File Transfer Event Criteria

Spector 360 records file transfers — downloads and uploads, including FTP, HTTP, and Peer-to-Peer communications methods that allow direct exchange of information between two computers. Use File Transfer Event criteria to focus in on transfer traffic, where it is occurring, and who's doing it most often.

Search for / in File Transfer Fields

Choosing a "keyword" criteria allows you to find file transfer events that contain particular words or phrases. Search for a file name, a domain or host name, or the characters in an IP address. Dashboard will show the file transfers whose file name or transfer destination contains a match.

To search for keywords:

Type the keywords you want to match, for example "music" and then select one of the following fields in which to search. For more about keyword matching, click here.

• Include partial matches: Check to look for a partial match; for example, the search word "man" would match "mankind" or "manage" in any of the following data fields.

• File Name: Match the keyword in filenames and return File Transfer events involving those files; for example, "mymusic.zip" or "newmusic.mp3."

• Domain: Match the keyword to domains and  return File Transfer events involving those domains; for example "musicmatch.com" and "musicnet.com."

• Host: Match the search entry to Host names and return any associated File Transfer events.

• IP Address: Match the search entry to characters in an IP address and return associated File Transfer events.

Programs

Retrieve all program events, or specify to include or exclude programs in the search.   

To retrieve File Transfers by program:

Select from the Program(s) drop-down list and specify individual programs or groups of programs you wish to include or exclude. For example, you might EXCLUDE your normal FTP application for a view of all other (possibly inappropriate) File Transfer activity. There may be Program Groups defined to make selection of programs by type easy.  See Viewing by Program.

Domains

Focus on file transfer events occurring to and from specific domains.

To retrieve File Transfers by domain:

Select from the Domain(s) drop-down list and specify individual domains or groups of domains you wish to include or exclude. For example, you might include ONLY transfers involving mycompany.com for a focused investigation. Alternatively you might EXCLUDE your company and related domains for a better picture of File Transfer activity to and from other domains. See Viewing by Domain

Action

To limit events by action:

Limit the Dashboard display to only downloaded or uploaded files. Select:

• All: Select to view both download and upload actions

• Download: Select to view only download file transfers (the destination being the computer where the recording took place).

• Upload: Select to view only upload file transfers (the source being the computer where the recording took place).
  
  

Protocol

Suppose you review Network events by Received (Rcvd) Bytes and discover a large increase during a specific time period (non-working hours). To protect the company, you want to know if this spike is being caused by employees illegally downloading music files. Select Gnutella and Kazaa Protocols and Download Action criteria to filter what is displayed.

To filter events based on the transmission protocol:

Select one of the following protocols. Click each for a brief exploration.

• All: view events from all file transfer protocols

• Gnutella

• Kazaa

• FTP

• HTTP

• MSN

Related Topics