Ekran System

Full Feature Presentation

Contents

• System Overview • Administrator Approval on Login

• The Ekran System Application Server • Access Request and Approval
& the Management Tool Workflow
• Database Management • Notifying Users about Being Monitored
• Licensing • User Blocking
• Client Installation & Update • Viewing Sessions
• Monitoring Parameters • Alerts
• Detection of Disconnected Clients • USB Monitoring
• Client Protection • Dashboards
• Advanced User Authentication • Interactive Monitoring
• Two-Factor Authentication • Reports
• Password Management • Application Customization
• User and Entity Behavior Analytics • Health Monitoring

Page 2 of 147
System Overview

Page 3 of 147
About the System

A Smart User Activity Video Recording System.

Privileged
Privileged Flexible
Employee Work Password
Activity Deployment and
Control and Session
Monitoring Licensing
Management
Ekran System allows • Are you interested in Ekran System helps Ekran System supports
the creation of your company's you to provide the widest range of
indexed video records security? privileged access platforms and
of all concurrent • Do you want to know (PAM) to critical assets infrastructure
Windows, Citrix, and what your employees and meet compliance configurations on the
Linux terminal do during work requirements by market, delivering
sessions on your hours? securing, managing reliable deployments of
servers, and the • Do you want to and monitoring any size, from piloting
recording of remote control the use of privileged accounts dozens to tens of
and local sessions on sensitive and access. thousands of endpoints.
workstations, information? Flexible licensing helps
including Windows, to fit it into your budget
macOS and Linux. and address project
changes.

Page 4 of 147
About the System

Ekran System is an affordable user monitoring solution for enhanced

cyber security. It is used to deter, detect and disrupt insider threats
to your corporate IT infrastructure, as well as to assist you in meeting
compliance requirements, manage privileged users (PAM), etc.

You can record all terminal, remote, and local user sessions and
alert security personnel to suspicious events.
The Main Components of Ekran System

Ekran System Ekran System Clients

Ekran System
Application (Windows/macOS/Linux/Citrix/
Management Tool
Server Vmware/X Window System)

Components installed on
The GUI component The main component
the target computer to
used for system used for storing data
monitor user activity and
management & obtained from Client
send it to the Application
session viewing computers
Server

Page 5 of 147
The Basic Deployment Scheme

Page 6 of 147
Large-Scale Deployments

In terms of scalability, and for large

organizations which may have several
geographically isolated data centers,
multiple connected instances of the
Application Server can be deployed.

For complex deployments, Ekran

System also offers high availability &
disaster recovery, and multi-tenant
mode, and supports the use of third-
party load balancing software.

The Master Panel, which is an

additional stand-alone component of
Ekran System, combines the data
from all the Ekran System
Applications Servers in multiple
locations, allowing it to be managed
in a single user interface.

Page 7 of 147
High Availability Mode

High Availability mode allows you to configure and deploy Ekran

System in such a way that if the Ekran System Application Server
stops functioning for any reason, another Application Server
instance will replace it automatically without loss of data or
reinstallation of the system.

Page 8 of 147
Multi-Tenant Mode

Multi-Tenant mode allows multiple completely isolated tenants to

operate in the Ekran System environment. The data in each tenant is
independent and not accessible to other tenants.

Page 9 of 147
The Ekran System Application Server
& the Management Tool
User management, permissions,
Active Directory integration,
Management Tool settings

Page 10 of 147
The Management Tool

The whole system is managed in a single browser-based interface,

called the Management Tool.

Page 11 of 147
Tenant Management

Ekran System can operate in Single-Tenant or Multi-Tenant mode.

Single-Tenant mode is selected by default. In this mode, all users
have access to all Clients and settings according to their
permissions.
In Multi-Tenant mode, all tenant users have access to their tenant
Clients, but do not have access to other tenants’ Clients,
configurations, alerts, reports, etc.
You can switch to Multi-Tenant mode at any time.

Page 12 of 147
User Management & Permissions

• Create two types of users: Internal or Active Directory

(Windows domain users/groups).
• Use groups for easier management of users.
• Define permissions for users.

