Introduction to the Monitoring Settings
The Monitoring Settings screen lets you create/edit monitoring profiles for users, groups and departments and precisely control how much information will be collected for each monitored system (such as Websites, Apps, Emails). You can track as much or as little as you want based on your organization’s needs and alleviate any privacy concerns.
Some use cases of using Monitoring Settings are:
- Create Monitoring Profiles to enable social media monitoring for the marketing department but disable it for other departments.
- Configure the Websites so that it automatically suspends monitoring and keystrokes logging when users visit their bank’s portal or opens their personal emails.
- Setup Applications monitoring in such a way that it only records activity within business applications such as QuickBooks or SAP and not record screen or keystrokes when the user is in Facebook.
- Setup a scheduled based monitoring, set up recording rule violations only, auto-delete old recordings etc. to minimize data storage requirements and comply with regulations like GDPR.
|Teramind comes with a Default settings profile. This profile is used by default for all users and cannot be deleted.|
Accessing the Monitoring Settings Menu
- Click the Gear icon near the top-right corner of the Teramind Dashboard.
- Click Monitoring settings underneath the pop-up menu.
Creating a New Monitoring Profile
- Click the NEW PROFILE button near the top-right corner of the main Monitoring Settings screen. A pop-up window will be displayed.
- Give the profile a name.
- Optionally, give it a description.
- Click APPLY CHANGES. You will be taken to a different screen with a list of all monitored systems.
Note that, Teramind comes with some default settings for each of the monitored systems. You can change them according to your needs.
- Click the EDIT OBJECTS TO TRACK button at the top-right corner to add users to the profile or remove them.
- Click the EDIT PROFILE INFO button at the top-right corner to edit the profile name and description.
- Click the YE/NO slider button in front of a monitored system to turn monitoring on or off for it.
- Click the small Gear icon at the right side of an object to edit its settings. See the Editing the Settings for Monitored Systems section below to continue setting up individual monitoring objects).
- Click the ADVANCED button to change advanced settings (only recommended if you are troubleshooting an issue):
- FILE DRIVER: if disabled, File Transfer report, Content Sharing Rules, Files-Based Activity etc. will not work.
- NETWORK DRIVER: if disabled, Network report, IM report, Network-Based Rules, File Upload rules will not work. ‘Quick web proxy’ certificate will not be injected.
- DON'T TRACK DLP FOR PROCESSES: allows you to exclude certain process(es) from the DLP scanning/DLP rules. For example,
System Idle Processetc. Note that, this is different than disabling monitoring for an application using the SUSPEND MONITORING WHEN THESE APPLICATIONS ARE USED option on the Applications Monitoring Settings. That option disables all monitoring for a process (activity will not be captured and app will be blacked out on the session recording). On the other hand, DON'T TRACK DLP... will only disables DLP scanning for a process.
Editing / Copying / Deleting a Monitoring Profile
- You can locate which profile an employee belongs to by using the Search box at the top-left corner of the main Monitoring Settings screen.
- You can click the OPTIONS icons to turn the monitoring on/off for them.
- Click the small Users icon at the top-right corner to add/remove users.
- Click the Copy icon to create a duplicate copy of the profile.
- Click the small Gear icon at the right site of a profile to edit it. Follow Steps 5-6 in the Creating a New Monitoring Profile section above to learn how to edit the profile.
- Click the small X icon to delete the profile.
Editing the Settings for Monitored Systems
Each Monitored System has a simple scheduler under the TRACKING DAYS AND TIME section at the bottom of its settings panel. Using this scheduler, you can quickly specify when the tracking and recording of the Monitored System will take place.
- Click on a day to enable/disable it.
- Drag the two small Circles to adjust the time.
- Click the Reverse icon to reverse the time.
- Click APPLY CHANGES to save the settings.
Editing Screen Settings
The OCR LANGUAGES allows you to specify which language will be used for the OCR (Optical Character Recognition). Default is English. Teramind also supports Hebrew, Russian, Dutch, Spanish and Turkish for the OCR.
ALLOW REMOTE CONTROL option determines if Remote Control will be available on the Session Player’s Live Mode Controls.
If the user is using a Hidden Agent, ASYNC SCREEN UPLOAD will force Teramind to use a queue for screen recordings instead of uploading them in real-time. It’s suitable for a slower network or a busy OCR server. However, you might experience some delay between the user activity and the recording appearing on the dashboard when ASYNC is enabled.
RECORD LOCKED SESSIONS option allows you to continue recording even when the user locked their computer.
By enabling RECORD ONLY WHEN BEHAVIOR RULE WAS VIOLATED, you can reduce the storage needed for the screen recordings or alleviate privacy concern.
You can also control how many FRAMES PER SECOND is captured; if Teramind should UPDATE SCREEN ON EVENTS ONLY (i.e. something happening on the screen).
You should only enable the USE MODERN SCREEN GRABBING option on Windows 8 or above. If you are experiencing issues with screen captures, try toggling this option.
The GRAYSCALE / COLOR and LIVE SCREEN SCALING controls the quality and size of the recording.
On-Premise customers can specify when the recordings will be automatically deleted under the DELETE HISTORY AFTER. This will further reduce your storage requirements and help you comply with data retention policies.
Finally, you can specify the MESSAGE DURING REMOTE CONTROL / MESSAGE DURING INPUT FREEZE when using those features in the Session Player’s Live Mode Controls.
Editing Audio Settings
AUTOMATIC LEVEL ADJUSTMENT will automatically adjust the sound levels for higher/lower tones.
If the user is using a Hidden Agent, ASYNC AUDIO UPLOAD will force Teramind to use a queue for audio recordings instead of uploading them in real-time. It’s suitable for a slower network or a busy server. However, you might experience some delay between the user activity and the recording appearing on the dashboard when ASYNC is enabled.
You can adjust the BITRATE to increase/decrease audio quality. Lower bitrate will require less CPU processing and storage. You can toggle the MONITOR ALL INPUT DEVICES / OUTPUT DEVICES options to enable/disable recording for all microphones, speakers and line-in/out.
|ASYNC AUDIO UPLOAD only works with the Hidden Agent. Ignore this setting if the user is using a Revealed Agent.|
Editing Applications Settings
You can turn monitoring on/off for the WINDOW TITLES. This gives you the ability to not track the title for apps which includes document name in their title. If you do not want Teramind to capture the document name, turning this option off can be helpful.
You can also turn monitoring on/off for CONSOLE COMMANDS (commands executed on the Windows Command Prompt or Terminal).
You can configure Applications settings to MONITOR only select applications; SUSPEND monitoring or SUSPEND KEYSTROKE monitoring when certain applications are used.
You can conditionally suspend monitoring/keystrokes logging using the two …WITH CONDITION options. For example, you can suspend monitoring Firefox while it’s used from an IP approved by an access control list. Same way, you can suspend keystrokes logging of the Windows Installer when it’s launched from an IP range. For the CONDITION, you can select from a list of Any, a single IP, an IP range, list (Network Shared Lists), and cldr (Classless Inter-Domain Routing). Finally, you can define the IDLE TIME (used in the Productivity Reports, Agent Schedule-based rules and other places by Teramind).
Editing Websites Settings
MONITOR ONLY THESE WEBSITES field allows you to define websites or a list of websites, for which you want to record the screen and keystrokes. If you use this field, all other websites will be blacked-out in the screen recordings.
DON’T MONITOR WEB TRAFFIC FOR THESE WEBSITES defines the websites for which you want to suspend recording. Screen and keystroke recording for all other sites will be enabled. Please see notes below.
SUSPEND MONITORING WHEN THESE WEBSITES ARE VISITED setting allows you to record the screen and keystrokes but suspend content parsing. For example, record the activity when the user is in Gmail, but don’t capture the actual email content or any attachments.
SUSPEND MONITORING WHEN WEBSITE CONTAINS CONTENT – If the HTML of a URL contains a string listed here, that website will not be monitored, keystrokes will not be recorded, and the screen will be blacked out. A common use for this option is to determine intranet or proxy-generated websites.
The next three settings are the same as above, the only difference is, you use IP addresses instead of URLs. Please see notes below.
You can also SUSPEND KEYSTROKE … setting to suspend just the keystroke recording for the specified websites.
You can suspend monitoring for all PRIVATE BROWSING (incognito) sessions.
Use the ALLOW CONNECTION TO HOSTS WITH INVALID CERTIFICATES will allow all hosts to work with invalid certificates. This is a not a recommended thing to do as it may help disguise invalid certificate and allow phishing attacks. As an alternative, you can also use a Match Regular Expression condition
regexp/.*/ on any rules that require an URL/website address such as below:
You can turn off the MONITOR KEYSTROKES FOR PASSWORD FIELDS option to suspend capturing of keystrokes in password fields. For example, a login page containing a HTML input field such as
<input type= "password".
You can use the WSS PORT to specify web traffic redirection.
Use the DON’T MONITOR WEB TRAFFIC FOR THESE IPS / WEBSITES fields if you want to prevent the Teramind Agent from injecting the Quick Proxy SSL cert. Use them if it looks like the agent’s cert if causing an issue with a website.
The difference between these two fields are:
Site that resides on some domain name sometimes uses resources from other domains. To exclude all sources for the problem, you need to exclude all used resources. You can get a list of the domain names by turning off the Teramind Agent, run Chrome, Open “Developer Tools”, select “Network” tab, set “Disable cache” = true, “Preserve log” = true, right click on the header of the table with the network requests, select “Domain”, then reproduce situation that leads to an issue, and capture all domain names (from the Domain column) that were involved in the loading process.
