Skip to main content

Changing the Monitoring Settings

  • Updated

Help Topics
  1. Introduction to the Monitoring Settings
  2. Accessing the Monitoring Settings Menu
  3. Creating a New Monitoring Profile
  4. Editing / Copying / Deleting a Monitoring Profile
  5. Editing the Settings for Monitored Systems
    1. Common Settings
    2. Editing Screen Settings
    3. Editing Audio Settings
    4. Editing Applications Settings
    5. Editing Websites Settings
    6. Editing Emails Settings
    7. Editing File Transfers Settings
    8. Editing Printed Doc / Printer Settings
    9. Editing Keystrokes / Key Logging Settings
    10. Editing Instant Messaging / IM Settings
    11. Editing Social Media Settings
    12. Editing Network Settings
    13. Editing Offline Recording Settings
    14. Editing OS States Settings
    15. Editing Online Meetings Settings

 

Introduction to the Monitoring Settings

The Monitoring Settings screen lets you create/edit monitoring profiles for users, groups and departments and precisely control how much information will be collected for each monitored system (such as Websites, Apps, Emails). You can track as much or as little as you want based on your organization’s needs and alleviate any privacy concerns.

image-233__1_.png

Some use cases of using Monitoring Settings are:

  • Create Monitoring Profiles to enable social media monitoring for the marketing department but disable it for other departments.
  • Configure the Websites so that it automatically suspends monitoring and keystrokes logging when users visit their bank’s portal or opens their personal emails.
  • Setup Applications monitoring in such a way that it only records activity within business applications such as QuickBooks or SAP and not record screen or keystrokes when the user is in Facebook.​
  • Setup a scheduled based monitoring, set up recording rule violations only, auto-delete old recordings etc. to minimize data storage requirements and comply with regulations like GDPR.
i
 Teramind comes with a Default settings profile. This profile is used by default for all users and cannot be deleted.

Accessing the Monitoring Settings Menu

image-234__1_.png
  1. Click the Gear icon near the top-right corner of the Teramind Dashboard.
  2. Click Monitoring settings underneath the pop-up menu.

Creating a New Monitoring Profile

image-235.png
  1. Click the NEW PROFILE button near the top-right corner of the main Monitoring Settings screen. A pop-up window will be displayed.
image-236.png
  1. Give the profile a name.
  2. Optionally, give it a description.
  3. Click APPLY CHANGES. You will be taken to a different screen with a list of all monitored systems.
image-8.png

Note that, Teramind comes with some default settings for each of the monitored systems. You can change them according to your needs.

  1. Click the EDIT OBJECTS TO TRACK button at the top-right corner to add users to the profile or remove them.
  2. Click the EDIT PROFILE INFO button at the top-right corner to edit the profile name and description.
  3. Click the YE/NO slider button in front of a monitored system to turn monitoring on or off for it.
  4. Click the small Gear icon at the right side of an object to edit its settings. See the Editing the Settings for Monitored Systems section below to continue setting up individual monitoring objects).
  5. Click the ADVANCED button to change advanced settings (only recommended if you are troubleshooting an issue):
    • FILE DRIVER: if disabled, File Transfer report, Content Sharing Rules, Files-Based Activity etc. will not work.
    • NETWORK DRIVER: if disabled, Network report, IM report, Network-Based Rules, File Upload rules will not work. ‘Quick web proxy’ certificate will not be injected.
    • DON'T TRACK DLP FOR PROCESSES: allows you to exclude certain process(es) from the DLP scanning/DLP rules. For example, svchost.exe, System Idle Process etc. Note that, this is different than disabling monitoring for an application using the SUSPEND MONITORING WHEN THESE APPLICATIONS ARE USED option on the Applications Monitoring Settings. That option disables all monitoring for a process (activity will not be captured and app will be blacked out on the session recording). On the other hand, DON'T TRACK DLP... will only disables DLP scanning for a process.

Editing / Copying / Deleting a Monitoring Profile

image-3.png
  1. You can locate which profile an employee belongs to by using the Search box at the top-left corner of the main Monitoring Settings screen.
  2. You can click the OPTIONS icons to turn the monitoring on/off for them.
  3. Click the small Users icon at the top-right corner to add/remove users.
  4. Click the Copy icon to create a duplicate copy of the profile.
  5. Click the small Gear icon at the right site of a profile to edit it. Follow Steps 5-6 in the Creating a New Monitoring Profile section above to learn how to edit the profile.
  6. Click the small X icon to delete the profile.

