Search <book_title>...

Veritas™ Surveillance User Guide

Last Published: 2024-09-26

Product(s): Veritas Alta Surveillance (1.0)

Introducing Veritas Surveillance
1. About Veritas Surveillance
2. Key features of Veritas Surveillance
3. Feature comparison: Compliance Accelerator desktop client Vs Veritas Surveillance web client
4. Sampling support for content sources
5. About Veritas Surveillance system security
6. Veritas Surveillance multi-tier architecture
7. System requirements
Getting started
1. Signing in to Veritas Surveillance
2. Signing out from Veritas Surveillance
Working with dashboard widgets
1. Understanding the Dashboard page
2. Viewing status summary of recently reviewed departments
3. Pinning and unpinning departments to view review status
4. Changing the order of pinned departments
5. Viewing the review status summary of escalated items
6. Viewing a summary of searches and exports
Managing employees and employee groups
1. About employees and employee groups
2. Creating employee profiles
3. Editing employee profile details
4. Creating employee groups
5. Editing employee group details
Managing departments
1. About departments
2. Understanding the Departments page
3. Searching departments
4. Creating departments
5. Moving existing departments under other departments
6. Adding monitored employees and employee groups to departments
7. Editing monitoring policies
8. Editing department details and monitoring policy
9. Managing exception employees
10. Designating employees as exception employee
11. Assigning further exception reviewers to an exception employee
12. Removing exception status
13. Removing exception reviewers
14. Closing or opening the departments for monitoring
15. Deleting departments
Managing department users
1. Assigning users to departments
2. Removing users from departments
3. Adding new roles for users
4. Removing roles
5. Managing role assignment for a user in departments
  1. Assigning departments and exceptions to specific users
  2. Removing a specific role to users in one or more departments and exceptions
Managing department-level archives
1. About department-level archives
2. Including or excluding enterprise vault archives at department-level
Managing department-level searches
1. About department-level searches
2. Guidelines for effective searches
3. Creating and running department-level searches
4. Pausing and resuming searches
5. Downloading search details for archives
6. Disabling scheduled searches
7. Previewing search results
8. Accepting search results
9. Rejecting a search result
10. Resubmitting a search
Managing department-specific hotword sets
1. Overview
2. Creating department-specific hotword sets
3. Editing department-specific hotwords and hotword sets
4. Deleting department-specific hotword sets
Managing department-specific labels
1. Searching department-specific labels, label groups, and single choice groups
2. Managing department-specific labels
3. Managing department-specific label groups
4. Managing department-specific single choice label groups
Managing department-specific review comments
1. About department-level review comments
2. Adding department-level review comments
3. Editing department-level review comments
4. Deleting department-level review comments
5. Updating order of department-level review comments
Viewing employees associated with departments
1. Viewing employee association history
Managing users, roles, and permissions
1. Overview
2. Predefined user roles and permissions
3. Adding new roles for users (employees) and employee groups
4. Editing user roles and permissions
5. Deleting user roles
6. Assigning Veritas Surveillances to users (employees) and employee groups
7. Restricting users to use hotwords in searches
8. Removing a user role
Managing application-level archives
1. About application-level archives
2. Including or excluding enterprise vault archives at application-level
Managing application-level searches
1. About application-level searches
2. Viewing existing application-level searches
3. Creating and running application-level searches
4. Editing application-level searches
5. Excluding departments from application searches
6. Reinstating the excluded department for application searches
Managing application-specific hotword sets
1. Overview
2. Creating application-specific hotword sets
3. Editing application-specific hotwords and hotword sets
4. Deleting application-specific hotword sets
Managing application-specific labels
1. Searching application-specific labels, label groups, and single choice groups
2. Managing application-specific labels
3. Managing application-specific label groups
4. Managing application-specific single choice label groups
Managing application-specific review comments
1. About application-level review comments
2. Adding application-level review comments
3. Editing application-level review comments
4. Deleting application-level review comments
5. Updating order of application-level review comments
Managing search schedules
1. Overview
2. Setting up new search schedules
3. Setting up one-time search schedules
4. Example of a one-time search schedule
5. Setting up recurring search schedules
6. Example of a recurring search schedule
7. Editing search schedules
8. Deleting search schedules
Managing export operations
1. About exporting items
2. Performing export runs
Managing reviews
1. About reviewing with Veritas Surveillance
2. Understanding the Review page
3. Rearranging columns in the item list pane
4. Changing the Preview pane position
5. Filtering the items in the Review pane
6. Reviewing the Audio-Video Transcript type items
7. Reviewing searched items
8. Viewing Intelligent Review Details
9. Adding or removing text for machine learning
10. Assigning review status to items
11. Viewing hotwords highlighting
12. Viewing hotwords in collaboration message
13. Viewing tags highlighting
14. Viewing tags in collaboration message
15. Viewing the full content in a new window
16. Adding comments to items
17. Escalating the review items
18. Viewing history of items
19. Printing and downloading the items and attachments
Working with reports
1. About Veritas Surveillance reports
2. Accessing data through the Microsoft SQL Server Reporting Services (SSRS)
3. Enhanced reporting
4. Managing Power BI templates for reporting APIs
Managing Audit Settings
1. Audit Settings Overview
2. Editing the Audit Settings
Working with Audit viewer
1. About Audit viewer
2. Performing a search for audit records