Page 13 of 147
Active Directory Integration

Integration with Active Directory allows you to establish domain trusts

with multiple domains.

Page 14 of 147
 Active Directory Integration

Integration with Active Directory allows you to do the following:

• Add users & user groups from trusted domains to allow them to
access the Management Tool and Client computers with secondary
user authentication enabled.
• Create alerts for domain groups to quickly respond to suspicious
user activity on Client computers belonging to trusted domains.

Page 15 of 147
The Audit Log

Audit all user activities performed in the Management Tool via the
Audit log which contains detailed information on all changes.

Page 16 of 147
Database Management

Page 17 of 147
Database Configuration

Page 18 of 147
Database Cleanup

You can configure a cleanup (or archive & cleanup) operation that
can be applied either to a specific Client or to a Client group.

Page 19 of 147
Database Archiving

It is good practice to archive and delete old monitored data from the
database regularly to avoid running out of space on the Application
Server computer, and to save the monitored data in secure storage.

Page 20 of 147
Database Archiving

You can view the archived sessions in your archived database in the
Session Viewer and perform searches on the data in the usual way at
any time.

Page 21 of 147
Database Parameters

If the database credentials

defined during installation of
the Application Server have
been changed (e.g. according
to your corporate policy), you
can easily edit them without
reinstalling the Application
Server. You can also define a
new location for storing the
binary data received during
monitoring.

Page 22 of 147
Isolating the Database from Clients

You can disconnect all Clients from the database to make them
go offline, so as to fix any issues with the database, and perform
database cleanup and maintenance without stopping the Ekran
System Application Server. Once database operation is restored,
you can bring all Clients back online in just one click.

Page 23 of 147
SIEM Integration

Ekran System integrates with your SIEM system by using the log files
of monitored events.

Page 24 of 147
Advanced SIEM Integration

Get access to Ekran System alert events and monitored data by

creating a separate log file in one of the following formats:
• Common Event Format (CEF)
• Log Event Extended Format (LEEF)

Page 25 of 147
Advanced SIEM Integration

Ekran System allows the sending of records about alert events and
monitored data directly to SIEM systems such as Splunk, ArcSight,
and QRadar.

Page 26 of 147
 Licensing
Types of licenses, serial key
management and floating endpoint
licensing

Page 27 of 147
Licensing

Ekran System is licensed by the number of Ekran System Clients (i.e.

the end-points to be monitored). All management components,
including the Application Server and the Management Tool are
provided for free with any deployment.

Types of Ekran System Client licenses:

• Workstation Client license (Windows desktop, macOS, X
Window System)
• Infrastructure Server Client license (Windows Server,
Linux/UNIX Server)
• Terminal Server Client license (Windows Server with Terminal
Services, Citrix Server, Published App Server, Jump Server, X
Window System)

Page 28 of 147
Licensing

Page 29 of 147
 Serial Key & License Management

You can request a Trial serial key for 30 days to deploy the system and
review its features, including those in the Enterprise Edition, and also
update the product during this period.
To use Ekran System for a longer period, and with a greater number of
Clients, the product needs to be licensed by activating purchased serial
keys on the computer with the Ekran System Application Server installed.
You can use either Permanent keys, or Subscription keys.

Page 30 of 147
The Enterprise Serial Key

You can activate an Enterprise serial key to get exclusive access to

the set of additional valuable features offered by the Enterprise
Edition of Ekran System.

Page 31 of 147
 Floating Endpoint Licensing

Ekran System is currently the only such product on the market to offer
floating endpoint licensing.
This unique functionality allows you to reassign licenses between Clients both
manually “on the fly”, and automatically, so that you only need to purchase the
amount of Ekran System Workstation Client licenses corresponding to the
maximum possible number of simultaneously active Clients.

• Manual reassignment: Can be done at any time, in just a couple of clicks.