Editing the Settings for Monitored Systems

Common Settings

Each Monitored System has a simple scheduler under the TRACKING DAYS AND TIME section at the bottom of its settings panel. Using this scheduler, you can quickly specify when the tracking and recording of the Monitored System will take place.

image-241.png
  1. Click on a day to enable/disable it.
  2. Drag the two small Circles to adjust the time.
  3. Click the Reverse icon to reverse the time.
  4. Click APPLY CHANGES to save the settings.

Editing Screen Settings

screen_settings.png

The OCR LANGUAGES allows you to specify which language will be used for the OCR (Optical Character Recognition). Default is English. Teramind also supports Hebrew, Russian, Dutch, Spanish and Turkish for the OCR.

ALLOW REMOTE CONTROL option determines if Remote Control will be available on the Session Player’s Live Mode Controls.

If the user is using a Hidden Agent, ASYNC SCREEN UPLOAD will force Teramind to use a queue for screen recordings instead of uploading them in real-time. It’s suitable for a slower network or a busy OCR server. However, you might experience some delay between the user activity and the recording appearing on the dashboard when ASYNC is enabled.

RECORD LOCKED SESSIONS option allows you to continue recording even when the user locked their computer.

By enabling RECORD ONLY WHEN BEHAVIOR RULE WAS VIOLATED, you can reduce the storage needed for the screen recordings or alleviate privacy concern.

You can also control how many FRAMES PER SECOND is captured; if Teramind should UPDATE SCREEN ON EVENTS ONLY (i.e. something happening on the screen).

You should only enable the USE MODERN SCREEN GRABBING option on Windows 8 or above. If you are experiencing issues with screen captures, try toggling this option.

The GRAYSCALE / COLOR and LIVE SCREEN SCALING controls the quality and size of the recording.

On-Premise customers can specify when the recordings will be automatically deleted under the DELETE HISTORY AFTER. This will further reduce your storage requirements and help you comply with data retention policies.

Finally, you can specify the MESSAGE DURING REMOTE CONTROL / MESSAGE DURING INPUT FREEZE when using those features in the Session Player’s Live Mode Controls.

i
  • Some of the settings (for example, DELETE HISTORY) are only available on the On-Premise version.
  • ASYNC SCREEN UPLOAD only works with the Hidden Agent. Ignore this setting if the user is using a Revealed Agent.

Editing Audio Settings

image.png

AUTOMATIC LEVEL ADJUSTMENT will automatically adjust the sound levels for higher/lower tones.

If the user is using a Hidden Agent, ASYNC AUDIO UPLOAD will force Teramind to use a queue for audio recordings instead of uploading them in real-time. It’s suitable for a slower network or a busy server. However, you might experience some delay between the user activity and the recording appearing on the dashboard when ASYNC is enabled.

You can adjust the BITRATE to increase/decrease audio quality. Lower bitrate will require less CPU processing and storage. You can toggle the MONITOR ALL INPUT DEVICES / OUTPUT DEVICES options to enable/disable recording for all microphones, speakers and line-in/out.

i
 ASYNC AUDIO UPLOAD only works with the Hidden Agent. Ignore this setting if the user is using a Revealed Agent.

Editing Applications Settings

mceclip3.png

You can turn monitoring on/off for the  WINDOW TITLES. This gives you the ability to not track the title for apps which includes document name in their title. If you do not want Teramind to capture the document name, turning this option off can be helpful.

You can also turn monitoring on/off for CONSOLE COMMANDS (commands executed on the Windows Command Prompt or Terminal).

You can configure Applications settings to MONITOR only select applications; SUSPEND monitoring or SUSPEND KEYSTROKE monitoring when certain applications are used.

You can conditionally suspend monitoring/keystrokes logging using the two …WITH CONDITION options. For example, you can suspend monitoring Firefox while it’s used from an IP approved by an access control list. Same way, you can suspend keystrokes logging of the Windows Installer when it’s launched from an IP range. For the CONDITION, you can select from a list of Any, a single IP, an IP range, list (Network Shared Lists), and cldr (Classless Inter-Domain Routing). Finally, you can define the IDLE TIME (used in the Productivity Reports, Agent Schedule-based rules and other places by Teramind).

