Investigating user related activity on your Security Center system - Security Center 5.6

Security Center User Guide 5.6

series
Security Center 5.6
revised_modified
2019-10-09

You can view all user activity related to video, access control, and LPR, using the Activity trails report.

Before you begin

To receive results in the Activity trails report, you must already be monitoring user activity. You can select which activities to monitor and record in the database from the System task in Config Tool (see the Security Center Administrator Guide).

What you should know

For example, you can use the Activity trails task to find out who played back which video recordings, who blocked a camera, who activated a threat level, who requested a credential badge to be printed, who used the Hotlist and permit editor task, or who enabled hotlist filtering.

Procedure

  1. From the home page, open the Activity trails task.
  2. In the Activities filter, select which of the following activities you want to investigate:
    • Access control:
      Access control unit rebooted (manually)
      Who manually rebooted an access control unit.
      Access control unit synchronization started (manually)
      Who manually started an access control unit synchronization.
      Antipassback violation forgiven
      Who forgave an antipassback violation.
      Badge printed
      Who printed a credential badge.
      Cardholder removed from area
      Who removed a cardholder, and from which area.
      Credential request canceled/completed
      Who completed or canceled a credential badge print request.
      Credential requested
      Who requested a credential badge to be printed, and why.
      Device shunted
      Who shunted (disabled) an access control device.
      Door maintenance mode canceled
      Who canceled the maintenance mode on a door.
      Door set in maintenance mode
      Who unlocked a door by setting it in maintenance mode.
      Door unlock schedule overridden (lock/unlock)
      Who overrode the lock or unlock schedule of a door.
      Door unlock schedule override canceled
      Who canceled the unlock schedule override of a door.
      Door unlocked (explicitly)
      Who unlocked a door from Security Desk using a hot action or alarm event-to-action.
      Door unlocked (manually)
      Who manually unlocked a door from the Security Desk Door widget.
      Firmware upgrade for access control unit scheduled
      The unit's upgrade is scheduled to start immediately or later, if the Delay upgrade until setting is used.
      Scheduled firmware upgrade for access control unit canceled
      The unit's scheduled upgrade was canceled
    • General:
      Alarm acknowledged/forcibly acknowledged
      Who acknowledged or forcibly acknowledged an active alarm.
      Alarm forwarded/snoozed
      Who forwarded or snoozed an active alarm.
      Alarm triggered (manually)
      Who manually triggered an alarm.
      All alarms forcibly acknowledged
      Who forcibly acknowledged all active alarms.
      Connected to remote Security Desk
      Who connected to a remote Security Desk workstation.
      Disconnected from remote Security Desk
      Who disconnected from a remote Security Desk workstation.
      Intrusion alarm acknowledged/silenced
      Who acknowledged or silenced an intrusion alarm.
      Intrusion alarm triggered
      Who manually triggered an intrusion alarm.
      Intrusion detection area disarmed
      Who disarmed an intrusion detection area.
      Intrusion detection area master/perimeter armed
      Who master or permimeter armed an intrusion detection area.
      Output triggered (manually)
      Who triggered an output pin (for example, using a hot action).
      Report exported/generated/printed
      Who exported, generated, or printed a report.
      Threat level set/cleared
      Who set or cleared a threat level, and on which area or system.
      User logged on/off
      Who logged on or off of which Security Center client application.
      Zone armed/disarmed
      Who armed or disarmed a zone.
    • LPR:
      Application updated
      Who updated a Genetec Patrollerâ„¢ or a Sharp unit.
      Hit deleted
      Who deleted a hit.
      Hotlist or permit list edited
      Who loaded a hotlist or permit list, or added, modified, or deleted license plates in the list.
      Past read matching triggered
      Who performed past read matching in Patroller.
      Photo evidence report printed (Hits/Reads)
      Who printed a hits/reads evidence report.
      Plate filtering enabled
      Which LPR Manager role has plate filtering enabled.
      Read edited/triggered
      Who edited/triggered a license plate read.
      Read/hit protected
      Who protected a license plate read or hit.
      Read/hit unprotected
      Who unprotected a license plate read or hit.
    • Video:
      Archive backup started/stopped (manually)
      Who manually started or stopped video from being backed up from an Archiver.
      Archive duplication started/stopped (manually)
      Who started or stopped video from being duplicated from one Archiver to another.
      Archive restore started/stopped (manually)
      Who started or stopped video archive from being restored to an Archiver.
      Archive retrieval from units started/stopped (manually)
      Who started or stopped transferring video from video units to an Archiver.
      Bandwidth limit exceeded
      Who requested a video stream that was unable to connect because the bandwidth limit for redirected video was reached. Or, who lost a redirected video stream connection because the bandwidth limit was reached and a user with a higher user level requested a stream.
      Bookmark deleted/modified
      Who deleted or modified a bookmark.
      Camera blocked/unblocked
      Who blocked or unblocked a camera.
      Connected to analog monitor
      Who connected to an analog monitor.
      Disconnected from analog monitor
      Who disconnected from an analog monitor.
      Live streaming started/stopped
      Which camera was displayed or removed.
      Playback streaming started
      Which recording was played.
      PTZ command sent
      What did the user do with the PTZ.
      Recording started (manually)
      Who started recording video manually.
      Recording stopped (manually)
      Who stopped recording video manually.
      Snapshot printed/saved
      Who printed or saved a snapshot.
      Video exported
      What did the user export and where did they save it.
      Video file deleted (manually)
      Who deleted a video file from the system.
      Video file protected/unprotected
      Who started or stopped protection on a video file.
      Video stream not delivered
      Whose video request was terminated without having a single frame being rendered.
      Video unit identified/rebooted/reconnected
      Who identified/rebooted/reconnected a video unit.
      Visual tracking enabled/disabled
      Who enabled or disabled visual tracking in a tile.
  3. Set up the other query filters for the report. Choose from one or more of the following filters:
    Application
    Which client application was used for the activity.
    Event timestamp
    Define the time range for the query. The range can be defined for a specific period of time or for global units of time such as the previous week or the previous month.
    Events
    Select the events of interest. The event types available depend on the task you are using.
    Impacted
    The entities that were impacted by this activity.
    Initiator
    User or role responsible for the activity.
  4. Click Generate report.
    The activity results are listed in the report pane.