User activity reports, statistics, and forensics


Ekran System user activity report and statistics feature provides security specialists a powerful tool to analyze potential cyber threat landscape for a period of time and cross-check incident response activities.


While summarized information is provided in a report, user activity monitoring video log of each session gives all details required for in-depth investigation. Thus you can flag suspicious events in user action statistics and then research them in detail with session analysis.


Ekran System user activity reports comprise crucial data to analyze users’ behavior such as visited URLs and started applications with time spent in them, captured keystrokes, executed Linux commands with parameters, plugged-in/blocked USB devices. Each report can be generated in multiple formats including PDF, HTML, Excel spreadsheet, CSV, and Text format (simple & rich text). User action statistics are illustrated by pie charts and bar charts.


Ekran System advanced report types


Ekran System software solution provides such advanced report types:


  • User activity report provides summary details about all applications used by specified users or user groups within specified time interval and includes duration of work within each application. This format is important to report employee activity monitoring results and can be used to flag suspicious activity of server administrators.
  • URL report presents the list of all visited websites (URLs) for the specified users and time interval together with the duration of time spent on each website. This information is an important addition to the employee activity statistics.
  • Linux report is specifically designed for Linux servers containing all executed Linux commands with parameters for the specified hosts and time interval. Important aspect of this report is that it represents all executed commands, including those in the run scripts.
  • USB report is related to the USB device management and represents all events related to the USB devices: details on the connected USB devices, USB device blocking events.
  • Keystroke report contains all captured keystrokes for the selected users and endpoints during a selected period of time. This information is aligned with the applications and activity titles.
  • Alert report is related to the real-time alerting functionality and provides information on all triggered alerts on suspicious events appeared in the system during a period of time. This report is useful to cross-check incident response activity and audit all potentially dangerous issues.


With report scheduling, you can set up rules to get all important summary information regularly delivered to the necessary mailboxes. And any time you can generate ad-hoc report with custom parameters.


Internal audit


Ekran System has a specific type of log for all actions performed by Ekran System users within its Management Tool, in particular installation / uninstallation of Clients, changing monitoring settings, enabling / disabling alerts, etc.


This option allows to obtain the audit trail on all administrative activity performed in the software system, and track access to the security monitoring records. Besides being important aspect of the security process audit, it is required by the regulatory compliance norms.


Forensic export


Ekran System allows to deliver results of user activity monitoring in forensic format. You can export a full monitored session or a fragment of it into an independent stand-alone protected format. The exported information includes:


  • Video log,
  • Synchronized metadata,
  • Embedded played and navigation controls.


The result is an exe file. To guarantee the integrity of exported monitored data, Ekran System solution signs this file with server-specific e-key transforming it into protected format with opportunity to validate it at any time and use for further investigation and user activity forensics.



Providing multiple tools to organize, securely perform, and report user activity monitoring, Ekran System stay cost-effective for both SMB and big enterprises. Its flexible subscription model enable deployments of any size.