Editing Websites Settings

image-249.png

MONITOR ONLY THESE WEBSITES field allows you to define websites or a list of websites, for which you want to record the screen and keystrokes. If you use this field, all other websites will be blacked-out in the screen recordings.

DON’T MONITOR WEB TRAFFIC FOR THESE WEBSITES defines the websites for which you want to suspend recording. Screen and keystroke recording for all other sites will be enabled. Please see notes below.

SUSPEND MONITORING WHEN THESE WEBSITES ARE VISITED setting allows you to record the screen and keystrokes but suspend content parsing. For example, record the activity when the user is in Gmail, but don’t capture the actual email content or any attachments.

SUSPEND MONITORING WHEN WEBSITE CONTAINS CONTENT – If the HTML of a URL contains a string listed here, that website will not be monitored, keystrokes will not be recorded, and the screen will be blacked out. A common use for this option is to determine intranet or proxy-generated websites.

The next three settings are the same as above, the only difference is, you use IP addresses instead of URLs. Please see notes below.

You can also SUSPEND KEYSTROKE … setting to suspend just the keystroke recording for the specified websites.

You can suspend monitoring for all PRIVATE BROWSING (incognito) sessions.

Use the ALLOW CONNECTION TO HOSTS WITH INVALID CERTIFICATES will allow all hosts to work with invalid certificates. This is a not a recommended thing to do as it may help disguise invalid certificate and allow phishing attacks. As an alternative, you can also use a Match Regular Expression condition regexp/.*/ on any rules that require an URL/website address such as below:

photo_2020-10-14_13-22-08.jpg

You can turn off the MONITOR KEYSTROKES FOR PASSWORD FIELDS option to suspend capturing of keystrokes in password fields. For example, a login page containing a HTML input field such as <input type= "password".

You can use the WSS PORT to specify web traffic redirection.

 

DON’T MONITOR WEBSITES / IPS

Use the DON’T MONITOR WEB TRAFFIC FOR THESE IPS / WEBSITES fields if you want to prevent the Teramind Agent from injecting the Quick Proxy SSL cert. Use them if it looks like the agent’s cert if causing an issue with a website.

The difference between these two fields are:

  • WEBSITES: if we include host name here, then Teramind will not intercept traffic from these sites. But in case of HTTPS we still inject HTTPS certificate and recode encrypted data. This may lead to network issues.
  • IPS: this may contain IPs, IP with mask, or domain name of the site (excluding http:// or https:// prefix). For domains, it works by requesting list of IPs that corresponds to this domain. Please be careful that, when using this field, you may accidentally turn off monitoring for other sites, as there may be several sites with the same IP. If the IP is in this list, then Teramind will not recode encrypted data, and there will be no influence on the HTTPS traffic. 
What sites to include in “DON’T MONITOR WEB TRAFFIC…”?

 Site that resides on some domain name sometimes uses resources from other domains. To exclude all sources for the problem, you need to exclude all used resources. You can get a list of the domain names by turning off the Teramind Agent, run Chrome, Open “Developer Tools”, select “Network” tab, set “Disable cache” = true, “Preserve log” = true, right click on the header of the table with the network requests, select “Domain”, then reproduce situation that leads to an issue, and capture all domain names (from the Domain column) that were involved in the loading process.

 

Dynamic Blackout

dynamic-blackout.png

When you use any of the SUSPEND MONITORING… settings for any application or website, Teramind will automatically blackout the relevant application window in the video recording or during the live view mode of the session player (check out the Live View and History Playback with the Session Player article to learn more about session recording and live view).

The blackout feature works on both single monitor and multi-monitor setups.

 

Editing Emails Settings

mceclip0.png

You can use the settings to CAPTURE INCOMING / OUTGOING emails, CAPTURE EMAIL CONTENT and SAVE OUTGOING / INCOMING ATTACHMENTS etc.

You can use regular expressions to ignore any attachments you do not want captured using the IGNORE ATTACHMENT... option. For example, ignore all music and video files.

You can specify which email systems will be captured using the CAPTURE EMAIL THROUGH option. Teramind supports the most popular email clients such as Outlook, Gmail, Yahoo etc. - both desktop and web versions.

Finally, you can set a cut-off time for email captures with the IGNORE EVENTS OLDER THAN (DAYS) option. This option sets a time limit for how far back the Agent will capture emails.  It is sometimes useful for clients like Outlook which may scan older emails if emails are moved or archival policies are run. In such systems, by default, the Agent will capture any emails being accessed. This setting can help prevent unexpected rule violations and false alerts by telling the Agent to ignore scanning older emails.

