Reports
  • 6 minutes to read
  • Dark
    Light
  • PDF

Reports

  • Dark
    Light
  • PDF

Article summary

Applications and uninstallers report

This report shows all applications automatically mapped by GO Endpoint Manager services or executed. There is a list of all application uninstallers identified on workstations. As they are also applications, their registration actions are identical to the application report actions.

Application reportApplication report

  1. Access the senhasegura platform. 
  2. Navigate to GO Endpoint Manager ➔ General ➔ Applications or GO Endpoint Manager ➔ General ➔ Uninstallers.
  • ID: application identification number.
  • Type: filter by Applications or Uninstallers.
  • Name: name of the application.
  • Vendor: application vendor.
  • Insert user: the user who added the application to GO Endpoint Manager.
  • Include: the date the user was added.
  • Last use: the last time the application was executed.
  • Enable: application active/inactive status on the workstation.
  • Action:possible actions.
    • Edit: change application registration.
    • App versions: check installed app versions.
    • Application details: view details about the application, date added, checksum, and user added.
    • Events: events related to the application use and actions performed using the application.
  • Other actions: visit the Typical screen for more information.

Because an application is unique to senhasegura, regardless of its installation folder and the name of its binary, GO Endpoint Manager can identify its different versions and centralize the registration to create segregation. The administrator can identify the different versions installed on his machine park. Its logging actions also allow you to view run events.


Control panel report

Control panel applications are pre-configured because Microsoft has different ways of accessing controls for each version of Windows. This report shows each command needed to achieve control and which Windows versions are compatible. The logging shows all control elevation events for a workstation.

  1. Access the senhasegura platform. 
  2. Navigate to GO Endpoint Manager ➔ General ➔ Control Panel.
  • ID: control panel application identification number. 
  • Name: control panel application name. 
  • Command: executed command.
  • W7: version of Windows 7. 
  • W8: version of Windows 8. 
  • W10: version of Windows 10. 
  • Last used: when the application was last run.
  • Active: whether the application is active/inactive on the workstation. 
  • Action: events related to the application use and actions performed using the application. 
  • Other actions: visit the Typical screen for more information.

Event report

This report details all Workstations, Applications, Uninstallers, Control Panel, and DLLs report logs. Every automatic or intentional user action from GO Endpoint Manager is centralized. You have access to all filters and combinations to identify events on workstations.

Caution
Only DLLs added after the process has started are analyzed. If a user tries to open a file with a DLL that is not trusted, the system generates an event called Untrusted DLL execution attempt and shuts down the application. The event will be notified via SYSLOG and available for email configuration.

Event report

To view the events generated by the application:

  1. Access the senhasegura platform. 
  2. Navigate to GO Endpoint Manager ➔ Reports ➔ Windows ➔ Events.
  • ID: event identifier number. 
  • User: the user in the system that generated the GO Endpoint Manager application event. 
  • Workstation: operating system used. 
  • Domain: domain used by the application.
  • Events: the type of event generated.
    • Blocked access to a network
    • Network Adapter
    • Alert
    • Application added
    • Application terminated
    • Deleted application
    • Application started
    • Update
    • Update access list
    • Refresh the list of credentials
    • User
    • Workstation registration
    • Network share
    • System Configuration
    • Copy password
    • Uninstall
    • Uninstall Go
    • Detail of credential
    • Directory and file scan
    • Elevation of Privilege blocked
    • Error retrieving credentials
    • Multi-factor authentication failure
    • Go offline
    • Go online
    • Untrusted DLL execution attempt
    • Malware analysis
    • File reputation
    • Command
    • Linux - Allowed
    • Linux - Denied
    • Go installation
    • JIT access
    • Macro listing
    • Login
    • Macro
    • Control panel
    • Run As
    • Registration request
    • New registration attempt
    • UAC
    • Credential use
    • Local user inactive
    • View password
    • Workstation approved
    • Workstation disabled
  • Action on use: describes the action related to the event.
    • Alert: Suspicious action
    • None: Any action occurred
    • Process interrupted: The process wasn’t finished
    • Log register: The log record was generated
    • Allowed: This event appears when an executed command at GO Shell is registered, active, and has been used at the workstation.
    • Denied: This event appears when an executed command at GO Shell isn’t
  • Execution: which entity acted. 
  • Credential used: describes the credential related to the GO Endpoint Manager application. 
  • Type: type of event.
    • Online
    • Offline
  • Date/Time: date and time the event occurred in the application. 
  • Action: you can change the permission of an application used by the user and restrict or release the use of the tool. 
  • Other actions: visit the Typical screen for more information.
Caution
Logs before the version 3.27 upgrade are not displayed in GO Endpoint Manager ➔ Reports ➔ Windows ➔ Events. You must add this URL in the browser path to access the old logs: /flow/coof/certificado/evento/report
Example: https://vaultsenhasegura.com/flow/coof/certificado/evento/report



Malware scan results report

Through the senhasegura platform, it is possible to obtain a list of all analyses performed on workstations with the GO Endpoint Manager.