Performing a search for audit records

To run a search for audit records

In the left navigation pane, click Audit viewer.
The Audit Viewer screen is displayed.
In the Date range section, specify the date range for the audit records that fall in this duration.
The options are as follows:
- Specific date range - Specify the date and time duration to search audit records that were sent or received during the selected period.
- Today / Yesterday / Last 7 days / Last 14 days / Last 28 days - Search audit records that are created today, yesterday, or in last 7/14/28 days.
- Do not filter - Do not search for audit records based on date range.
To search by departments, select the appropriate option:
- All departments - Search for audit records generated at the department level for all departments where the logged-in user has permission to view audit information
- Select department(s) - Search for audit records for specific departments, folders, or exception departments. If you select this option, the Selected departments section appears. Only those departments where the logged-in user has permission to view audit information are displayed. Click Add to search and add departments. You can remove the listed departments from the list using the Remove link.
- Do not include departments - Select this option if you do not want to search for audit information generated at the department level. If this option is selected, you must select either Include application level records or Include historical data option.
Select the Include application level records check box if you want to search for audit records generated at the application level.
Select the Include historical data check box if you want to include audit information at the following level:
- Deleted department/Folder
- Closed department
- Monitored employees whose exception status is removed
Note:
You can select the Include application level records and Include historical records if you have the View Audit information permission at the application level.

Use Advanced search options to narrow the search for audit records. The following additional options, such as operation type, user, and property, are available. You can add a new search row by clicking the + icon.

Search option	Description
Module name	Select the modules for which you want to search the audit records. For details on the available modules and their supported operations for audit records, See Audit Settings Overview. Note: You can search for multiple modules in a single search; however, you cannot search for the module name twice.
Operation type	Select operations such as Create, Update, and Delete.
User	Select audit records based on users. You can enter one user per line. Press the Enter key to add another user on next line. Audit records having any of these usernames are returned. The Username field supports wildcards * and ?. You can use an asterisk () wildcard to represent zero or more characters in your search. Use a question mark (?) wildcard to represent any single character. Wildcards can be escaped using \. Therefore, \ represents the character * whereas * represents the wildcard. All the provided values are matched if the search is present anywhere in the data. You cannot use special characters in the Username field. Also, special characters which appear in the middle of the text using wildcard cannot be matched. For example, a search term *MyDomainvsa will not match the data MyDomain\user1**, but will match the below search terms: Mydomain\user1 Mydomain user1 Mydomain user
Changed Property	Search for a property changed in an audit event using the following options. Press the Enter key to add another entry on next line. Property name: The name of the changed property whose value you want to search. For example, Department parent or Role name. You can use a wildcard to match multiple properties. Previous value: The previous value (before modification) of an audit record's changed property. This field supports wildcards and partial matches. Current value: The current value of an audit record's changed property. This field supports wildcards and partial matches. Note: You can search for multiple changed properties in a single search; however, you cannot search for the same changed property twice. All the provided values are matched if the search is present anywhere in the data. You can use special characters in your search. These fields support the use of wildcard characters * and ?. You can use an asterisk () wildcard to represent zero or more characters in your search. Use a question mark (?) wildcard to represent any single character. Wildcards can be escaped using \. Therefore, \ represents the character * and not wildcard . Since \ is an escape sequence, you can escape \ by using \\. For example, if a username in the Current value* or Previous value fields of the property is Acme\John Doe. To search for this, you can provide any of the following search terms: Acme* Acme\\John Doe AcmeJohn Doe John Note that wildcards present in the middle of search terms can match special characters. For example, in the above example, *AcmeJohn Doe search terms match Acme\John**.

Click Search to perform the search for audit records.
When the search is executed, the search results are displayed. A maximum of 10000 audit records can be displayed.
In the left panel, the audit records matching the search criteria are displayed. The newest audit records are displayed first. You can sort the records in ascending or descending order by using the sort arrow icon in the header of the columns. When you select an audit record in the left panel, its changed properties are displayed in the right pane.
From the Actions menu, click Export as CSV if you want to export the search results.

An example of an advanced search for audit records

An advanced search always ANDs the criteria specified for each of the Operation type, User, and Changed property fields, whereas multiple values in the same field are always ORed. Multiple Changed property fields are always ANDed.

For example, the advanced search options are used as displayed in the following diagram:

Here, the search can be interpreted as below

ModuleName is Role OR RoleAssignment AND OperationType is Create OR Update AND User contains SOFIA\VSA AND Changed property - PropertyName contains "Role", the Previous value contains dep*, the Current value can be anything.

These search criteria return all audit records which have Module name as either Role or role assignment, and Operation type as Create or Update and change done by user SOFIA\VSA and where Property - Role is changed with the previous value that contains dep