Editing File Transfers Settings

image-253.png

Files Transfers settings panel has two tabs. On the BASIC SETTINGS tab, you can specify WHAT TO TRACK such as: LOCAL FILES, NETWORK FILES, LOCAL DOCUMENTS, NETWORK DOCUMENTS, EXTERNAL DOCUMENTS, CD/DVD BURNING, EXTERNAL DRIVES (i.e. USB / pen drives) etc.

You can select which file types to track under the FILE TYPES TO TRACK section. For example, TXT, DOC, XLS, PPT etc. You can also manually enter your own extensions in the FILE EXTENSIONS LIST TO TRACK.

You can specify which applications should be monitored for upload/download activities in the TRACK DOWNLOADS AND UPLOADS FROM THESE APPLICATIONS field. Finally, if you don’t want any locations (i.e. folders) to track, you can specify them in the DO NOT MONITOR THESE LOCATIONS field.

image-254.png

On the ADDITIONAL SETTINGS tab, you can specify which file operations to track such as COPY (see notes below), RENAME, UPLOAD, DOWNLOAD, DELETE etc.

i

Note that Teramind cannot track the copy operation for a file from one network server to the same network server (e.g. source and destination is the same). For example, copying of a file from \\103.247.55.101\source_folder to \\103.247.55.101\destination_folder cannot be tracked. Copy to and from same local drives is detected as usual.

Also copying of an empty file cannot be tracked since it will be impossible for the system to distinguish between the file create and copy operations due to the zero size of the file.

Editing Printed Doc / Printer Settings

mceclip1.png

If you use a printer that requires login permission, use the PRINTER TRACKING ACCOUNT USER and the TRACKING ACCOUNT PASSWORD to specify the credentials. Otherwise, Teramind will not be able to monitor it.

You can turn CAPTURE ACTUAL DOCUMENT on/off and specify MAXIMUM CAPTURE DOCUMENET SIZE (no. of pages) too.

With the MONITORING_SETTINGS_EXCLUDED… option , you can add regular expressions to exclude any printers matching the name.

 

i
 You can automatically clean the print spooler for a print server from the Computer’s details > Computer settings screen.

Editing Keystrokes / Key Logging Settings

image-256.png

You can turn CLIPBOARD tracking on/off from the Keystrokes settings panel.

Editing Instant Messaging / IM Settings

image-257.png

You can specify which messaging APPLICATIONS to track. Teramind supports the popular IMs such as Facebook, Skype, Slack etc. You can TRACK INCOMING MESSAGES only or TRACK OUTGOING MESSAGES only or both.

Editing Social Media Settings

image-258.png

You can specify which messaging APPLICATIONS to track. Teramind supports the popular social media platforms such as Facebook, Twitter, LinkedIn etc. You can track NEW COMMENT, EDIT COMMENT, NEW POST, EDIT POST activities in those applications.

Editing Network Settings

image-260.png

You can turn SSL on to monitor secure connections (i.e. HTTPS).

TRACK NETWORK CONNECTIONS option allows you turn network monitoring on/off.

DON’T DISABLE TEREDO prevents Teramind from disabling Teredo. It’s used for secure communication over IPv6. If you encounter any problem with IP tracking, try toggling this setting.

The next four TRACK… options let you specify which IPs and ports will be tracked or not. TRACK PROCESSES field allows you to specify which network processes to track. You can use names (i.e. svchost.exe), regular expressions, Network Shared Lists etc.

 

i
 If you disable SSL on the Network settings, you might lose the ability to track: web-based emails such a GMail,  file uploads/downloads to/from the web, instant messaging and social media. 

Editing Offline Recording Settings

image-259.png

The offline recording buffer specifies how long the Teramind Agent will continue to record user actions while the user is disconnected from the internet or Teramind server. By default, the buffer is set to 24 hours, but you can increase or decrease the time as needed.

Editing OS States Settings

mceclip0.png

These settings will enable event notifications for operating system states such as Lock, Sleep and Screen Saver to any SIEM integration (syslog event) you might have. These settings do not affect the monitoring of these event.

Editing Online Meetings Settings

mceclip1.png

With these settings you can specify which online meeting apps to track. Teramind supports monitoring of AirCall, Microsoft Teams, RingCentral, Zoom, 8x8.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk