Getting Started with ObserveIT

The ObserveIT software is easy to deploy, configure, and manage. New installations are easily performed by using the 'One Click' setup procedure, and within minutes you will be able to record, replay, detect risky user activity, and work with ObserveIT.

This topic provides an overview of the main steps required to get up and running quickly with the ObserveIT system.

The following steps are recommended as a guideline:

• Get an overview of the product. See Product Overview and Product Architecture and Components.

• How do I deploy ObserveIT?

  • Plan your installation. See System Requirements and Supported Platforms.

  • Obtain and install a valid ObserveIT license. See Activating the ITM On-Prem License.

  • Install the product using the custom installation procedure. See ITM On-Prem (ObserveIT) Custom Installation.

  • Install ITM On-Prem (ObserveIT) Agents on all monitored endpoints. See Windows Agent Deployment , Mac Agent Deployment Overview and Installing a Unix/Linux Agent.

• Who are the users and what are their permissions?

  ObserveIT administrators are also known as Console Users. Console Users can log on to the ITM On-Prem Web Console and view recorded sessions and other information, as well as make configuration changes based upon their role. For details, see ITM On-Prem Web Console Users.

• How do I log in to the ITM On-Prem Web Console?

  When logging on to the Web Console, ObserveIT Console Users enter their credentials in the form of a user name and password. First time users of the ITM On-Prem Web Console will be prompted to set the default Admin password. For details, see Logging In to the Web Console.

• How do I configure the settings that define what the Agent records?

  The Agent recording settings are configured through policies, either at the endpoint level, or on a group of endpoints. From within the ITM On-Prem Web Console you can define what the Agent should capture. By using inclusion or exclusion, you can control many aspects of the recording policy: the users, applications, specific files, URLs and specific keystroke events. For details, see Configuring Recording Policy Settings.

• Can I utilize user/group accounts within an Active Directory domain?

  By configuring an LDAP connection between the Application and Web Console components and an external LDAP server, you can utilize user/group accounts from within an Active Directory domain, obtain access to the ITM On-Prem Web Console, and provide users with credentials for ObserveIT Identification Services. For details, see LDAP Settings Configuration.

  Secured SSL communication to Active Directory via LDAP (LDAPS) can be configured to encrypt all communication via Active Directory. For details, see Enabling Secured LDAP.

• Can I configure SMTP settings?

  You can configure SMTP to enable configured console users to receive email notifications about alerts, system events, and reports. For details, see SMTP Configuration.

• How do I secure my ObserveIT network?

  See Configuring Traffic Security for information on:

  • Configuring the ITM On-Prem Agent (ObserveIT Agent) to use SSL (or TLS) when communicating with the ITM On-Prem (ObserveIT) Application Server.

  • Protecting traffic between the client machine and the server running the ITM On-Prem Web Console by using SSL (or TLS) encryption.

  • Enhancing database security by encrypting communication to and from the ITM On-Prem (ObserveIT) Database.

• How do I secure my recorded data?

  See Implementing Security and Privacy for information about security features and best practices that can help to secure your session data and images.

• How do I maintain user and session replay privacy?

  Although ObserveIT allows Console Users proper roles and permissions to replay any session for which they have permissions, you can configure additional security measures to protect the privacy of recorded sessions, by assigning a password that must be entered each time a Console User wants to replay sessions. For details, see Securing the Privacy of Session Replay.

• How can I protect the privacy of recorded users?

  ObserveIT enables all personal information that could identify users to be "anonymized". When "Anonymization" is enabled, personal user information is hidden in the ITM On-Prem Web Console unless specifically requested and approved to be exposed. For details, see Protecting the Privacy of Users (Anonymization).

• How do I track suspicious activity on the monitored endpoints?

  Alert and prevent rules can be configured by ObserveIT administrators to trigger alerts when suspicious activities occur on monitored endpoints, increase security awareness, and prevent unauthorized and malicious activity via policy enforcement. The assignment of alert rules to Lists enable you to configure and operate alert rules efficiently. For details, see Managing Rule Categories.

  File Activity Monitoring helps you identify and prevent data exfiltration, by tracking and alerting when files are downloaded or exported using browsers or web-based applications, and when files are copied or moved to default local sync folders of cloud storage services. For details, see Monitoring File Activity to Identify and Prevent Data Exfiltration.

  ObserveIT's extensive library of out-of-the-box alert rules have built-in policy notifications that are designed to increase the security awareness of users, and reduce overall company risk. Rules are mapped to User types such as Privileged Users, Everyday Users, Remote Vendors, and so on. They are grouped according to security Categories to help navigation and management. For details, see Insider Threat Intelligence Guide.

• How can I view the users who are putting my organization at risk?

  ObserveIT’s Insider Threat Intelligence platform enables you to track users that have experienced any type of policy notification or enforcement as a result of violating company policy or security rules. Real-time notifications provided in the context of their activity enable you to centrally manage and enforce security policies. Every user notification message triggers an alert that notifies security specialists about the incident and updates the user’s risk score. Profiles of risky users can be investigated to precisely analyze users' activities. For details, see Insider Threat Intelligence Guide.

• How can I protect my organization against data loss?

  The ObserveIT detection mechanism prevents data exposure, data theft, and out-of-company-policy activities, by enabling you to track the copying of large files, the connection of USB devices with the intent to steal data, or the printing of sensitive documents. For details, see Detecting Data Loss in ObserveIT and Detecting the Printing of Files.

• How can I control the health of my system?

  The ObserveIT Admin Dashboard provides at-a-glance graphical summaries of the operational statuses of installed ITM On-Prem (ObserveIT) Agents and infrastructure. From this dashboard, ObserveIT administrators can quickly identify events and statuses across the system, and respond accordingly. For details, see Monitoring Overall System Health (Admin Dashboard).

• How and where is my recorded data stored?

  SQL Server databases are used to store user activity configuration data, user analytics data, textual audit metadata, and screenshots captured by the ITM On-Prem (ObserveIT) Agents for video replay (unless the file-system is used). For details, see Backing Up the ITM On-Prem (ObserveIT) Databases.

• How can I archive and backup data?

  ObserveIT's built-in database archiving capabilities can decrease disk space usage and reduce the maintenance required, for example in defragmentation, backup and restore procedures. For details, see Archiving ITM On-Prem (ObserveIT) Data.

• Can I integrate user activity and alert data with SIEM systems?

  ObserveIT can be integrated into existing SIEM monitoring software to enhance real-time alerting and compliance reporting capabilities. For details, see Integration using ITM On-Prem (ObserveIT) RESTful API and Integration using CEF Logs.