Columns in Results Panel/Custom Report, Device Control

You can control how column information for log entries is displayed in the Results panel from the Template settings dialog.

The following table describes the log entry information for columns in the Results panel and custom reports.

Ellipses […] in the Results panel indicate hidden log entries. For example, if you group a set of results using the value in one column, then multiple values in other columns, the results are shown as […].

Column

Description

Attachment

Shows that shadowed content is viewable.

Audit Event

Shows the type of event that triggered the audit log.

Audit Type

Shows the type of action the administrator performed.

Computer

Shows name of the computer where device access was requested.

Count

Shows how many log entries are hidden in a single row, accompanied by a grouping symbol displayed on the column header. Alternatively, this may be a computed column of data.

Device Class

Shows the name of the device class.

Device Model

Shows the manufacturer name for the device.

File Ext

Shows the type of file extension.

File Name

Shows the file name accessed on the device.

File Name (full)

Shows the full name (including path) of the file accessed on the device.

File Path

Shows the path to the file on the device.

File Type

Indicates whether the file relates to a script or an application, for example Executable or Script.

Hash

Shows the digital signature of the file, created by SHA-1 (Secure Hash Algorithm -1) that differentiate files with the same name.

Managed Device Name

Shows the device name defined in the Device Explorer module.

Model Id

Shows the device model that a user performed and action on.

NT Account Name

Shows the domain user name of the person who triggered the event, for example MARVIN/johns or LocalSystem.

Other

Shows information that may contain the access mask, DVD/CD serial number details, additional information, or parameters.

Process Name

Describes the process used for device access.

Reason

Indicates whether device access was granted or denied. This can have a value of No Permission, Granted or Denied.

SID

Shows the secondary identifier for the user, for example S-1-5-21-647365748-5676349349-7385635473-1645. This is useful for tracing actions recorded in log files to users who have left an organization.

Size

Shows the size of the shadowed file.

Target

Shows the device for which the permissions were modified.

Target Computer

Shows the computer name that was the target of the administrator action.

Target User

Shows of the user or group name that the administrator action was applied to.

Traced On (Console time)

Records the date the event occurred on the console computer.

Traced On (Endpoint time)

Records the date the event occurred on the client computer.

Traced On (UTC)

Records the date (Coordinated Universal Time) the event occurred on the client computer.

Transferred On (Console)

Records the date the event record was transferred from the client computer to the Application Server.

Transferred On (UTC)

Records the date (Coordinated Universal Time) the event record was transferred from the client computer to the Application Server.

Type

Shows the type of event that triggered the log action such as the type of audit event.

Unique ID

Shows the serial number for the device the user performed an action on.

User

Shows the user name that triggered the event. For users removed from the Active Directory, this field also displays the SID, enabling identification of users who have left an organization.

Volume Label

Shows the volume tag for the event that is logged.

X.500 User Name

Shows the user name in Lightweight Directory Access Protocol format. This reflects the directory tree in which the user information is stored, for example, the X.500 user name may be CN=John Doe, CN=Users, DC=Jane and so forth.

Columns names starting with Count, Min, Max, Sum and Average may also be displayed. These contain computed data based on the values in the columns specified for Computed Columns.