• Automatic reassignment:
o Delete offline Clients without sessions: This option allows the licenses of
Clients, whenever they do not have sessions stored, to be returned to the
pool of available licenses automatically (e.g. after a database cleanup).
o Using a golden image (for VMware/Citrix desktop monitoring): Dynamically
assigns licenses to virtual desktops whenever new Windows-based
desktops are created, and unassigns them whenever Client machines are
shut down.
Page 32 of 147
Unique Enterprise Edition Features

Features only available in the Enterprise Edition:

• High Availability • User Behavior Analytics &
Anomaly Detection (UEBA)
• Load Balancer Support
• System Health Monitoring
• Multi-Tenant Mode
• Database Archiving
• Password Management
• Remote Host IP Filtering
• Detection of Disconnected Clients
• Registering logs to Windows
• Integration with Ticketing Systems
Event Log
• Advanced SIEM Integration
• SWIFT Username Monitoring
• Access Requests and Approval
• Time-based restrictions for user
Workflow
access
Page 33 of 147
Installation & Updating of Clients

Page 34 of 147
Installing Ekran System Clients

Convenient Ekran Client installation:

• Locally:
o Linux Clients (using a tar.gz file)
o macOS Clients (using a tar.gz file)
o Windows Clients:
▪ using the installation file with default parameters
▪ using a package generated with customized parameters
• Remotely:
• for Windows Clients
• for macOS Clients (remote mass deployment)

Remote Installation

Select computers to Customize installation The Clients are

install Clients on parameters successfully installed!

Page 35 of 147
Target Computers for Remote Installation (Windows Clients)

• Scan your local computer network

• Define a range of IP addresses to search for the target
computers
• Simply enter the target computer names

Page 36 of 147
Updating Ekran System Clients

After the Ekran System Application Server is updated to a new version, all
Clients are automatically updated to the same version on their next connection
to the Application Server.
If you want to personally supervise the update process of the target Clients,
you can disable the Update Client automatically option for them.

Page 37 of 147
Monitoring Parameters

Page 38 of 147
Client Monitoring

The screen captures that the Client sends are stored in the form of
deltas (the differences between a newer recorded screen capture
and an older one) to minimize storage space.

The information recorded is saved in an easy-to-review and easy-to-

search form, including:
• The names of the application launched
• The titles of the active window
• The URLs entered
• Text entered via the user’s keyboard (keystrokes)
• Clipboard text data (copied and pasted text)
• Commands executed in Linux (both from user input & by
scripts run)
• Information on USB devices plugged-in

Page 39 of 147
User Activity Recording

Ekran System Client user activity recording is event-triggered by

default.
You can easily configure Windows, macOS, and Linux Clients to
record screen captures of the active window or to record user activity
without recording screen captures, etc.

Page 40 of 147
URL Monitoring

The Ekran Client monitors URLs entered in web browsers.

You can configure the Client to monitor either full URLs or top and
second level domain names only.

Page 41 of 147
Keystroke Logging

To ensure GDPR compliance, all logged keystrokes are hidden, but

you can perform searches within them and create alerts to be
triggered when specific keywords are typed.
Keystrokes can also be filtered. This allows you to both reduce the
amount of data received from the Windows Client and to make sure
that no privacy violations occur by defining the applications for
which keystrokes will be monitored.

Page 42 of 147
Keyword-Triggered Monitoring

You can configure Ekran System Clients to start monitoring and

creating screen captures only after they detect defined keywords
entered by the user in specified applications.

Page 43 of 147
Clipboard Monitoring

Ekran Client captures all text data which is copied or cut and then
pasted into documents, files, applications, the browser address bar,
etc, on Windows Client computers.
You can set an alert to be triggered whenever a user copies or pastes
information.

Page 44 of 147
Application Filtering

Ekran System allows you to define filtering rules for websites and
applications to adjust the amount of monitored data and to exclude
areas where private information can be observed, so as to comply
with corporate policy rules and country regulations related to user
privacy.

Page 45 of 147
Monitoring Time Filtering

In addition to application filtering rules, you can also define rules

for the time when monitoring will take place.
By selecting certain days of the week and defining specific hours,
you can establish bounds within which Ekran System Clients will
record all user activity.

Page 46 of 147
Remote Host IP Filtering

Additionally, you can filter out sessions from certain remote IP

addresses or monitor only sessions from certain IP addresses.

Page 47 of 147
SWIFT Username Monitoring

Ekran System allows the username used for logging in to the SWIFT
network to be recorded, so that you can easily identify such users.

Page 48 of 147
Privileged User Monitoring

You can also monitor the activity of users logging in under privileged
user accounts.

Page 49 of 147
Bandwidth Usage Reduction

Ekran System allows you to configure bandwidth usage reduction

parameters to manage the traffic volume from the Client to the Ekran
System Application Server.
The following parameters can be configured:
• Screen capture throttling
• Batch registration timeout
• Screen capture size reduction

Page 50 of 147
Client Group Settings

You can define the settings for a Client group, and then apply them
to Clients, so as to save time.

Page 51 of 147
Monitoring using Linux Clients (X Window System)

Ekran System remote SSH session monitoring provides the capability

to monitor commands executed in terminals.
Monitoring of Linux sessions started locally via the graphical
interface is also supported.

Page 52 of 147
Monitoring via Linux Clients (Remote Sessions)

A remote Linux Client session contains:

• User actions (input commands and responses from a terminal)
• System calls
• Commands being executed in the script that is running

Page 53 of 147
Monitoring via Linux Clients (Local Sessions)

A local Linux Client session for X Window System contains:

• Screen captures • Activity titles
• Application names • Activity times

Page 54 of 147
Detection of Disconnected Clients

Page 55 of 147
Detection of Disconnected Clients

Detection of disconnected Clients will help you to timely detect

Clients that have stopped transmitting monitoring data. Just define
the time period after which offline Clients will be considered as
disconnected, and get notified about such incidents.

Page 56 of 147
Viewing Disconnected Clients

You can view all Clients that are offline for more than a specified
time period on the Offline Clients page.

Page 57 of 147
Client Protection

Page 58 of 147
Protected Mode

Ekran System allows you to protect Windows Clients and their data
by enabling Protected mode.

The use of Protected mode has the following advantages:

• Prevention of Client uninstallation.
• Prevention of stopping Client processes.
• Prevention of editing Client system files and logs.
• Prevention of editing Client settings in the registry of the
Client computer.
• Prevention of modification, removal, and renaming of Client
files.

Page 59 of 147
Client Uninstallation

Users, including privileged ones, are unable to stop the Client

running on computers, or remove the Client locally without the
assistance of the administrator.

Only the Ekran System administrator knows the Uninstallation key

defined prior to Client installation which is necessary for local
removal.
Page 60 of 147
Advanced User Authentication

Page 61 of 147
Advanced User Authentication

Advanced user authentication allows you to achieve two goals:

• Monitor users’ activity on a computer when multiple users use
the same credentials to log in.
• Improve your security by limiting access to specific users who
know secondary user authentication credentials.

Page 62 of 147
Secondary User Authentication (Windows Clients)

The Ekran System Client requests credentials to be entered before

allowing a user to access Windows OS.

Page 63 of 147
One-Time Passwords (Windows Clients)

Ekran System Enterprise Edition provides the administrator with the

unique capability to protect Client computers with one-time
passwords.

Page 64 of 147
One-Time Passwords (Windows Clients)

The user can request a one-time password directly from the

secondary user authentication window displayed during login to
Windows OS.

Page 65 of 147
Secondary User Authentication (Linux Clients)

An Ekran System Client requests credentials to be entered when

allowing a user to log on to a terminal on Linux Client computers.

Page 66 of 147
Two-Factor Authentication

Page 67 of 147
Two-Factor Authentication

Two-factor authentication allows you to enable an extra layer of

security to better protect the critical endpoints in your network.

Page 68 of 147
Two-Factor Authentication

You can add users who you want to be allowed to log in to Windows
and Linux computers with Clients installed using time-based one-
time passwords (TOTP) generated by TOTP mobile applications.

Page 69 of 147
Two-Factor Authentication

The Ekran System Client prompts the user to enter a TOTP to access the
system.

Page 70 of 147
Password Management

Page 71 of 147
Password Management

Managing privileged accounts (PAM) and implementing role-based

access control is critical for enterprise security teams. Ekran System
password management functionality provides you with full control and
visibility over privileged user access.

