It can sometimes be hard to identify activity across your estate that doesn't fit into your normal routine. More often than not, it's down to common error. People leaving their car keys or phone and need to unset the system again - we're all human!
But how does this look in the alarm data?
With the Suspicious Activity Report, you can determine whether a trip back to the office or store after you've closed for the night is a potential security risk.
How it works
The Suspicious Activity report works by first determining what time you, as the customer, expects your site to close. With the Daily Open and Close reports, you can schedule the required time each of your sites should arm and disarm their system.
Taking the expected close time as the benchmark, when your site finally closes/arms the system, the Suspicious Activity report gets to work.
When the close alarm is receiving into CONXTD, if the site opens/disarms within 3 minutes, it will be considered as acceptable activity. This is usually where a staff member had forgotten something.
If the site opens/disarms after 3 minutes, say for example 10 minutes after the close, this is tagged as suspicious activity.
Further investigation
If the Report has identified a suspicious event that you would like to investigate more deeply, you can access the event in question by clicking on the blue site name:
This will open up the event side bar, and scroll down the timeline to the event identified in the report.
From here, you can get the bigger picture of the events leading to and proceeding the suspicious activity.