Skip to main content

Investigating - Device Analyzer

Updated over 3 months ago

This guide will walk you through the process of investigating IOS and Android login events using the device analyzer tool.


STEP ONE:

Sign into your Cloud Access Monitor instance.


STEP TWO:

Navigate to the Audit & Control page, and select the Name of your desired Cloud Environment. (Global Views will show all accounts in your domain, while filtered views will show only users for that view)


STEP THREE:

Navigate to the Accounts tab, and select the "Device Analyzer" subtab above the search bar.


STEP FOUR:

By default the tool displays 24 hours of device login data in the results table. You can update timeframe filters and utilize search parameters to refine the summary data as needed. All summary results are exportable for reporting.

  • Search Bar: The Search bar is a great way to quickly find information about a specific device type, model or email. You can change the search parameter by selecting the down arrow.

mceclip45.png
  • Filter By Date: Allows you to select a specific time frame for review.

mceclip46.png
  • Download CSV Report: Allows you to download platforms summary section details in a CSV file format.

mceclip48.png

STEP FIVE:

Reviewing summary details and user data.


USER NAME:

  • The First column in the results summary section is User Name.

  • Selecting a User name: If you would like more detailed information about a specific accounts device login simply click the name.

  • Status: Indicates login outcome.

  • Compromised Status: Indicator for compromised activity.

  • Release Version: Indicates users device level version.

  • Security Patch Level: Indicates security level.

  • Password Status: Indicates if password for access is enabled.

  • Privilege: Indicates privilege level for device.

  • Created On: Indicates when the event occurred.


USER EMAIL:

  • The User email column in the results summary section simply displays the related account email.


MODEL:

  • The Model column in the results summary section indicates the device model used for sign-in.


DEVICE TYPE:

  • The device type column in the results summary section indicates the device type used for sign-in.


STATUS:

  • The status column in the results summary section provides the outcome of the sign-in event.


FIRST and LAST SYNC:

  • The first and last sync column in the results summary section sets the First time the device was accounted for on login. While the Last time gets set on most recent device event login.

Did this answer your question?