With Ekran System, you can:

• Securely store account credentials in secrets
• Provide granular access to stored credentials
• Manage passwords without interfering with the workflow of
privileged users
• Enable remote password rotation (for Active Directory, MS SQL,
Windows, and Unix SSH accounts) and Unix SSH key rotation

Page 72 of 147
Adding a Secret

Add a secret to define: an endpoint to connect to, privileged account

credentials, and a user or user group to give access to.

Page 73 of 147
Logging in Using a Secret

A privileged user can access a critical endpoint with a secret by using

Ekran System Connection Manager.

Page 74 of 147
Viewing Secrets in Sessions

You can easily find the user sessions in which a specific secret was
used. In addition, the secret data is highlighted in blue in the
Session Player so you can also quickly find it within the session.

Page 75 of 147
User and Entity Behavior Analytics

Page 76 of 147
User and Entity Behavior Analytics

Ekran System User and Entity Behavior Analytics (UEBA) allows you to
better protect your system from malicious and illicit insiders.

UEBA has the following advantages for detecting suspicious activities:

• Analysis of user behavior patterns and establishment of a
baseline for normal behavior.
• Automatic detection of behavioral deviations.
• Timely notification of potential insider threats.

Page 77 of 147
User and Entity Behavior Analytics

Add a user behavior rule to view user profiles and analyze sessions with
the detected anomalies, and get timely notified about risky user activity.

Page 78 of 147
User and Entity Behavior Analytics

Monitored sessions that contain detected user behavior anomalies

have a special risk score.
The risk score indicates the severity level of the session and is
calculated according to the risk level of the abnormal user behavior
patterns and alerts detected in the monitored sessions.

Page 79 of 147
Administrator Approval
on Login

Page 80 of 147
Administrator Approval on Login

Approval by an administrator on login allows you to better protect the

Client computers in your network against undesired access.

Page 81 of 147
Administrator Approval on Login

You can add users whose access to Client computers need to be

restricted.

Page 82 of 147
Administrator Approval on Login

When a restricted user logs in to a Client computer, the Client blocks

the desktop and sends the user’s access request to a trusted user for
approval. The user's request is also displayed on the Access Requests
tab on the Access Management page.

Page 83 of 147
Administrator Approval on Login

Only after the trusted user confirms the user’s access request, the user
is allowed to access the system.

Page 84 of 147
Access Request and Approval
Workflow

Page 85 of 147
Access Request and Approval Workflow

You can minimize cybersecurity risks and control the number of

simultaneously active accounts with Ekran System’s Just-in-Time
Endpoint Access capabilities.

Page 86 of 147
Access Request and Approval Workflow

• Manual access approval for determining who can access what

and when
• Time-based user access restrictions for enhancing the protection
of critical data and systems

Page 87 of 147
Access Request and Approval Workflow

Restricted users will be able to log in to Client computers during the

defined time period only, and will need additional approval to log in
outside of this period.

Page 88 of 147
Notifying Users about
Being Monitored

Page 89 of 147
Notifying Users about Being Monitored

To adhere to the security policy of your company or your country

regulations, you can:

• Enable the displaying of

an additional message
on user login to notify
the user that their work
is being monitored.

• Enable the displaying of

the Client tray icon along
with a notification to the
user that his/her work is
being monitored.
Page 90 of 147
Notifying Users about Being Monitored

• Require the user to explain the reason for access, by writing a

comment in an additional message window that is displayed
when the user attempts to access a Client computer.

Page 91 of 147
Notifying Users about Being Monitored

• Require the user to enter a valid ticket number, created in an

integrated ticketing system, to log in to the Client computer.

Page 92 of 147
Notifying Users about Being Monitored

• An icon can be displayed on the desktop to inform users that

their actions are currently being recorded.

Page 93 of 147
Blocking Users

Page 94 of 147
Blocking Users Overview

Ekran System allows you to block users from performing potentially

harmful and forbidden actions on computers running Windows OS with
Ekran System Clients installed on them.
Users can be blocked manually from both Live and Finished sessions, or
automatically when they perform an action that triggers a specific alert.

Page 95 of 147
Blocking Users Overview

The user desktop is blocked, and after a defined time interval the
user is forcibly logged out.
If the blocked user then tries to re-log in to the Client computer, the
system will not allow them to do so.

Page 96 of 147
Viewing the Blocked Users List

The Blocked Users List contains information on when, and why users
were blocked.
To allow users to access Client computers again, remove them from
the list.

Page 97 of 147
Viewing Sessions

Page 98 of 147
Searching the Data in the List of Sessions

The Ekran System Management Tool allows searching within recorded

sessions.
Searching can be performed using various parameters:
• For Windows Clients: active window title, application name, user
name, Client name, URL visited, clipboard text data, user’s
comment in an additional message, ticket number, and USB
device information.
• For macOS Clients: active window title, application name, user
name, Client name, and URL visited.
• For Linux Clients: command, command parameter, and
command output.

Page 99 of 147
Viewing Live Sessions

Ekran System allows you to perform monitoring of user activity on

the Client computer in real time.
You can connect to a Live session and observe the activities a user is
performing at any given moment.

Page 100 of 147

The Magnifying Glass

You can enlarge any area of the video in the Session Player by using
the Magnifying Glass.

Page 101 of 147

Forensic Export

With Ekran System Forensic Export, you can:

• Export a monitored session (or part of it) to a securely
encrypted file, and verify its integrity.
• Investigate the user activity data recorded by using the offline
Session Viewer.
• Present evidence in a forensic format to third parties.

Page 102 of 147

Alerts

Page 103 of 147

Setting Up Alerts

Ekran System allows you to enable quick incident response using

alert notifications:
• Set up alerts about suspicious user activity on Client
computers.
• Specify individuals to receive instant alert notifications via
email or in the Tray Notifications application.

Page 104 of 147

Alert Actions

You can set an alert to:

• Display a warning message to the user when the alert is
triggered (the message can be edited).
• Block the user.
• Forcibly stop the application.

Page 105 of 147

Default Alerts

Ekran System contains a set of default alerts prepared by the

vendor’s security experts. They will inform you about data leakage or
potentially fraudulent, illicit, or non-work-related activities.

Page 106 of 147

Alerts in the Session Player

Monitored data associated with alert events is highlighted in

different colors in the Session Player according to the alert risk level.

Page 107 of 147

Alerts in the Alert Viewer

You can view detailed information on all alert events as well as

screen captures associated with them in a special viewer.

Page 108 of 147

Receiving Alerts

You can receive alert notifications in real

time, review them in the Ekran System Tray
Notifications log file, and open the
sessions with the alert-related data, in the
Session Player.

Page 109 of 147

USB Monitoring

Page 110 of 147

USB Monitoring Overview

Ekran System provides two types of monitoring for USB devices

plugged into the Windows Client computer:
• USB-based storage monitoring, to view information on devices
detected by Windows as mass storage devices and to receive
alert notifications about them.
• Kernel-level USB monitoring, for in-depth analysis of devices
plugged-in and for blocking them.

Page 111 of 147

Setting Up Kernel-level USB Rules

Ekran System can detect mass storage devices connected to a

computer, alert you when a device is plugged in, and block their
usage or forbid access to them until administrator approval (either
all devices of a certain class or all devices except permitted ones) on
a Client computer.

Page 112 of 147

USB-Based Storage Monitoring

USB-based storage devices are automatically detected when they

are plugged in.

Page 113 of 147

Kernel-Level USB Monitoring

Screen captures created when USB devices are plugged in or blocked

are highlighted in the Session Viewer.

Page 114 of 147

Dashboards

Page 115 of 147

Dashboards Overview

Dashboards offer a convenient real-time view of the most useful

data grouped together in one place.
You can customize the dashboards on the Management Tool Home
page by adjusting their appearance and settings.

Page 116 of 147

Dashboard Types

There are four main types of Ekran System dashboards:

System State Dashboards Threat Detection Dashboards

• Licenses • Sessions Outside of
• Clients Work Hours
• Database Storage • Rarely Used Computers
Usage • Rarely Used Logins

Monitoring Dashboards Server Resource Monitoring

• Recent Alerts Dashboards
• CPU Usage
• Latest Live Sessions
• Memory Usage
• The Database State
Page 117 of 147
System State Dashboards

Clients Storage Usage

Licenses

Page 118 of 147

Monitoring Dashboards

Recent Alerts

Latest Live Sessions

Page 119 of 147

Threat Detection Dashboards

Rarely Used Computers Rarely Used Logins

Sessions Outside of Work Hours

Page 120 of 147

Server Resource Monitoring Dashboards

CPU Usage Memory Usage The Database State

Page 121 of 147

Interactive Monitoring

Page 122 of 147

Interactive Monitoring Overview

You can filter data by three parameters:

• Who: filter by any specific user logged in to a Client computer.
• Where: filter by a specific Client.
• When: filter by time period.
Additionally, you can modify the order of the bars displayed, by using
the Applications and URLs filters.

Data is displayed in the form of two column charts (the Application

Monitoring chart and the URL Monitoring chart).
To view the list of application/website entries, click on the column
with the application/website name.
Page 123 of 147
The Application Monitoring Chart

This chart provides information on the time spent using different

applications.
You can also use this chart to analyze information on the most and
least used applications, and detect any threats and suspicious
activity on the computers being investigated.

Page 124 of 147

The URL Monitoring Chart

This chart provides information on the time spent visiting different

websites.
You can also use this chart to analyze information on the most and
least visited websites, and detect potentially harmful activity on the
computers being investigated.

Page 125 of 147

Reports

Page 126 of 147

Reports & Statistics

Ekran System reports provide a full overview of the time spent using
applications and on websites visited on the user’s computer.
You can generate a highly customizable report either ad-hoc or you
can schedule the sending of reports to your email on a daily, weekly,
or monthly basis.
The reported activity can include alerts, applications launched,
websites visited, USB devices plugged-in/blocked, and Linux
commands executed.

Scheduled Reports

Page 127 of 147

Reports & Statistics

Reports can be generated manually at any time for any time period.

Manual Report Generation

Page 128 of 147

Report Types

Activity Summary Report Activity Pie Chart Report

Activity Chart Report

Page 129 of 147

Report Types

User Statistics Report

Clipboard Grid Report

Page 130 of 147

Report Types

Session Grid Report

Sessions Outside of Work Hours Grid Report

Page 131 of 147

Report Types

Detailed Activity Report

User Daily Activity Grid Report

Page 132 of 147

Report Types

User Productivity Report

User Productivity Summary Grid Report

Page 133 of 147

Report Types

Alert Grid Report

Page 134 of 147

Report Types

User Behavior Analytics Report

Page 135 of 147

Report Types

URL Summary Report URL Pie Chart Report

URL Chart Report

Page 136 of 147

Report Types

USB Storage Grid Report

Kernel-Level USB Storage Grid Report

Page 137 of 147

Report Types

Terminal Server Grid Report

Page 138 of 147

Report Types

In the Linux Grid Report, you can view all exec* and sudo commands
executed on Linux Client computers.

Linux Grid Report

Page 139 of 147

System Customization

Page 140 of 147

Setting the Date & Time Format

Date & time format configuration allows you to define the date and
time format for the Management Tool and the Application Server.

Page 141 of 147

Customizing the Logo on Client Notifications

Custom logo settings allow you to use of any custom graphics file
instead of the default logo on Client notifications during secondary
user authentication, user blocking, etc.

Page 142 of 147

Customizing Reports

Custom Reports settings allow you to use any custom graphics file
instead of the default logo in reports. You can also add header and
footer text to the reports.

Page 143 of 147

Customizing Email Subjects

Custom email subjects settings allow you to define the subjects to be

used in email notifications sent by Ekran System.

Page 144 of 147

Health Monitoring

Page 145 of 147

System Health Monitoring

System Health Monitoring allows you to get detailed information

about database storage usage and any errors occurring with Ekran
System, which help you to monitor the system “health” and react to
any issues in a timely manner.

Page 146 of 147

Server Resource Monitoring

Ekran System allows you to view the current resource usage by the
Ekran System Application Server process:
• CPU Usage by the Application Server process
• Memory Usage by the Application Server process
• The Database State

Page 147 of 147

 Visit us online:
www.ekransystem.com

Page 148 of 147