  1. Access the senhasegura platform. 
  2. Navigate to GO Endpoint Manager➔Reports➔Windows➔Application malware analysis.
  • ID: application identification number.
  • Name: name of the scanned application.
  • MD5: generated hash of the application.
  • Reputation: ranges from -100 to 100. This is how the Virus Total service presents the binary score.
  • Verdict: Virus Totalservice diagnosis of the application. It is a categorization of the analysis.
    • Harmless: the program does not present any malware, and its execution is safe.
    • Clean: it's on Virus Total's allow list or undetectable.
    • Malware: it can be interpreted as malware.
    • Greyware: possible unwanted software (PUA/PUP).
    • Ransom: ransomware or crypto.
    • Phishing: user or device phishing attempt.
    • Banker: banking trojans.
    • Adware: presents unwanted advertisements.
    • Exploit: contains or executes an exploit.
    • Evader: contains logic for parsing evasion.
    • RAT: Remote Access Trojan.
    • Trojan: Trojan or bot.
  • Verdict confidence: shows the confidence percentage of the Virus Total assessment.
  • Date of scan: when the application scan was performed.
  • Origin: name of the machine where the scan was performed.
  • Other actions: visit the Typical screen for more information.

Report on stranded users in local groups

Search for users removed from Active Directory (AD) still registered locally on the Workstations.

  1. Access the senhasegura platform. 
  2. Navigate to GO Endpoint Manager➔Reports➔Stranded users in local groups.
  • Workstation ID: workstation identifier number. 
  • Hostname: workstation name. 
  • Username: username on the system. 
  • Group: name of the group the user belongs to.
  • Domain/hostname: name of the workstation or name of the domain of which the workstation is part. 
  • Last scan: date of the previous scan. 
  • Until: limit date. 
  • Operating system: defines the operating system. 
  • Status: Active/Inactive. 
  • Other actions: visit the Typical screen for more information.



Report on users and groups in the local administrator's group

Search for users and groups that are in the local administrator's group.

  1. Access the senhasegura platform. 
  2. Navigate to GO Endpoint Manager ➔ Reports ➔ Users and groups in the local administrator's group.
  • Workstation ID: workstation identifier number.
  • Hostname: workstation name.
  • Name: username on the system.
  • Group: name of the group the user or group is part of.
  • Entity types: filter the kind of entity found.
    • User
    • Group
    • Stranded user
  • Local or domain: choose between Local or domain.
  • Domain/hostname: name of the workstation or name of the domain of which the workstation is part.
  • Last scan: date of the previous scan.
  • Until: limit date. 
  • Operating system: sets the operating system.
  • Status: Active/Inactive.
  • Other actions: visit the Typical screen for more information.

Report on users and groups in local power users group

Search for users and groups that are in the Power Users group.

  1. Access the senhasegura platform. 
  2. Navigate to GO Endpoint Manager ➔ Reports ➔ Users and groups in the local power users group.
  • Workstation ID: workstation identifier number.
  • Hostname: workstation name.
  • Name: username on the system.
  • Group: name of the group the user or group is part of.
  • Entity type: filter the kind of entity found.
    • User
    • Group
    • Stranded user
  • Local or domain: choose between local or domain.
  • Domain/hostname: name of the workstation or name of the domain of which the workstation is part.
  • Last scan: date of the previous scan.
  • Until: limit date. 
  • Operating system: sets the operating system.
  • Status: Active/Inactive.
  • Other actions: visit the Typical screen for more information.

Workstation access history report

  1. Access the senhasegura platform. 
  2. Navigate to GO Endpoint Manager ➔ Reports ➔ Workstation access history.
  • ID: access identification number.
  • Name: the name of the person in the application that logged in to the workstation.
  • Username: username on the system that logged in.
  • Hits: number of times the user logged in.
  • First login: date of the first login.
  • Last login: date of last login.
  • Action: view the user's access history.
  • Other actions: visit the Typical screen for more information.

Workstation user access history report

  1. Access the senhasegura platform. 
  2. Navigate to GO Endpoint Manager ➔ Reports ➔ User access history on the workstation to view the report.
  • ID: access identification number.
  • Name: the name of the person in the application that logged in to the workstation.
  • Username: username on the system that logged into the workstation.
  • Date/Time: date and time the workstation was accessed.
  • Type: filter by Windows or Linux.
  • IP: address of the workstation.
  • Other actions: visit the Typical screen for more information.





Was this article helpful?