Specifically, the endpoint application audit involves the audit of predefined applications and custom applications. Predefined applications are classified into the following categories: IM, MailClient, NetworkApplication, OfficeSoftware, NotebookSoftware, ConferenceSoftware, NetworkTransmissionTool, RemoteTool, and OperationAndMaintenanceTools.

• IM: Audit the content of IM chat records and files transmitted over the IM tools based on the Ingress Client.

• MailClient: Audit the email attachments sent by intranet users through mail clients based on the Ingress Client.

• NetworkApplication: Audit the files uploaded by intranet users through network drives based on the Ingress Client.

• OfficeSoftware: Audit the files uploaded by intranet users through office software based on the Ingress Client.

• NotebookSoftware: Audit the files uploaded by intranet users through notebook software based on the Ingress Client.

• ConferenceSoftware: Audit the files uploaded by intranet users through conference software based on the Ingress Client.

• NetworkTransmissionTool: Audit the files transmitted by intranet users through file transmission tools based on the Ingress Client. Three file transfer tools are supported: FileZilla, XFtp, and WinSCP.

• RemoteTool Audit the files transmitted by intranet users through remote software based on the Ingress Client. Four remote tools are supported: Microsoft Terminal Services Client (MSTSC), ToDesk, Sunlogin, and AnyDesk.

• OperationAndMaintenanceTools: Audit the files sent by intranet users through operation and maintenance (O&M) tools based on the Ingress Client. Two O&M tools are supported: XShell and MobaXterm.

• File transfer: Audit the files transferred by the endpoint through file transfer tools through access to the client. It includes

• Action: Select Audit or Do Not Audit as needed.

• Schedule: Select All Day, Office Hours, or Non-Office Hours as needed. Alternatively, click Add Schedule to add a custom schedule.

• File type: Select a file type to filter out files of the specified type. You can define a file type in System > Objects > File Type Group.

• Offline Audit: Select Enable or Disable as needed. If Enable is selected, the audit can be performed even if the Ingress Client is disconnected from the IAG device.

• Attachment Audit: Select Enable or Disable as needed. If Enable is selected, the involved attachments will be synchronously logged after the audit. If Disable is selected, only the audit activity is logged.

• Screen Capture: Select Enable or Disable as needed. If Enable is selected, multiple snapshots will be captured for the entire screen at the moment when the file upload starts.

Configuration Example

Configure an audit policy to audit the endpoint's IM chat content or attachments, including the endpoint, after it is offline.

Steps

Step 1.Go to Activity Audit > Ingress Client Audit, click Add, and select Ingress Client Audit. In the dialog box that appears, specify Name and Description, select Application, and click Add.

Step 2.In the Select Item dialog box that appears, select IM, and select Enable for Offline Audit.

Step 3.Select Objects, so that the audit policy applies to the selected user groups and users. Then, click OK to complete the policy configuration.

Step 4.Attempt to use an IM application to chat and send files.

Step 5.Go to the log center to view the corresponding audit results.