Events Page

This page includes:

About the Events page

The Users > Events page lets you see the events log - that's a log of specific events that occurred on any device on which the extension is deployed. Logged activity events include events such as:

  • attempts to access websites that are blocked [or "warned"] by policy restrictions

  • attempts to download files that have extensions that are blocked by policy restrictions

  • attempts to upload files

  • downloaded files that were blocked because they could not be scanned because they were too large or were password-protected

The events log also displays events that were performed on 3rd-party extensions on end-user devices.

Note:

  • Successful attempts are not included in the log [except for successful login attempts and upload attempts - which are included].

  • The Events page shows activity events that are triggered by website rules and failed downloads. To see events that were triggered due to malicious content, see Scans.

For information about how to define policy restrictions, see Website Rules.

You can click the Export to CSV button [in the top-right corner of the Events page] to generate and download a CSV file that contains the displayed events.

Available events

Below is the full set of events that are logged in the events log. Details of some of the events are shown below [Events - in detail].

File scans

  • File not scanned

  • File scan failed

File uploads

  • Successful file upload

    Note: By default, successful upload attempts are not logged in the extension activity table; blocked upload attempts are logged. You can configure successful upload attempts to be logged as well. For details, see Audit file uploads.

  • File upload blocked

    Note: For information about how to configure whether or not blocked upload events are recorded, see Report events.

File downloads

  • File download blocked by policy

  • File download blocked

Website access

  • User logged in to website

    Note: You can configure FortiMail Browser Security to not record website logins. For details, see Monitor login activity.

  • Website blocked by policy

  • Website category blocked by policy

  • User warned before accessing website

Sensitive data input

  • Sensitive data input

3rd-party extensions

  • 3rd party extension enabled

  • 3rd party extension installed

  • 3rd party extension uninstalled

  • 3rd party extension updated

  • 3rd party extension disabled

  • [Failed to disable extension]

  • ------------

  • Extension disabled by policy

Events - in detail

The two tables below show details of the events that are logged in the events log:

Blocked website activity - based on policy

Activity event trigger

Activity title

Sample activity details

Attempted to access a URL that is included in a blocked domain

Website blocked by policy

 

Specific url is in block list: https://MyGamblingSite.com/

Attempted to access a URL that is included in a "warned" domain

User warned before accessing website

The URL is included in a warned category: [Generative AI]. URL: https://chat.openai.com/auth/login

Attempted to access a URL that is included in a blocked category

Website blocked by policy

 

URL of category adult blocked: https://Acme-adult.com/hello

Attempted to download a file from a blocked domain

[currently available using the downloadsBlackList advanced features only - not available in the UI]

File download blocked by policy

Download blocked as it originated in acme.com: DownloadFile.exe

Attempted to download a file that has a blocked extension

File download blocked by policy

Download blocked as it is of type exe: DownloadFile.exe

Attempted to upload a file:

  • Permitted: User was permitted to upload a file to the specified URL-domain.

    Note: By default, successful upload attempts are not logged in the extension activity table; blocked upload attempts are logged. You can configure successful upload attempts to be logged as well. For details, see Audit file uploads.

  • Blocked: User was prevented from uploading a file to the specified URL-domain.

    Note: For information about how to configure whether or not blocked upload events are recorded, see Report events.

  • Permitted: Successful file upload

  • Blocked: File upload blocked

  • Permitted: User uploaded the following file(s) to https://acme.com: Clean-file.doc

  • Blocked: The system blocked an attempt to upload the following file(s) to https://acme.com: Clean-file.doc

Attempted to paste out of a blocked domain

No event is recorded

---

Attempted to print from a blocked domain

No event is recorded

---

Website scan verdict is malicious

No event is recorded

---

Policy restrictions can be specified either in the Website Rules tab inside each policy or using advanced features. For information on how to define policy restrictions, see Website Rules.

Scans not completed on downloaded files

Reason for event

Activity title

Sample activity details

File is too large

File not scanned

File VeryLargeFile.txt was downloaded. It was not scanned because it was too large.

File downloaded by a third-party browser extension

File not scanned

File downloaded by a browser extension was not scanned.

File is password protected

File scan failed

File Password-Protected.zip was downloaded. It was not scanned because it was password protected.

Unknown

No event is recorded

File Downloaded-file.png was downloaded, but the scan was not completed successfully.

File download scan verdict is malicious

  

---

Data retention

Events in the events log are maintained for 365 days.

See also: