It can sometimes be hard to identify activity across your estate that doesn't fit into your normal routine. More often than not, it's down to common error. People leaving their car keys or phone and need to unset the system again - we're all human! 

But how does this look in the alarm data? 

With the Suspicious Activity Report, you can determine whether a trip back to the office or store after you've closed for the night is a potential security risk. 

The Suspicious Activity report works by first determining what time you, as the customer, expects your site to close. With the Daily Open and Close reports, you can schedule the required time each of your sites should arm and disarm their system.

Taking the expected close time as the benchmark, when your site finally closes/arms the system, the Suspicious Activity report gets to work. 

When the close alarm is receiving into CONXTD, you have a 3 minute buffer period where, in the example above, you can open up your site to retrieve your phone and rearm/close. 

If this is completed within the 3 minute buffer period, this will be considered an acceptable activity. If for example, the site is left open/disarmed for longer than 3 minutes, the event will be tagged a suspicious activity.

If the Report has identified a suspicious event that you would like to investigate more deeply, you can access the event in question by clicking on the blue site name:

This will open up the event side bar, and scroll down the timeline to the event identified in the report. 

From here, you can get the bigger picture of the events leading to and proceeding the suspicious activity.