When you use any of the SUSPEND MONITORING… settings for any application or website, Teramind will automatically blackout the relevant application window in the video recording or during the live view mode of the session player (check out the Live View and History Playback with the Session Player article to learn more about session recording and live view).
The blackout feature works on both single monitor and multi-monitor setups.
Editing Email Settings
You can use the settings to CAPTURE INCOMING / OUTGOING emails, CAPTURE EMAIL CONTENT and SAVE OUTGOING / INCOMING ATTACHMENTS etc.
You can use regular expressions to ignore any attachments you do not want captured using the IGNORE ATTACHMENT... option. For example, ignore all music and video files.
You can specify which email systems will be captured using the CAPTURE EMAIL THROUGH option. Teramind supports the most popular email clients such as Outlook, Gmail, Yahoo etc. - both desktop and web versions.
Finally, you can set a cut-off time for email captures with the IGNORE EVENTS OLDER THAN (DAYS) option. This option sets a time limit for how far back the Agent will capture emails. It is sometimes useful for clients like Outlook which may scan older emails if emails are moved or archival policies are run. In such systems, by default, the Agent will capture any emails being accessed. This setting can help prevent unexpected rule violations and false alerts by telling the Agent to ignore scanning older emails.
Editing File Transfers Settings
Files Transfers settings panel has two tabs. On the BASIC SETTINGS tab, you can specify WHAT TO TRACK such as: LOCAL FILES, NETWORK FILES, LOCAL DOCUMENTS, NETWORK DOCUMENTS, EXTERNAL DOCUMENTS, CD/DVD BURNING, EXTERNAL DRIVES (i.e. USB / pen drives) etc.
You can select which file types to track under the FILE TYPES TO TRACK section. For example, TXT, DOC, XLS, PPT etc. You can also manually enter your own extensions in the FILE EXTENSIONS LIST TO TRACK.
You can specify which applications should be monitored for upload/download activities in the TRACK DOWNLOADS AND UPLOADS FROM THESE APPLICATIONS field. Finally, if you don’t want any locations (i.e. folders) to track, you can specify them in the DO NOT MONITOR THESE LOCATIONS field.
On the ADDITIONAL SETTINGS tab, you can specify which file operations to track such as COPY/RENAME/UPLOAD/DOWNLOAD/DELETE etc.
Editing Printed Doc / Printer Settings
If you use a printer that requires login permission, use the PRINTER TRACKING ACCOUNT USER and the TRACKING ACCOUNT PASSWORD to specify the credentials. Otherwise, Teramind will not be able to monitor it.
You can turn CAPTURE ACTUAL DOCUMENT on/off and specify MAXIMUM CAPTURE DOCUMENET SIZE (no. of pages) too.
With the MONITORING_SETTINGS_EXCLUDED… option , you can add regular expressions to exclude any printers matching the name.
|You can automatically clean the print spooler for a print server from the Computer’s details > Computer settings screen.|
Editing Keystrokes / Key Logging Settings
You can turn CLIPBOARD tracking on/off from the Keystrokes settings panel.
Editing Instant Messaging / IM Settings
You can specify which messaging APPLICATIONS to track. Teramind supports the popular IMs such as Facebook, Skype, Slack etc. You can TRACK INCOMING MESSAGES only or TRACK OUTGOING MESSAGES only or both.
Editing Social Media Settings
You can specify which messaging APPLICATIONS to track. Teramind supports the popular social media platforms such as Facebook, Twitter, LinkedIn etc. You can track NEW COMMENT, EDIT COMMENT, NEW POST, EDIT POST activities in those applications.
Editing Network Settings
You can turn SSL on to monitor secure connections (i.e. HTTPS).
TRACK NETWORK CONNECTIONS option allows you turn network monitoring on/off.
DON’T DISABLE TEREDO prevents Teramind from disabling Teredo. It’s used for secure communication over IPv6. If you encounter any problem with IP tracking, try toggling this setting.
The next four TRACK… options let you specify which IPs and ports will be tracked or not. TRACK PROCESSES field allows you to specify which network processes to track. You can use names (i.e. svchost.exe), regular expressions, Network Shared Lists etc.
Editing Offline Recording Settings
The offline recording buffer specifies how long the Teramind Agent will continue to record user actions while the user is disconnected from the internet or Teramind server. By default, the buffer is set to 24 hours, but you can increase or decrease the time as needed.
Editing OS States Settings
These settings will enable event notifications for operating system states such as Lock, Sleep and Screen Saver to any SIEM integration (syslog event) you might have. These settings do not affect the monitoring of these event.
Editing Online Meetings Settings
With these settings you can specify which online meeting apps to track. Teramind supports monitoring of AirCall, Microsoft Teams, RingCentral, Zoom, 8x8.