

mceclip8__1_.png

  1. Click a profile’s name to edit it. You will be taken to the Edit productivity profile screen:

mceclip9__1_.png

  1. Click the Pencil mceclip10__1_.png icon next to the profile’s name to edit its name and change its assignment. Note that, you can only assign one productivity profile to a user. If they are already part of a productivity profile, assigning them to a new profile will remove them from the previous profile.
  2. You can change what rules are displayed by using the Search, Productivity, Type and Inheritance
  3. Click the Pencil mceclip10__1_.png icon next to a rule to edit it (see below for more information).
  4. Click the Delete mceclip4__5_.png icon to delete a rule. You can only delete a rule ‘owned’ by the profile.
  5. Click the Open Parent mceclip12__1_.png icon to leave the edit screen of the child profile and go to the parent profile screen.
  6. Click the Click the Override mceclip13__1_.png icon to create a copy of an inherited You can then save the inherited rule as a new owned rule.
  7. Click the ADD NEW RULE button to create a new rule. The filter area will change to let you enter the details for the rule:

mceclip14__2_.png

  1. Select a type of rule. You can choose from Activity, Regexp and Category.
  2. Enter a value for your chosen rule type. The value will apply to website URLs and application file names. For Activity type rules, you can enter any text. For example: com, word.exe etc. , Regexp will match with a regular expression1. For example, .*\.outlook\.com. With Category type rules, you can select from a predefined list of websites categories2. For example: Entertainment, Social Media etc.
i

1Teramind uses C++ standard regular expressions.

2Teramind uses inCompass® NetSTAR, a comprehensive web categorization and filtering technology to automatically categorize websites.

  1. Select a productivity classification such as Productive, Unproductive or Unclassified.
  2. Click the CREATE RULE button to create and save the rule or X button to cancel.

Reset Classifications / Retroactive Classifications

You can retroactively apply new classification profiles and rules to previous employee activities:

mceclip15__2_.png

  1. Click the Reset classifications menu near the top-right corner. Select a reset option from the pull-down list.
  2. You can see when the profiles were last synced near the reset menu.

Configure > Shared Lists

Introduction to the Shared Lists

The Shared Lists screen allows you to build a list of items that can be reused throughout Teramind. You can build lists of websites, IP addresses, program names, and more. These shared lists can be used when defining behavior rules, as well as in monitoring settings.

image-204.png

You can see all the existing lists including their name, type, number of items in the list etc. You can create, edit or delete shared lists from this screen.

Accessing the Shared Lists Menu

image-205.png
  1. Hover your mouse over the CONFIGURE menu, then
  2. Select Shared lists from the sub-menu.

Creating / Uploading a Shared List

image-206.png
  1. On the Shared List screen, click the Create list button near the top-right corner of the Shared List screen. A window will pop-up.
image-207.png
  1. Enter a name for the list.
  2. Select a list type. You can choose from Text, Regular Expressions and Networking types. Text list is useful for simple data such as names, website URLs etc. Regular Expressions is a powerful list type that can be used to detect patterns and specially formatted text such as credit card numbers, zip/postal codes etc. Networking list types are used for defining IP addresses and ports. Network lists can be used with the Network-based rules or to control Network monitoring settings.
  3. Click the Create List button. You will be taken to a screen where you can add list items or upload a file.
image-208.png
  1. Click the add file button to upload a .CSV or .TXT file containing your list item. Each item should be in a separate line in the file for Teramind to import it correctly.
  2. You can also click the Add new row button to enter items manually one by one.
  3. If you’ve entered an item manually, click the Save button to save it.

Editing / Downloading a Shared List

image-209.png
  1. On the Shared List screen, click the Pencil button at the right side of a shared list. You will be taken to a screen where you can edit the list.
image-210.png
  1. To download a copy of the list, replace the list or to append news items to a list from a file; click the Download list file button.
  2. To add a new item/row, click the Add new row button.
  3. To edit an item/row, click the Pencil button.
  4. To delete an item/row, click the X button.

Deleting a Shared List

image-211.png
  1. On the Shared List screen, click the Trash Can button at the right side of a shared list to delete/remove it.

System > Missing Users / Computers

Introduction to the Missing Users / Computers Report

The Missing Users / Computers report shows employees or computers for which Teramind didn’t receive any data recording for the specified days. The report shows the following columns: Employee/computer, Last login time, Last login from  and Consecutive days without recording.

image-212.png

Accessing the Missing Users / Computers Menu

image-213.png
  1. Hover your mouse over the SYSTEM menu, then
  2. Select Missing users / computers from the sub-menu.

Searching for Missing Users / Computers

image-214.png
  1. Select from Employees/Computers from the top-left corner of the screen.
  2. Specify number of days for DATA RECORDED WITHIN field.
  3. Specify number of days for AND NO RECORDING FOR THE LAST field.
  4. Click the APPLY button to apply the filter and view the result.
i
You can use the dashboard's Notifications feature to diagnose the most common reasons for missing computers / users. Or, check out the Employee showing offline / Computer not reporting troubleshooting article to learn more.

System > Video Export

Introduction to the Video Export Screen

From this screen you can view a list of all videos exported from the Session Player and download them.

mceclip2__7_.png

Accessing the Video Export Menu

mceclip1__16_.png

  1. Hover your mouse over the SYSTEM menu, then
  2. Select Video export from the sub-menu.

Downloading Exported Videos

For each exported video, you can view information such as when the video was created, by whom and for which employee etc.

mceclip0__24_.png

  1. Click the Download mceclip1__10_.png icon under the Size column to download a MP4 file for the video.
  2. If you are on an On-Premise deployment, you will also see a Persistent You can enable the Persistent option to keep a file indefinitely. Otherwise it will be deleted after 10 days automatically.
i
  • Teramind Cloud customers will have access to the exported videos for up to 10 days.
  • Teramind On-Premise / Private Cloud customers have the ability to make them persistent (keep for as long as they want) by enabling the Persistent option.

System > Report Export

Introduction to the Report Export Screen

From this screen you can view a list of all the reports exported from the BI Reports and download them.

mceclip0.png

i
Exported reports from the Behavior > Alerts and Productivity > Overview screens are not available for download from this Report Export screen. Exports from those screens starts immediately and are not saved for later downloads.

Accessing the Report Export Menu

mceclip1__17_.png

  1. Hover your mouse over the SYSTEM menu, then
  2. Select Report export from the sub-menu.

Downloading / Deleting Exported Reports

For each exported report, you can view information such as when the report was created, filename etc.

mceclip3.png

  1. The icons column will tell you if it is an export from the Monitoring Reports (PDF mceclip3__7_.png / CSV mceclip4__6_.png ) or BI Reports (BI mceclip5__5_.png ) export.
  2. Unless deleted by you, Cloud customers will have access to the exported reports for up to 30 days. The Delete after column shows when the report will be deleted automatically.
  3. On-Premise / Private Cloud customers have the ability to make the report persistent (keep for as long as they want) by clicking the Yes/No button on the Persistent column.
  4. The Auto export column will tell you if it is part of an auto-export report.
  5. Click the Download mceclip6.png icon on a row to download a Zip file containing the report.
  6. Click the Trash Can mceclip2.png icon on a row to delete the report.
i

Unless deleted by you:

  • Teramind Cloud customers will have access to the exported reports for up to 1 month.
  • Teramind On-Premise / Private Cloud customers have the ability to make them persistent (keep for as long as they want).

System > System Log

Introduction to the System Log Report

The System Log screen allows you to see all administrator/manager activities on the Teramind Dashboard. These immutable session logs are useful for monitoring privileged users’ activities and identify any abuse of the system. Additionally, session logs, in conjunction with access control and other auditing and forensics features of Teramind allows you conform with compliance standards such as GDPR, HIPAA, PCI DSS etc.

image-215.png

The System Log report has the following columns:

  • Date/time: the data and time of the activity.
  • IP: IP location of the user.
  • Employee: name of the user/employee.
  • Action: what action the user performed. For example, Login, Logout, View, Delete etc.
  • Object Type: the type of object the user accessed. For example, Report, Dashboard, Shared etc.
  • Object Name: internal names of the object. For example, Productivity, Audit etc.
  • Page: the URL of the object. Only displayed when SHOW URLS filter is turned on. See the Applying System Log Filters section below for more information)
  • Details: where applicable, displays any additional information about an activity. Such as, Inserted an item (in a List), Created a Network Shared List etc.

Accessing the System Log Menu

image-216.png
  1. Hover your mouse over the SYSTEM menu, then
  2. Select System Log from the sub-menu.

Applying System Log Filters

image-217.png
  1. Click the SHOW URLS button near the top-right corner to turn it on/off. When on, the system log report will display an additional column, ‘Page’ with the exact URL of the dashboard object.
  2. By default, the report displays all types of activities. However, you can use the Activity filter to display the logs for a single activity.
  3. By default, the report displays all agents/users. However, you can use the Agent filter to display the logs for a single agent/user.

Viewing Additional Details for a Log

image-218.png
  1. If a log object has additional details that cannot be shown in the Details column, you will see a Click here to view details link. Clicking the link will open a pop-up window.
image-219.png
  1. You can view the details on the pop-up window. For example, on the image above, it shows that and administrator changed the name of an Access Control policy from ‘Executive Policy’ to ‘Senior Management’.
  2. Click the CLOSE button to close the pop-up window and return to the Session Log report.

Monitoring Settings

Introduction to the Monitoring Settings

The Monitoring Settings screen lets you create/edit monitoring profiles for users, groups and departments and precisely control how much information will be collected for each monitored system (such as Websites, Apps, Emails). You can track as much or as little as you want based on your organization’s needs and alleviate any privacy concerns.

image-233__1_.png

Some use cases of using Monitoring Settings are:

  • Create Monitoring Profiles to enable social media monitoring for the marketing department but disable it for other departments.
  • Configure the Websites so that it automatically suspends monitoring and keystrokes logging when users visit their bank’s portal or opens their personal emails.
  • Setup Applications monitoring in such a way that it only records activity within business applications such as QuickBooks or SAP and not record screen or keystrokes when the user is in Facebook.​
  • Setup a scheduled based monitoring, set up recording rule violations only, auto-delete old recordings etc. to minimize data storage requirements and comply with regulations like GDPR.
i
Teramind comes with a Default settings profile. This profile is used by default for all users and cannot be deleted.

Accessing the Monitoring Settings Menu

image-234__1_.png
  1. Click the Gear icon near the top-right corner of the Teramind Dashboard.
  2. Click Monitoring settings underneath the pop-up menu.

Creating a New Monitoring Profile

image-235.png
  1. Click the NEW PROFILE button near the top-right corner of the main Monitoring Settings screen. A pop-up window will be displayed.
image-236.png
  1. Give the profile a name.
  2. Optionally, give it a description.
  3. Click APPLY CHANGES. You will be taken to a different screen with a list of all monitored systems.
mceclip0__2_.png

Note that, Teramind comes with some default settings for each of the monitored systems. You can change them according to your needs.

  1. Click the EDIT OBJECTS TO TRACK button at the top-right corner to add users to the profile or remove them.
  2. Click the EDIT PROFILE INFO button at the top-right corner to edit the profile name and description.
  3. Click the YES/NO slider button in front of a monitored system to turn monitoring on or off for it.
  4. Click the small Gear icon at the right side of an object to edit its settings. See the Editing the Settings for Monitored Systems section below to continue setting up individual monitoring objects).

Advanced Monitoring Settings

mceclip1.png
  1. Click the ADVANCED button to change advanced settings (only recommended if you are troubleshooting an issue). This will pop up a window:
mceclip2.png
  1. FILE DRIVER: if disabled, File Transfer report, Content Sharing Rules, Files-Based Activity etc. will not work.
  2. NETWORK DRIVER: if disabled, Network report, IM report, Network-Based Rules, File Upload rules will not work. ‘Quick web proxy’ certificate will not be injected.
  3. DON'T TRACK DLP FOR PROCESSES: allows you to exclude certain process(es) from the DLP scanning/DLP rules. For example, svchost.exe, System Idle Process etc. Note that, this is different than disabling monitoring for an application using the SUSPEND MONITORING WHEN THESE APPLICATIONS ARE USED option on the Applications Monitoring Settings. That option disables all monitoring for a process (activity will not be captured and app will be blacked out on the session recording). On the other hand, DON'T TRACK DLP... will only disables DLP scanning for a process.
  4. If you enable the RESTRICTIONS option, you will see two more options:
    • If you turn on the DISABLE ALL LOCAL ADMIN ACCOUNTS, EXCEPT BUILT-IN option, you can specify a new admin user and password. Then, when a admin logs in as a current Windows user, a new admin will be created and all existing admin accounts will be disabled.
    • If you turn on the DISABLE WIRELESS ACCESS (WI-FI, BLUETOOTH) then all Wi-Fi and Bluetooth network access will be disabled. Make sure the computer has an Ethernet connection before enabling!

Editing / Copying / Deleting a Monitoring Profile

image-3.png
  1. You can locate which profile an employee belongs to by using the Search box at the top-left corner of the main Monitoring Settings screen.
  2. You can click the OPTIONS icons to turn the monitoring on/off for them.
  3. Click the small Users icon at the top-right corner to add/remove users.
  4. Click the Copy icon to create a duplicate copy of the profile.
  5. Click the small Gear icon at the right site of a profile to edit it. Follow Steps 5-6 in the Creating a New Monitoring Profile section above to learn how to edit the profile.
  6. Click the small X icon to delete the profile.

Editing the Settings for Monitored Systems

Common Settings

Each Monitored System has a simple scheduler under the TRACKING DAYS AND TIME section at the bottom of its settings panel. Using this scheduler, you can quickly specify when the tracking and recording of the Monitored System will take place.

image-241.png
  1. Click on a day to enable/disable it.
  2. Drag the two small Circles to adjust the time.
  3. Click the Reverse icon to reverse the time.
  4. Click APPLY CHANGES to save the settings.

Editing Screen Settings

screen_settings.png

The OCR LANGUAGES allows you to specify which language will be used for the OCR (Optical Character Recognition). Default is English. Teramind also supports Hebrew, Russian, Dutch, Spanish and Turkish for the OCR.

ALLOW REMOTE CONTROL option determines if Remote Control will be available on the Session Player’s Live Mode Controls.

If the user is using a Hidden Agent, ASYNC SCREEN UPLOAD will force Teramind to use a queue for screen recordings instead of uploading them in real-time. It’s suitable for a slower network or a busy OCR server. However, you might experience some delay between the user activity and the recording appearing on the dashboard when ASYNC is enabled.

RECORD LOCKED SESSIONS option allows you to continue recording even when the user locked their computer.

By enabling RECORD ONLY WHEN BEHAVIOR RULE WAS VIOLATED, you can reduce the storage needed for the screen recordings or alleviate privacy concern.

You can also control how many FRAMES PER SECOND is captured; if Teramind should UPDATE SCREEN ON EVENTS ONLY (i.e. something happening on the screen).

You should only enable the USE MODERN SCREEN GRABBING option on Windows 8 or above. If you are experiencing issues with screen captures, try toggling this option.

The GRAYSCALE / COLOR and LIVE SCREEN SCALING controls the quality and size of the recording.

On-Premise customers can specify when the recordings will be automatically deleted under the DELETE HISTORY AFTER. This will further reduce your storage requirements and help you comply with data retention policies.

Finally, you can specify the MESSAGE DURING REMOTE CONTROL / MESSAGE DURING INPUT FREEZE when using those features in the Session Player’s Live Mode Controls.

i
  • Some of the settings (for example, DELETE HISTORY) are only available on the On-Premise version.
  • ASYNC SCREEN UPLOAD only works with the Hidden Agent. Ignore this setting if the user is using a Revealed Agent. Check out this article to learn more about the difference between the two agents.

Editing Audio Settings

image.png

AUTOMATIC LEVEL ADJUSTMENT will automatically adjust the sound levels for higher/lower tones.

If the user is using a Hidden Agent, ASYNC AUDIO UPLOAD will force Teramind to use a queue for audio recordings instead of uploading them in real-time. It’s suitable for a slower network or a busy server. However, you might experience some delay between the user activity and the recording appearing on the dashboard when ASYNC is enabled.

You can adjust the BITRATE to increase/decrease audio quality. Lower bitrate will require less CPU processing and storage. You can toggle the MONITOR ALL INPUT DEVICES / OUTPUT DEVICES options to enable/disable recording for all microphones, speakers and line-in/out.

i
ASYNC AUDIO UPLOAD only works with the Hidden Agent. Ignore this setting if the user is using a Revealed Agent. Check out this article to learn more about the difference between the two agents.

Editing Applications Settings

mceclip3__8_.png

You can turn monitoring on/off for the  WINDOW TITLES. This gives you the ability to not track the title for apps which includes document name in their title. If you do not want Teramind to capture the document name, turning this option off can be helpful.

You can also turn monitoring on/off for CONSOLE COMMANDS (commands executed on the Windows Command Prompt or Terminal).

You can configure Applications settings to MONITOR only select applications; SUSPEND monitoring or SUSPEND KEYSTROKE monitoring when certain applications are used.

You can conditionally suspend monitoring/keystrokes logging using the two …WITH CONDITION options. For example, you can suspend monitoring Firefox while it’s used from an IP approved by an access control list. Same way, you can suspend keystrokes logging of the Windows Installer when it’s launched from an IP range. For the CONDITION, you can select from a list of Any, a single IP, an IP range, list (Network Shared Lists), and cldr (Classless Inter-Domain Routing). Finally, you can define the IDLE TIME (used in the Productivity Reports, Agent Schedule-based rules and other places by Teramind).

Editing Websites Settings

new_website_monitoring_settings.png

MONITOR ONLY THESE WEBSITES field allows you to define websites or a list of websites, for which you want to record the screen and keystrokes. If you use this field, all other websites will be blacked-out in the screen recordings.

DON’T MONITOR WEB TRAFFIC FOR THESE WEBSITES* defines the websites for which you want to suspend recording. Screen and keystroke recording for all other sites will be enabled. Please see notes below.

SUSPEND MONITORING WHEN THESE WEBSITES ARE VISITED* does not capture any activity, and keystrokes when the specified websites are visited. The browser window is blacked-out in the video recording or during the live view mode of the session player.

SUSPEND MONITORING WHEN WEBSITE CONTAINS CONTENT – If the HTML of a URL contains a string listed here, that website will not be monitored, keystrokes will not be recorded, and the screen will be blacked out. A common use for this option is to determine intranet or proxy-generated websites.

The DON'T MONITOR WEB TRAFFIC FOR THESE IPS*  lets you specify IPs, IPs with mask, or domain names (excluding the http:// or https:// prefix) that you do not want to monitor.

The MONITOR WEB TRAFFIC FOR THESE IPS is the exact opposite of the ‘DON'T MONITOR WEB TRAFFIC FOR THESE IPS’ option. Note that, if you use this option, all other websites will be blacked out in the screen recordings.

i

Please be careful when using the two options above. You may accidentally turn monitoring on/off for other sites, as there may be several sites with the same IP.

The next three settings are the same as above, the only difference is, you use IP addresses instead of URLs. Please see notes below.

You can also SUSPEND KEYSTROKE … setting to suspend just the keystroke recording for the specified websites.

You can suspend monitoring for all PRIVATE BROWSING (incognito) sessions.

You can turn off the MONITOR KEYSTROKES FOR PASSWORD FIELDS option to suspend capturing of keystrokes in password fields. For example, a login page containing a HTML input field such as <input type="password">.

ALLOW CONNECTION TO HOSTS WITH INVALID CERTIFICATES – please see notes below.

You can use the WSS PORT to specify web traffic redirection.

 

SUMMARY OF WEBSITES EXCLUSION OPTIONS

DON'T MONITOR WEB TRAFFIC FOR THESE WEBSITES

  • Quick Proxy certificate IS injected
  • Does NOT appear in the activity log
  • Keystrokes ARE captured

SUSPEND MONITORING WHEN THESE WEBSITES ARE VISITED

  • Quick Proxy certificate IS injected
  • Does NOT appear in the activity log
  • Keystrokes are NOT captured
  • The browser window is blacked-out in the video recording or during the live view mode of the session player

DON'T MONITOR WEB TRAFFIC FOR THESE IPS

  • Quick Proxy certificate is NOT injected
  • DOES NOT appear in the activity log
  • Keystrokes ARE captured

SUSPEND MONITORING WHEN BROWSING TO THESE IPS

  • Quick Proxy cert is injected
  • Appears in the activity log
  • Keystrokes ARE captured
DON’T MONITOR WEBSITES / IPS

Use the DON’T MONITOR WEB TRAFFIC FOR THESE IPS / WEBSITES fields if you want to prevent the Teramind Agent from injecting the Quick Proxy SSL cert. Use them if it looks like the agent’s cert if causing an issue with a website.

The difference between these two fields are:

  • WEBSITES: if we include host name here, then Teramind will not intercept traffic from these sites. But in case of HTTPS we still inject HTTPS certificate and recode encrypted data. This may lead to network issues.
  • IPS: this may contain IPs, IP with mask, or domain name of the site (excluding http:// or https:// prefix). For domains, it works by requesting list of IPs that corresponds to this domain. Please be careful that, when using this field, you may accidentally turn off monitoring for other sites, as there may be several sites with the same IP. If the IP is in this list, then Teramind will not recode encrypted data, and there will be no influence on the HTTPS traffic. 
What sites to include in “DON’T MONITOR WEB TRAFFIC…”?

 Site that resides on some domain name sometimes uses resources from other domains. To exclude all sources for the problem, you need to exclude all used resources. You can get a list of the domain names by turning off the Teramind Agent, run Chrome, Open “Developer Tools”, select “Network” tab, set “Disable cache” = true, “Preserve log” = true, right click on the header of the table with the network requests, select “Domain”, then reproduce situation that leads to an issue, and capture all domain names (from the Domain column) that were involved in the loading process.

Dynamic Blackout

dynamic-blackout.png

When you use any of the SUSPEND MONITORING… settings for any application or website, Teramind will automatically blackout the relevant application window in the video recording or during the live view mode of the session player (check out the Session Player section to learn more about session recording and live view).

The blackout feature works on both single monitor and multi-monitor setups.

ALLOW CONNECTION TO HOSTS WITH INVALID CERTIFICATES

Use the ALLOW CONNECTION TO HOSTS WITH INVALID CERTIFICATES will allow all hosts to work with invalid certificates. This is not a recommended thing to do as it may help disguise invalid certificate and allow phishing attacks. As an alternative, you can also use a Match Regular Expression condition regexp/.*/ on any rules that require an URL/website address such as below:

photo_2020-10-14_13-22-08.jpg

 

Editing Emails Settings

mceclip2.png

You can use the settings to CAPTURE INCOMING / OUTGOING emails, CAPTURE EMAIL CONTENT and SAVE OUTGOING / INCOMING ATTACHMENTS etc.

You can specify which email systems will be captured using the CAPTURE EMAIL THROUGH option. Teramind supports the most popular email clients such as Outlook, Gmail, Yahoo etc. - both desktop and web versions.

You can use regular expressions to ignore any attachments you do not want captured using the IGNORE ATTACHMENT... option. For example, to ignore music and video files, you can use something like this: /\.(mp3|mp4|avi)/gi.

The IGNORE EVENTS OLDER THAN (DAYS) option allows you to cut off monitoring and capturing of emails older than certain days. This option is sometimes useful for clients like Outlook which may scan older emails if emails are moved, or archival policies are run. In such situations, by default, the Agent will capture any emails being accessed. This setting tells the Agent to ignore scanning older emails. However, behavior policies or rules for these old emails will still get triggered which might create false positives.

To avoid that, you can enable the IGNORE EVENTS EVEN IF BEHAVIOR POLICIES MATCH option. This will prevent triggering of unexpected rule violations and false alerts by ignoring older emails.

Editing File Transfers Settings

image-253.png

Files Transfers settings panel has two tabs. On the BASIC SETTINGS tab, you can specify WHAT TO TRACK such as: LOCAL FILES, NETWORK FILES, LOCAL DOCUMENTS, NETWORK DOCUMENTS, EXTERNAL DOCUMENTS, CD/DVD BURNING, EXTERNAL DRIVES (i.e. USB / pen drives) etc.

You can select which file types to track under the FILE TYPES TO TRACK section. For example, TXT, DOC, XLS, PPT etc. You can also manually enter your own extensions in the FILE EXTENSIONS LIST TO TRACK.

You can specify which applications should be monitored for upload/download activities in the TRACK DOWNLOADS AND UPLOADS FROM THESE APPLICATIONS field. Finally, if you don’t want any locations (i.e. folders) to track, you can specify them in the DO NOT MONITOR THESE LOCATIONS field.

image-254.png

On the ADDITIONAL SETTINGS tab, you can specify which file operations to track such as COPY (see notes below), RENAME, UPLOAD, DOWNLOAD, DELETE etc.

i

Note that Teramind cannot track the copy operation for a file from one network server to the same network server (e.g. source and destination is the same). For example, copying of a file from \\103.247.55.101\source_folder to \\103.247.55.101\destination_folder cannot be tracked. Copy to and from same local drives is detected as usual.

Also copying of an empty file cannot be tracked since it will be impossible for the system to distinguish between the file create and copy operations due to the zero size of the file.

Editing Printed Doc / Printer Settings

mceclip1__18_.png

If you use a printer that requires login permission, use the PRINTER TRACKING ACCOUNT USER and the TRACKING ACCOUNT PASSWORD to specify the credentials. Otherwise, Teramind will not be able to monitor it.

You can turn CAPTURE ACTUAL DOCUMENT on/off and specify MAXIMUM CAPTURE DOCUMENT SIZE (no. of pages) too.

With the MONITORING_SETTINGS_EXCLUDED… option , you can add regular expressions to exclude any printers matching the name.

 

i
You can automatically clean the print spooler for a print server from the Computers > Computer’s details > Computer settings screen.

Editing Keystrokes / Key Logging Settings

image-256.png

You can turn CLIPBOARD tracking on/off from the Keystrokes settings panel.

Editing Instant Messaging / IM Settings

image-257.png

You can specify which messaging APPLICATIONS to track. Teramind supports the popular IMs such as Facebook, Skype, Slack etc. You can TRACK INCOMING MESSAGES only or TRACK OUTGOING MESSAGES only or both.

Editing Social Media Settings

image-258.png

You can specify which messaging APPLICATIONS to track. Teramind supports the popular social media platforms such as Facebook, Twitter, LinkedIn etc. You can track NEW COMMENT, EDIT COMMENT, NEW POST, EDIT POST activities in those applications.

Editing Network Settings

image-260.png

You can turn SSL on to monitor secure connections (i.e. HTTPS).

TRACK NETWORK CONNECTIONS option allows you turn network monitoring on/off.

DON’T DISABLE TEREDO prevents Teramind from disabling Teredo. It’s used for secure communication over IPv6. If you encounter any problem with IP tracking, try toggling this setting.

The next four TRACK… options let you specify which IPs and ports will be tracked or not. TRACK PROCESSES field allows you to specify which network processes to track. You can use names (i.e. svchost.exe), regular expressions, Network Shared Lists etc.

 

i
If you disable SSL on the Network settings, you might lose the ability to track: web-based emails such a GMail,  file uploads/downloads to/from the web, instant messaging and social media. 

Editing Offline Recording Settings

image-259.png

The offline recording buffer specifies how long the Teramind Agent will continue to record user actions while the user is disconnected from the internet or Teramind server. By default, the buffer is set to 24 hours, but you can change the time as needed (maximum time allowed is 24 hours).

Editing OS States Settings

mceclip0__27_.png

These settings will enable event notifications for operating system states such as Lock, Sleep and Screen Saver to any SIEM integration (syslog event) you might have. These settings do not affect the monitoring of these event.

Editing Online Meetings Settings

mceclip1__19_.png

With these settings you can specify which online meeting apps to track. Teramind supports monitoring of AirCall, Microsoft Teams, RingCentral, Zoom, 8x8.

Integrations

Introduction to the Integrations Screen

Integrations menu allows you to set up an integration with external Security Information and Event Management (SIEM) and Project Management (PM) software such as HP ArcSight, Splunk, IBM QRadar, LogRhythm, Jira, Redmine, Zendesk etc. You can then send user details and event triggers from Teramind to the integrated software.

i
Teramind exports event information with Syslog using the Common Event Format (CEF). Any SIEM should be able to consume that.
image-261.png

The main Integrations screen shows you a list of current integrations. From here you can also create a new integration, change the settings of an integration or remove an integration when no longer needed.

i
We have provided instructions for two SIEM integrations: Splunk and HP ArcSight. We have also provided instructions for two PM integrations: Zendesk and JIRA. This should help you understand how the integration works and enable you to integrate with other solutions. If you still need help, please contact support@teramind.co.

Accessing the Integrations Menu

image-262.png
  1. Click the Gear icon near the top-right corner of the Teramind Dashboard.
  2. Click Integrations underneath the pop-up menu.

Setting Up a New SIEM Integration with Splunk

image-263.png

  1. Click the Gear image-206__1_.png icon near the top-right corner of the dashboard, select Integrations. Then, click the SETUP NEW INTEGRATION button near the top-right corner of the Integrations screen. A setup wizard will pop-up:

mceclip0__28_.png

  1. Select SIEMs from the list of product types.
  2. Choose Splunk from the list of products.
  3. Click the NEXT STEP button to continue to Step 2:

mceclip1__20_.png

  1. Select a Transport protocol, for example TCP.
  2. Provide a HOSTNAME and PORT where the SIEM product is located at.
  3. Click the NEXT STEP button to continue to Step 3:

mceclip2__9_.png

i
WEBSITE AUDIT event sends the System Logs to the SIEM.
  1. Click the YES/NO slider button to turn an event on/off. Events which are selected will be sent to the SIEM. By default, all events will be sent.
  2. Optionally, you can specify the maximum field value length. Default is, 0 (unlimited).
  3. Optionally, click on a Database mceclip4__7_.pngicon for an event to configure its data mapping. A Data mapping window will pop-up:

mceclip4__8_.png

  1. Map what SIEM field will be used for the corresponding Teramind field. You can use the checkbox in front of a field to turn it on/off.
  2. When data mapping is done, click the SAVE button to close the Data mapping window and return to the Step 3 window.
  3. Click the LAUNCH INTEGRATION to save and launch the integration. Next, you will need to configure Splunk to accept the data sent to it from Teramind:

mceclip5__6_.png

  1. Login to your Splunk account dashboard as an administrator.

mceclip6__4_.png

  1. From the menu on top, select Settings > Source types.

mceclip7__4_.png

  1. Click the New Source Type button near the top-right corner. A pop-up window will open:

mceclip8__2_.png

  1. Give the source a Name. You can configure other options for the Source from this window. For this exercise, we just need the Name parameter.
  2. Click the Save button when you are done with setting up the Source.

mceclip9__2_.png

  1. From the menu on top, select Settings > Data inputs.

mceclip2__10_.png

  1. From the list of local inputs, click the + Add new link next to the TCP row. You will be taken to the Add Data wizard screen:

mceclip11__1_.png

  1. On the first step, Select Source, enter the Port number you chose in Step 6 before. You can optionally set other parameters such as override source name, restrict connection to a specific host etc. For this exercise, we only need the Port parameter.
  2. Click the Next > button to go to the next step.

mceclip12__2_.png

  1. On the second step, Input Settings, click on the Select Source Type drop-down box and select the Source you created in Step 16 before (e.g. my_sourse). You can optionally set other parameters such as app context, method, index etc. For this exercise, we only need the Source Type parameter.
  2. Click the Next > button to go to the next step.

mceclip13__2_.png

  1. On the third step, Review, review the configuration. Click the Submit > button to finish setting up the data input and go to next step.

mceclip14__3_.png

  1. On the final step, Done, click the Start Searching button to view the data coming from your Teramind integration:

mceclip15__3_.png

  1. To find the data easily, you can optionally specify parameters such as source and sourcetype in the Search field.
  2. Optionally, you can specify the interval (e.g. 5 minute window) located right next to the search field.

Setting Up a New SIEM Integration with HP ArcSight

image-263__1_.png
  1. Click the Gear image-206__1_.png icon near the top-right corner of the dashboard, select Integrations. Then, click the SETUP NEW INTEGRATION button near the top-right corner of the Integrations screen. A setup wizard will pop-up:
image-266.png
  1. Select SIEMs from the list of product types.
  2. Choose a SIEM product from the list of products. For example, HP ArcSight.
  3. Click the NEXT STEP button to continue to Step 2.
image-267.png
  1. Select the Transport protocol (UDP or TCP).
  2. Provide a Hostname and Port where the SIEM product is located at.
  3. Click the NEXT STEP button to continue to Step 3.
image-268.png
i
WEBSITE AUDIT event sends the System Logs to the SIEM.
  1. Click the YES/NO slider button to turn an event on/off. Events which are selected will be sent to the SIEM.
  2. Click on a Database mceclip4__7_.pngicon to configure its data mapping. A Data mapping window will pop-up.
mceclip3.png
  1. Map what SIEM field will be used for the corresponding Teramind field. You can use the checkbox in front of a field to turn it on/off.
  2. When data mapping is done, click the SAVE button to close the Data mapping window and return to the Step 3 window.
  3. Click the LAUNCH INTEGRATION on the Step 3 window to save and launch the integration.

Setting Up a New SIEM Integration Using the Generic CEF Option

When creating a new SIEM integration, you will notice that there is a Generic CEF option on the SIEMs product list. CEF (Common Event Format) is a text-based, open messaging standard and log format developed by ArcSight™ and used by HP ArcSight™ products.

If you use this option, Teramind will output data over the Syslog protocol using CEF data format. This will help you integrate with various SIEM tools for which Teramind does not have a built-in option.

The integration process is very similar to HP ArcSight. See the Setting Up a New SIEM Integration with HP ArcSight for step-by-step instructions.

Setting Up a New PM Integration with Zendesk

image-270.png
  1. Click the Gear image-206__1_.png icon near the top-right corner of the dashboard, select Integrations. Then, click the SETUP NEW INTEGRATION button near the top-right corner of the Integrations screen. A setup wizard will pop-up:
image-271.png
  1. Select Project management from the list of product types.
  2. Choose Zendesk from the list of products.
  3. Click the NEXT STEP button to continue. You will be taken to the Step 2 of 3 screen. 
image-272.png

Before you continue with to Step 2, you need to create an OAuth Client in Zendesk. To do so:

image-273.png
  1. Access your Zendesk domain, go to Admin section.
  2. Click API under the Channels section.
  3. Click the OAuth Clients tab.
  4. Click the + button to add a client.
image-274.png
  1. Use the information from the Teramind’s integration wizard (Step 2 of 3 screen) to complete the form. You’ll need to fill up the Client Name, Company, Unique Identifier and Redirect URLs fields with the data provided by Teramind’s Step 2 of 3 screen.
  2. Copy the data displayed on the Secret field. Go back to the Zendesk Step 2 of 3 screen on Teramind.
image-275.png
  1. Paste the Secret key you copied from Zendesk on the CLIENT SECRET field.
  2. Click I HAVE CREATED THE CLIENT IN ZENDESK, CONTINUE. A pop-up window will open:
image-276.png
  1. Click the Allow button. Go back to the Teramind integration wizard.
image-277.png
  1. On the Teramind integration wizard (Zendesk: Step 2 of 3 screen), click the NEXT STEP. You will be taken to the Step 3 of 3 screen.
image-278.png
  1. Give your project a name.
  2. Add the task statuses to work on.
  3. Click the MAP USERS ASSIGNMENT button. You will be taken the user mapping screen.
image-279.png
  1. Map the employees and supervisors. Enter the Zendesk’s usernames on the INTEGRABLE USERNAME field and then select the corresponding Teramind username from the TERAMIND USERNAME pull-down menu.
  2. Click the SAVE button when done. You will be taken back to the Step 3 of 3 screen.
image-280.png
  1. Click the LAUNCH INTEGRATION button on the Step 3 of 3 screen to save and launch your integration.

Setting Up a New PM Integration with Jira

image-270__1_.png
  1. Click the Gear image-206__1_.png icon near the top-right corner of the dashboard, select Integrations. Then, click the SETUP NEW INTEGRATION button near the top-right corner of the Integrations screen. A setup wizard will pop-up:
mceclip0__29_.png
  1. Select Project management from the list of product types.
  2. Choose Jira from the list of products.
  3. Click the NEXT STEP button to continue. You will be taken to the Step 2 of 3 screen:
mceclip1__21_.png
  1. Note the instance / URL of your deployment (for example, https://arickteramin2.teramind.co). You will need it in Step 10.
  2. Scroll down a little, note the CONSUMER KEY, CONSUMER NAME and the PUBLIC KEY values. You will need these three values in the Step 17 below. Keep this window open.
mceclip2__11_.png
  1. Log in to you Jira dashboard. Click the Settings icon near the top-right corner.
  2. Select Products from the drop-down menu. You will be taken to a new window:
mceclip3__9_.png
  1. Click the Application links from the left panel.
  2. Enter the instance / URL of your deployment you copied from Step 5 above.
  3. Click the Create new link button. You might see a pop-up window like the one below:
mceclip4__9_.png
  1. Just click the Continue button. You will see another pop-up window, Link applications:
mceclip5__7_.png
  1. Enter an Application Name, for example, Teramind.
  2. Click the Continue button. Jira will process the configurations and after a while, you will see the Applications window and your application on the list:
mceclip6__5_.png
  1. Click the small Pencil icon next to your application. A configure window will pop-up:
mceclip7__5_.png
  1. Click the Incoming Authentication tab on the left panel.
  2. Enter the Consumer Key, Consumer Name and the Public Key values you copied in Step 6 above.
  3. Scroll down and click the Save button to save you configurations. You will see a confirmation that your application is registered:
mceclip8__3_.png
  1. Click the Close button to close the window and return to the Applications page.
mceclip9__3_.png
  1. Copy the domain address / URL of your Jira deployment (for example, https://teramind-test.atlassian.net). You will need it in the next step, on the Teramind Dashboard:
mceclip10__2_.png
  1. Go back to your Teramind Dashboard. Enter the domain address / URL of your Jira deployment you copied in the previous step into the JIRA BASE URL field.
  2. Click the I ADDED APPLICATION LINK TO JIRA, CONTINUE button. A Welcome to JIRA window will pop-up:
mceclip11__2_.png
  1. Click the Allow button to authenticate your application. The window will close and you will be back on the JIRA: Step 2 of 3 screen:
mceclip4.png
  1. Wait a few seconds and then you will see an Auth success message.
  2. Click the NEXT STEP button to continue to JIRA: Step 3 of 3 screen:
mceclip13__3_.png
  1. Select your PROJECTS, ALLOWED TASK STATUSES and TEST STATUSES from the corresponding fields.
  2. Click the USERS ASSIGNMENT button to set up user mappings:
mceclip14__4_.png
  1. You can map EMPLOYEES and TESTERS. Assign INTEGRABLE USERNAME with TERAMIND USERNAME, assign roles etc.
  2. Click the SAVE button when you are done with the user mapping. You will be taken back to the to JIRA: Step 3 of 3 screen:
mceclip15__4_.png
  1. Click the LAUNCH INTEGRATION button to save your integration and return to the External Integration screen where you will see your Jira integration:
mceclip18__2_.png
  1. You should now be able see and import your Jira projects and tasks from the TIME TRACKING > TASKS menu:
mceclip19__2_.png

Editing / Deleting an Integration

image-281.png

From the main Integration screen, under the ACTIONS column:

  1. Click the Settings icon to change the connection settings for a SIEM integration.
  2. Click the Database icon to change the events mapping for a SIEM integration.
  3. Click the Trash Can icon to delete/remove an integration.
  4. Click the Pad Lock icon to edit the app link/authorization settings for a PM integration.
  5. Click the Refresh icon to change the project name, task statuses and user mapping for a PM integration.

Settings

Introduction to the Settings Screen

Settings menu allows you to configure different parts of the Teramind Dashboard, Agent, Security, Active Directory Integration etc. Note that, most of the settings on the Settings screen are applicable to the On-Premise / Private Cloud (AWS, Azure etc.) deployments. Except for: Agent defaults, Alerts, Security and Localization; these are available on all deployment options.

image-220__1_.png
i
Please follow the On-Premise Deployment Guide, AWS Deployment Guide or the Azure Deployment Guide to learn how to deploy and setup Teramind on-premise/private cloud servers.

 

Accessing the Settings Menu

image-221.png
  1. Click the Gear icon near the top-right corner of the Teramind Dashboard.
  2. Click Settings underneath the pop-up menu.

Finding Information About Your Deployment

image-224.png
  1. On the Settings screen, click the About tab.
  2. You will see some details for your Teramind deployment including the hardware key, license key, license entitlements (no of endpoint/terminal servers), solution and license expiration date.

Server Updates and License Key

Updating Your Teramind On-Premise Server

To update your on-premise server, download the latest server image from the Self-Hosted portal at https://www.teramind.co/portal/download. Scroll to Step 2. Download Packages.  Download the Teramind Update file (with a TMU extension) by clicking the download button. Then do the following:

image-226__1_.png
  1. Click the About tab on the Settings screen.
  2. Click the Update Teramind link to expand it.
  3. Click the Select update file button and select the TMU file you downloaded from the Self-Hosted portal.
  4. Click the Update button. Depending on your deployment, Teramind will update the server in few minutes.

Changing the License Key

If for any reasons, you wanted to change the license key (i.e. you upgraded from a trial to a paid account), you can do that from the About tab.

image-227.png
  1. On the Setting screen’s About tab, enter your license key in the LICENSE KEY field located under the About the deployment section and then click the Change button. Once done, the system will display the updated entitlements for your license key.

Active Directory

i

Note that Active Directory authentication is currently supported on Teramind On-Premise and Teramind Private Cloud deployments only. However, Cloud deployments can still use the Group Policy to install Teramind Agent remotely.

Though not mandatory, Teramind can be integrated with Active Directory to import your users, computers, groups, attributes and other important meta-data. Teramind’s integration with Active Directory is read-only. Remember, you can still monitor users that are not in the domain by simply installing an agent on their computer. Active Directory/LDAP integration will provide the following benefits:

  • The ability to report based on OU’s
  • The ability to filter reports with attributes
  • The ability to apply rules to OU’s and/or groups
  • The ability to remote install to computers based on name, or AD group membership
  • The ability to use Teramind only on a specific group
  • The ability to exclude a group from being monitored
  • The ability to log into dashboard via domain authentication
i

Note that Teramind treats Active Directory Organization Units (OUs) as Departments. You can set up special AD Groups and OUs to import and monitor users, PCs or disable monitoring. If you select all groups and OUs, Teramind will monitor all users and PCs present in AD.

Teramind can also import attributes. To import attributes, you will need to configure the Fetch objects (see below for more information). Teramind can also import custom attributes. You can use the attributes to filter the BI Reports.

 

From the Settings screen’s Active Directory tab, you can setup Active Directory synchronization:

Active_Directory.png
  1. Populate the upper set of fields as follows:

LDAP SERVER

Hostname or IP address of your domain controller, e.g. 10.55.55.200.

LDAP PORT

In most cases the default port 389 should work.

ENCRYPTION

You can use tls, ldaps or none. Note that you might need to change the LDAP PORT if you change the encryption method.

LDAP LOGIN

Enter an account, e.g. administrator. A regular domain account is required to sync data from your active directory.

LDAP PASSWORD

Password for the above mentioned account

DOMAIN NAME

Your Active Directory domain name, e.g. qa.local.

USE DOMAIN NAME REMAPPING

If enabled, allows remapping of a domain name in accordance with the rules, e.g. user@qa.com -> user@remapped.com and it is configured in DB (domain_remap_rule table)

LIMIT FETCHING

If enabled, Teramind will show additional options where you can specify OUs and groups.

- HIERARCHY

If enabled, will fetch child OUs and groups only (respect hierarchy)

- FETCH ONLY THESE OUS

Limit fetching by entered OUs (comma separated names). If left empty, Teramind will fetch all OUs.

- FETCH ONLY THESE GROUPS

Limit fetching by entered groups (comma separated names). If left empty, Teramind will fetch all groups.

REPLICATE COMPUTERS’ STATE

ON: replicate AD computer state with Teramind. AD-enabled computers will be imported as auto-monitored. AD-disabled computers will be imported as non-monitored.

OFF: ignore AD computer state (old behavior, default)

  1. Click the NEXT: FETCH ATTRIBUTES button to fetch the attributes.
  2. As soon as fetching is done, you will be able to specify additional options for attributes according to the table below. Note: If something went wrong during the fetch process, error messages will be displayed on the message area near the bottom of the screen (see item 5 below).
i

Please note that msDS-ManagedPassword attribute is not readable from AD and attempting to import it will throw an error message during the import process, Error: Trying to pass ‘msDS-ManagedPassword’ attribute over insecure connection. Please change connection settings or uncheck the attribute. As a workaround, uncheck the msDS-ManagedPassword attribute in the IMPORT ATTRIBUTES field and repeat the import process.

 

UPDATE INTERVAL (DAYS)

Enter how often (in days) to perform active directory syncs. 0 means do not sync.

IMPORT ATTRIBUTES

Attributes can be sync'd to allow more detailed reporting and user grouping. Select the attributes you want to sync into Teramind. Default is all.

IMPORT OBJECTS FROM THESE ORGANIZATIONAL UNITS (OUS)

Import users and computes from the selected organizational units into Teramind. Default is all.

GROUP TO OU ATTRIBUTE

Groups with this attribute set to true are treated as OUs.

MONITOR USERS IN THESE GROUPS

Enable monitoring for users in these groups and disable monitoring for users not in these groups.

DON'T MONITOR USERS IN THESE GROUPS

Disable monitoring for users in these groups.

STOP MONITOR USERS THAT NO LONGER EXIST IN AD

If enabled, Teramind will automatically disable monitoring of all computers that is not in the AD or out of the synced OU.

  1. Click the SAVE SETTINGS button to save the settings. Click the IMPORT button to initiate the import process. You might have to wait for a couple of minutes depending on AD object count and hierarchy. Once the import is done, refresh the page to view the changes. Note: If something went wrong during the import process, error messages will be displayed on the message area near the bottom of the screen (see item 5 below).
  2. The messages area below the screen shows the task progress and any error the system might encounter.
i
After you have set up Active Directory, go to the Settings > Security tab to enable domain authentication for the Teramind Dashboard.

Agent Defaults

This tab allows you to change the default settings for the Teramind Agent.

image-282.png
  1. You can change the currency used. Most of the recognized internationally circulating currencies are supported. The currency you choose will be used to display the wage/salary in the BI > Productivity report, TIME TRACKING > Employee Cost, TIME TRACKING > Task Cost, Payroll Widgets, Employee Profile, etc. - anywhere the currency is used.
  2. You can assign a default task for employees when they start their shift (this is applicable if the employee is using the Hidden Agent). Restart the user machine(s) after changing the default task for it to take affect.
  3. If ENABLE MONITORING FOR NEW AGENT… is turned on and your license allows it, new agent installations will have monitoring enabled by default. If disabled, new agent installations will not be monitored until you activate them from the dashboard.
  4. Enable WEB LOGIN… if you want your users to be able to log into the dashboard to see their own work stats, enable this option.

Alerts

Alerts tab allows you to define how rule violation messages will be displayed to the users. It’s a good idea to customize your alert messages so that they are visually distinctive and match with you company’s branding.

image-283.png
  1. You can use the HTML template by default for all rules.
  2. You can customize the look and feel of your message box by editing the HTML in the CUSTOM USER ALERT HTML field. There are a few dynamic variables such as ALERT, DETAILS you can use in your message. In addition, the alert can have buttons like: OK, CANCEL. You can also include base64-encoded images in your HTML. This is great for displaying icons or logos.
  3. You can preview how the alert will look by clicking the PREVIEW button.
  4. SCREEN LOCATION defines where the alert will be displayed (i.e. Center, Top-Left etc.).
  5. WIDTH changes the width of the alert box.
  6. HEIGHT changes the height of the alert box.
  7. ALERT EMAIL LIMIT defines the threshold where the system will group the alerts into a single email. The system will send this many identical alert emails, and then it will group them together into an email digest. If set to 0, it will send each alert individually.
  8. USER ALERT THRESHOLD applies to rules with a Warn or Block action. The threshold sets the minimum time, in seconds, to wait between alerts that the user sees. If set to 0, users will see all alerts they violate, regardless of the frequency.
  9. LOG ALERT THRESHOLD sets the minimum time, in seconds, to wait between logging alerts to the Teramind system. If set to 0, it will not limit the number of alerts that are logged.
  10. MAXIMUM DAILY ALERTS COUNT limits the total number of alerts which get logged by Teramind on a daily basis per alert type.
  11. You can build rules in Teramind to set a user’s task based on their activity. RULE TASK SELECTION ACTION TIMEOUT (SECONDS) defines the time out when switching tasks. If the user switches activity and remains in the new activity for the defined seconds, the rule will be re-evaluated.

Login Screen

You can customize the appearance of the dashboard login screen to match with your company’s branding or user preference.

image-284.png
  1. Use a LOGO IMAGE for uploading a logo image. Suggested resolution is 190×54 pixels.
  2. Use a BACKGROUND IMAGE for uploading background image. Suggested resolution is 1400×933 pixels.
  3. You can also change the LOGIN BUTTON COLOR by specifying a color in HTML/Hex format.

Security

Host

It’s best practice to give your Teramind server a DNS entry. This way you can click on links in the email alerts, use your own SSL certificates, and enjoy other benefits as well.

mceclip5.png
  1. Enter a hostname such as dashboard.teramind.co.

SSL

Teramind strongly recommends proper configuration of SSL in order to avoid browser warnings and restrictions. Some browsers will not allow websockets communications if the certificates are invalid. This may prevent you from watching live screens or record them.

For convenience, Teramind comes pre-shipped with an SSL certificate that’s valid for the hostname onsite.teramind.io.

i
To learn how to generate your own self-signed certificates, check out this article.

If you wish to proceed without implementing your own certificates, you should add a line to your local hosts file and then access Teramind by browsing to https://onsite.teramind.io. You can do this by editing C:\Windows\System32\Drivers\Etc\hosts as Administrator and appending the following line to the file:

xxx.xxx.xxx.xxx onsite.teramind.io

Where xxx.xxx.xxx.xxx is the IP you assigned to your Teramind Virtual Machine.

In the long run, you should deploy your organization’s SSL certificates within Teramind, and add a DNS entry in your corporate name server for your Teramind implementation.

i
Note that all certificates should be in the PEM format.
image-286.png

Here’s how you should setup the SSL:

  1. Upload your server’s Private Key (usually a .key file), Public Key (usually a .crt file), Intermedia Key (a concatenated list of CA certificates that validates your server certificate) and the Root CA Key.
  2. Click the VALIDATE KEYS button. After you’re done, please access Teramind via the new hostname. You’ll be asked to log-in again.

Dashboard Authentication

Teramind processes large volumes of confidential and private data, so it’s a best practice to lock down access to the dashboard as much as possible.

mceclip0.png
  1. If you enable the FORCE USERS TO LOG IN USING 2-FACTOR AUTHENTICATION option, next time administrators log in they will be forced to enable 2-FA before being given access to their dashboard. Teramind supports 2-FA apps like Google Authenticator or Authy. Check out this article to learn how to set up 2-FA for a user.
  2. Enabling the BASIC USER/PASSWORD AUTHENTICATION option will allow you to authenticate to the dashboard using the user-password credentials you created in Teramind. Check out this article to learn how to create/change password for a user.
  3. If you have successfully set up Active Directory integration, you may want to use your domain credentials to login. In such a case, you can turn on the LDAP AUTHENTICATION option. Check out the Active Directory section to learn more about AD setup.
  4. If you enable the SINGLE-SIGN-ON AUTHENTICATION option, it will reveal the Single Sign On Authentication section. Please see below for details on this section.
  5. The ALLOWED IP TO LOGIN option lets you specify which IP addresses are allowed to login to the dashboard. If you use this option, only the users with allowed IPs will be given access to the dashboard.

Single Sign On Authentication

SINGLE-SIGN-ON AUTHENTICATION option allows you to authenticate to the dashboard using a Single Sign On (SSO) service such as Okta, One Login etc. via SAML2 protocol. Newly generated users will still need to set password in order to make further changes to account or login using Teramind revealed agent.

sso_authhetication.png

Enabling the SSO option will reveal several options which you can use to configure the SSO integration. You will also see an AUTO REGISTER NEW AGENT option. If enabled, this will let you specify default options for newly registered users/agents on SSO.

Check out this article for details on these options and step by step instructions on setting up a SSO integration.

Dashboard Sessions

With these settings, you can control exactly how you want to mange your dashboard sessions such as cookie lifetime, session storage type and idle timeout.

mceclip0.png

You can now control exactly how you want to mange your dashboard sessions including:

  1. COOKIE LIFETIME defines how long an authorization cookie will be valid (in minutes). An authorization cookie is a temporary secret used to authenticate the browser. It will be automatically updated in the background while the user is active. The update process takes a few seconds before it is going to expire. If the user closes the browser before the secret was updated, the session will be closed, and the user will need to authorize again.
  2. STORAGE TYPE defines whether it will be Persistent storage or Session storage. A Persistent cookie is kept for the duration/lifetime of the Cookie lifetime. A Session cookie gets flushed when you close your browser (different per browser settings) or until Cookie lifetime expire.
  3. IDLE TIMEOUT defines how long a session will remain active when the user is idle (in minutes). If the user is not active for the number of minutes defined, a pop-up window will ask the user if they want to resume the session:
mceclip1.png

If there is no response, the session will be closed automatically, even if the COOKIE LIFETIME is still valid.

Agent Removal Protection

You can optionally install the Teramind Hidden Agent in protected mode to make it more difficult for unauthorized users and administrators to remove it. If you do this, you should set the uninstall password so that you can remove the agent when you wish.

image-289.png
  1. Enter a password to protect the Agent uninstallation.

Outgoing Exported Data

By default, Teramind allows you to export reports and video recordings to any email address. But you can change the settings to restrict export to certain domain only.

image-290.png
  1. Enter a domain address to restrict export emails to that domain only.
i
Note that this option does not affect scheduled reports (see Schedule export option under the Exporting a BI Report section to learn more about scheduled reports). You can still send scheduled reports to email recipients who are not on the Teramind Dashboard (i.e. they are not on the List of employees screen). To prevent access to such exported reports, enable the ONLY AUTHORIZED USERS CAN DOWNLOAD EXPORTED FILES option under the Access to exported data section.

Access to Exported Data

mceclip6.png

  1. Click the Yes/No toggle button for the ONLY AUTHORIZED USERS CAN DOWNLOAD EXPORTED FILES option to enable/disable it.

If you enable this feature and then use the BI Reports > Export > Schedule Export option to add an email recipient who is not on the Teramind Dashboard, the email recipient will still get the automated email, but the report download link in the email will not work:

mceclip7.png

This option would enable you to better control the privacy and security of your data. For example, if a recipient of the automated report accidentally or intentionally forwards the email to someone else, the other person will not be able to access this report unless they are authorized.

i
This option applies to scheduled export reports only. It does not apply to the reports available on the SYSTEMS > Video export and SYSTEM > Report export screens. It also does not affect the Session Player’s Video Download/Export option.

Server Management

Node Configuration

Teramind can be deployed as a cluster of servers to handle a large number of users. If you can see this setting on your dashboard, then it means you are on a Master node. Additional nodes (such as the OCR database and screen mining nodes) may connect and want to join this cluster. Here you can configure which nodes you want to accept into the cluster, and what their function should be.

image-291.png
  1. You can enable/disable multi-node deployments with the ENABLE MULTI-NODE DEPLOYMENT toggle button. It’s necessary to keep it turned on if you have more than one Teramind servers.
  2. Turn SSH access on or off with the ENABLE SSH ACCESS toggle button. SSH is needed for remote login and configuration of Teramind servers, especially, during the deployment phase.
  3. Managers and administrators will be able to access the Teramind dashboard on the MANAGEMENT INTERFACE PORT. Make sure the port is available before using it*.
  4. Teramind Agent will query this LOAD BALANCER PORT instead of the default 443 when looking for a Teramind server to connect to. If you change it something other than 443, you will need to use the TMROUTER parameter when installing the Teramind Agent. For example:*
 c:\msiexec /i teramind_agent_x64_s.msi TMROUTER=101.12.1.2:xxx /qn

Where xxxis the load balancer port.

i
* Reserved Ports:
The following ports are reserved and cannot be used for the Management Interface or Load Balancing: 22, 111, 5432, 4730, 8000, 8001, 8002, 9000, 6379, 10000, 10001.

Approving / Removing OCR Nodes

If you have setup an OCR database node or an OCR mining node, you will see the nodes displayed under the Nodes section on the Server Management tab. Please consult the relevant deployment guide to learn how to setup the OCR nodes. You can find the deployment guides on the Knowledge Base’s home screen.

image-292.png
  1. Click the REMOVE button to cancel approval (un-approve) for a previously approved node.
  2. Click the FORGET button to completely delete a node. For example, if you deleted a Virtual Machine used by an OCR node, you can delete the node from here.
  3. Click the APPROVE button to approve any pending node connection requests.

OCR Ports for On-Premise Deployments:
Please make sure the following ports are enabled and open among all nodes (master, OCR database, OCR mining):443, 5432, 9200 and 42001.

SMTP

Teramind uses the SMTP email standard to send notifications, deliver scheduled reports and other communications purposes. You can specify your SMTP server configuration here so that Teramind can access it properly.

image-293.png
  1. Provide details for the server, encryption, port, username, email and password. Consult your email server’s settings for the SMTP configuration or contact your email provider.
  2. Click the SAVE button.
  3. Test your settings by having Teramind attempt to send you an email using the configuration you specified.

Storage

The Storage tab shows the usage statistics of various internal volumes and lets you configure thresholds and alerts when they reach certain levels.

mceclip8.png
  1. The first three sets of data show the size and usage statistics for the three types of storage volumes used by Teramind:
    • The PRIMARY VOLUME USAGE indicates the size and usage of the main system volume. This volume typically contains the Teramind database.
    • The RECORDING VOLUME USAGE shows the status of the screen recording volume. You can always adjust the volume usage by tweaking your screen recording settings and retention policies. Check out the How to reduce storage requirements? article to learn more.
    • The TOTAL NODES USAGE shows information about the OCR/TeraServer nodes.
  1. The second three sets of fields allow you to configure threshold for the recording volume:
    • The MIN SPACE THRESHOLD tells Teramind to stop recording when it reaches this minimum space threshold. You can specify a value in MB or % (see THRESHOLD UNIT below). Please note that Teramind will automatically disable recordings at 500MB.
    • The EMAIL MIN SPACE THRESHOLD determines at what point an email alert will be sent. This value must be equal to or greater than minimum space threshold. You can specify a value in MB or % (see THRESHOLD UNIT below). A value of 0 will disable the email alert.
    • The THRESHOLD UNIT lets you specify what unit is used for the above two thresholds. You can select MB or %.
  2. The NOTIFICATION EMAILS field lets you specify who will receive the notification email for the EMAIL MIN SPACE THRESHOLD alert. You can disable the notifications temporarily by clicking the FOR NEXT 12 HOURS You can turn off email notifications completely by leaving the NOTIFICATION EMAILS field empty or by specifying a value of ‘0’ in the EMAIL MIN SPACE THRESHOLD field.

OCR

The OCR tab shows the usage statistics of the OCR session mining node and lets you configure thresholds and alerts when its usage reaches certain level.

mceclip9.png
  1. The first two data sets show the OCR processing status. LATEST MINED PIECE OF DATA IS FOR shows the date and time when the OCR engine last processed a screen image, and the OCR DELAY shows the time it took for the OCR engine to analyze the last screenshot and detect text inside that image.
  2. The second three sets of fields allow you to configure threshold and email alerts for the recording volume. With the MINING DELAY THRESHOLD, HOURS you can set up a threshold (in hours) and specify email address(es) in the NOTIFICATION EMAILS field. If the mining delay crosses the defined threshold, the recipients in the emails will get a notification like the below example:
mceclip10.png

You can disable the notifications temporarily by clicking the FOR NEXT 12 HOURS button. You can turn off email notifications completely by leaving the NOTIFICATION EMAILS field empty or by specifying a value of ‘0’ in the MINING DELAY THRESHOLD, HOURS field.

System Health

System Health tab gives you a quick snapshot of the current status of the server load, session mining (OCR process) status and the BI status.

sys_health2.png
  1. The System load section shows the TOTAL NUMBER OF CORES the CPU has, 5-MINUTE LOAD AVERAGE (%), MEMORY USAGE, STORAGE and SERVER TIME. Clicking the Click to see more link will take you to the Storage tab where you can view more information about the storage usage and set up threshold alerts.
  2. The Session mining stats shows the OCR processing status. LATEST MINED PIECE OF DATA IS FOR shows the date and time when the OCR engine last processed a screen image, and the OCR DELAY shows the time it took for the OCR engine to analyze the last screenshot and detect text inside that image. Clicking the Click to see more link will take you to the OCR tab where you can view more information about the OCR usage and set up threshold alerts.
  3. The BI Status shows three pieces of information:
    • The first field shows the current CLASSIFICATION VERSION used by the BI engine. Check out this article to learn how to update your BI Classifications.
    • The second field shows if the CATEGORIZATION of apps/websites is enabled. When enabled, Teramind will use the inCompass® NetSTAR, a comprehensive web categorization and filtering technology to automatically classify websites and their reputations. The update package contains these classification definitions.
    • The data displayed on the BI reports is not real-time. It can take up to 4 hours for it to refresh. The third field under BI Status shows the LAST SYNC TIME when BI the engine processed the reports.
  4. Click the Refresh mceclip11.png button to refresh the screen.

Localization

Localization tab allows you to change the time and language settings.

image-295.png
  1. You can change the TIMEZONE you want to use.
  2. Use the NTP SERVER to specify a time server. Teramind will automatically sync the clock with the server. You can select a generic server like clock.isc.org if your deployment has internet connectivity. Note that, for the best result make sure all your monitored endpoints and the Teramind server are on the same NTP. Otherwise, you may see discrepancy between the time an activity happened vs. the time it’s recorded in Teramind. Note that, this option is not available on Cloud deployments.
  3. You can change the DEFAULT LANGUAGE used by the system. Teramind supports English, Spanish, Japanese, Portuguese, Russian and Turkish. Note that, you can change the language for an employee/user from their Profile page.

User Menu

image-296__2_.png

  1. Click the Username near the top-right corner of the Teramind Dashboard.
  2. A pop-up menu will be displayed from where you will be able to change your profile, download the Teramind Agent, create access tokens for the API, and log out from the dashboard.

My Profile

A logged in user can change their profile information (if they are authorized to do so by an admin) by clicking the User Menu > My profile. A pop-up window will open where you will be able to edit your personal information, account information, authentication, etc.:

mceclip0__31_.png

Note that if you are an admin user, you will see additional options such as monitoring options, resend the invitation (to as user asking them to install the agent), etc.

i
Check out the Entering / Editing Employee Profiles section to learn how to edit your profile.

Download Teramind Agent

Click the User Menu > Download Teramind Agent. You will be taken to the agent download screen:

mceclip1__22_.png

Note that the download screen might be slightly different based on your account type/privilege, deployment type (e.g. on-premise vs. cloud), if it's the first time you are using the dashboard etc.

i
Check out this article, How to download and install the Teramind Agent for more information.

Access Tokens

Access Tokens menu allows you to create access tokens for use with the Teramind API. You can see the
current access tokens, create/delete tokens. If you are admin, you can also manage tokens created by other users. To access the Access tokens screen:

mceclip3__10_.png

  1. Click the Username near the top-right corner of the Teramind Dashboard. A pop-up menu will be displayed.
  2. From the pop-up menu, select Access token.

mceclip1__23_.png

  1. To create an access token, click the ADD ACCESS TOKEN button. A pop-up window will show up:

mceclip2__12_.png

  1. Enter a name for your token and click the DONE button.
  2. You can delete a token by clicking the X icon.
  3. If you are an admin, click the ALL TOKENS tab to view tokens created by other users:

mceclip4__10_.png

  1. You can filter the list of access tokens by account type (e.g., administrator, employee etc.) using the first filter menu or select individual users from the second pull-down menu.
  2. Clicking the Stats mceclip5__8_.png icon on the ALL TOKENS tab will take you to the System > System Log screen and apply the selected token as a filter to display the log.
  3. Note that, access token created in an earlier version of the dashboard will be displayed as ‘Unnamed’.
i

Teramind has a powerful set of APIs you can use to programmatically control virtually all aspect of the platform including controlling the interface, managing rules, configuring users, installing or removing Agents etc. You can download the Teramind API documentation from here: How to use the Teramind API?

Logout

Click the User Menu > Logout to log out of the Teramind dashboard.

Notifications

Notifications shows the status of recent notifications such as login failures, monitoring issues etc. To view the notifications:

image-314.png
  1. Click the Exclamation icon near the top-right corner of the Dashboard to access the Notifications menu.
image-223.png
  1. On the Notifications screen, you will be able to see all the notifications, such as: if an employee is deleted, if monitoring disabled on PC etc.
i
Check out the Employee showing offline / computer not reporting / missing users / missing computers article to learn how to resolve the most common issues detected on the Notifications screen.

Search

You can search for an employee or computer from anywhere on the Dashboard using the Global Search feature.

image-315.png
  1. Click the Global Search button on the top of the Dashboard.
  2. Start typing. Teramind will show any matching employees/computers as you type.
  3. Pick an employee/computer from the suggested list to view the report for the selected employee/computer. Or, press the ENTER / RETURN key to view search results (in a separate window).
i
You can search for missing users/computers from the System > Missing Users / Computers menu.

Help & Support

Tooltips and Hints

Tooltips usually describing the action of an icon or a button. Hover over an element a second or so, to view the tooltips for that element.

Additionally, you can see context sensitive hints for some elements. Whenever you see the Help image-318.png icon, hover over it to see a hint about the relevant item or action.

Page Explanation

When you visit certain pages (such as the BI Reports), you will notice that an extra button titled, ‘EXPLAIN THIS PAGE’ is displayed at the top-right corner of the dashboard:

image-319.png
  1. Click the EXPLAIN THIS PAGE button. Teramind will display an overview for the page:
image-323.png
  1. Click the NEXT button.
image-321.png
  1. Teramind will explain you, step by step, important parts of the current page highlighting each section in turn. You can click the BACK and NEXT button to browse through the explanations.

Guided Tour

Contacting Support

Technical Support

  • Email: support@teramind.co
  • Chat (from the dashboard or Teramind website): click the Help button.
  • Create a support ticket (Cloud customer only): Click  My Account > SUPPORT

Billing

Sales

Was this article helpful?
0 out of 0 found this helpful
Powered by Zendesk