SECTION 1: PRODUCTIVITY REPORTS USE DRILL DOWN REPORTS FOR AN INVESTIGATION20 M86 S ECURITY E VALUATION G UIDEMouse over to view full URLClick the URL link to launch the actual Web site viewed by the user to verify thecontent that was accessed.Step D: Sort by “Content Type”Sort by the column labeled “Content Type” by clicking that column header. This willsort all records by the search type filtered on the Web Filter or SWG. For example,“URL” indicates a page request was blocked or allowed based on the status of thatURL in the Web Filter category library and “Search KW” indicates a user typed ina prohibited word into a search engine text box. One of M86 Security’s differentia-tors is “Proxy Pattern Blocking,” which will show up in the “Content Type” sectionif an Internet proxy site was blocked by M86 Security’s proprietary proxy signaturedetection.After reviewing a suspected policy violator’s Internet activity in the Detail DrillDown Report, the administrator will have firm evidence on the user’s intent, whichis critical forensic information to have in the event the investigation moves to thedisciplinary phase.Step E: Sort by “Search String”Sort by the column labeled “Search String” by clicking that column header. This willsort all records alphabetically for results that include search string information.Search string content includes the actual text typed into a search engine text boxon popular search engine sites such as Google, Bing, Yahoo!, YouTube, Ask.com,and MSN. For example, if the end user typed in “recipes for chicken breast” in asearch engine request, that entire string will appear in this column, not simply theblocked keywords within the request. This depth of detail helps clarify the intent ofthe end user, which helps tremendously in investigations.In the next section, this guide will go through the final step in a typical investiga-tion—creating a custom report for a specific user via the Report Wizard.
