# INSIGHT Dashboard The GuardWare INSIGHT Dashboard provides a centralised view of your organisation’s data activity, user behaviour, and potential security risks. It brings key insights into one place, helping you monitor file movements, SharePoint activity, email usage, AI tool usage, device activity, label events, location-based risks, and other sensitive events. The dashboard helps administrators and security teams to quickly detect unusual behaviour, assess risk levels, and investigate incidents across the organisation. The dashboard includes the following Risk Category tabs, allowing you to switch between different risk areas. Each tab contains widgets that provide insights into data usage patterns, trends, and potential threats. 1. [Risk Summary](#risk-summary) 2. [Data Type Risks](#data-type-risks) 3. [SharePoint Risks](#sharepoint-risks) 4. [AI Usage Risks](#ai-usage-risks) 5. [Behaviour Risks](#behaviour-risks) 6. [Label Events](#label-events) 7. [Location Risks](#location-risks) 8. [Protected File](#protected-files) 9. [System Risks](#system-risks) You can also create **custom dashboards** and choose the widgets according to your organisation’s monitoring priorities. For details on creating custom dashboards, see [Create a New Dashboard](#create-a-new-dashboard). Use the **Search** icon in the top-right corner to filter the dashboard data.

## Dashboard Risk Categories and Widgets ### Risk Summary Risk Summary provides an overview of key security and data protection indicators across your organisation. It displays critical activities such as file sharing, data transfers, email usage, and device interactions, helping you identify potential risks and monitor sensitive information in real time. This is particularly useful for executives and security managers who need a quick summary of data-related risks without navigating through detailed reports. Each widget in this risk category displays the following: 1. Activities related to various categories like SharePoint, File and data transfer, file upload, usage of AI tools, non-corporate websites and applications, and so on. 2. The total number of users involved in specific activities or incidents during the specific period. 3. The total number of incidents recorded for each monitored category. (for example, how many files were downloaded). 4. Risk levels for each activity category. You can export a widget’s data to **PDF or Excel** by clicking **Download Excel** or **Download PDF** in the top-right corner of the widget. #### Risk Levels Each activity in the widgets is assigned a risk level that indicates the severity of detected activities. The risk level for each activity is defined in [Risk Definitions](/insight/settings/risk-definitions.md).

Risk Level	Colour	Description
No Risk	⬜ White	No unusual or unauthorised activity detected. This includes routine activities within corporate policy.
Low Risk	🟩 Green	Minor or low-impact activities that slightly deviate from standard policy but pose minimal threat, such as occasional access from non-corporate networks.
Medium Risk	🟨 Yellow	Actions that may require review, such as occasional file transfers to external sites.
High Risk	🟥 Red	Activities that indicate potential misuse or data breaches, such as unauthorised data sharing or file copying to external drives.

#### Widgets in Risk Summary

Category	Widget Name
SharePoint Activities	External SharePoint Events
	Internal SharePoint Events
Email Activities	Email Activities
Data Transfers	Data Transfer Using Non-Corporate Websites
	File Uploads to Non-Corporate File-Sharing Applications
Device Usage	Storage Device Risk
	Printing Incidents
	Access of Documents on Local Devices
Behavioural Monitoring	Key Stroke Capture
	Copy Paste
	Access of Documents on Local Devices
	Usage of AI Tools
	Usage of Non-Corporate Websites
	Usage of Non-Corporate Applications

#### External SharePoint Events The External SharePoint Events widget helps you track how files are accessed and shared by users outside your organisation, such as partners, vendors, or contractors. It highlights activities such as access or downloads from sensitive libraries, actions by anonymous or invited users, access from mobile devices, and file interactions through links shared on Teams. This widget allows you to investigate events at multiple levels of detail: * **Summary View:** Displays an overview of external SharePoint activities, including the number of users, total incidents, and risk level for each risk category.

* **Event Details View:** Click the **View** icon in the **ACTION** column to view detailed information, including username, email address, file name, incident date and time, file path, expiry date, URL, etc. Use the search filter at the top to quickly filter specific information.

#### Internal SharePoint Events The Internal SharePoint Events widget helps you track how files are accessed and shared by users within your organisation. It shows who has viewed, modified, or shared files across SharePoint, highlighting activities such as link creation for anonymous users, access to sensitive libraries, downloads from mobile devices, and file access through links shared on Teams.

Click the **View** icon in the **ACTION** column to view detailed information, including the username, email address, file name, incident date and time, file path, expiration date, URL, etc. Use the search filter at the top to quickly filter specific information.

#### Email Activities The Email Activities widget provides an overview of email usage patterns across your organisation, helping you monitor how attachments and sensitive information are shared through corporate email channels. It tracks email attachments sent from corporate to non-corporate domains, as well as emails sent to insecure, personal, or internal corporate addresses, and attachments shared from non-corporate email accounts. Click the **View** icon in the **ACTION** column to view detailed information, including the username, date and time, sender and recipient addresses, subject, and file name.

Click the menu icon (**☰**) in the **ACTION** column to drill down further into the details, and use the search filter at the top to quickly filter for specific information. #### Data Transfer using Non-Corporate Websites The Data Transfer using Non-Corporate Websites widget helps you track file uploads or transfers made to non-corporate websites, such as public file-sharing services or personal cloud storage platforms. It helps you detect and prevent potential data leaks by identifying instances where sensitive files may have been transferred outside secure corporate networks. Click the **View** icon in the **ACTION** column to view detailed information, including the username, PC name, file name, software used, website URL, and the date and time of the violation.

Click the menu icon (**☰**) in the **ACTION** column to drill down further into the details, and use the search filter at the top to quickly filter for specific information. #### File Uploads to Non-Corporate File Sharing Applications The File Uploads to Non-Corporate File Sharing Applications widget helps you track files uploaded via applications such as Dropbox or Google Drive that are not managed through your organisation’s approved corporate accounts. Frequent uploads to these applications can indicate attempts to bypass corporate storage policies or move confidential data to personal accounts. Click the **View** icon in the **ACTION** column to view detailed information, including the username, file name, file path, application name, and violation date and time.

Click the menu icon (**☰**) in the **ACTION** column to drill down further into the details, and use the search filter at the top to quickly filter for specific information. #### Storage Device Risk The Storage Device Risk widget helps you track files copied or moved to portable storage devices such as USB drives or external hard disks, along with the users who performed these actions. Because these transfers are often offline and unmonitored, this widget helps mitigate risks of data theft or accidental exposure through removable media. Click the **View** icon in the **ACTION** column to view detailed information, including the username, file name, file path, transfer means, PC name, and violation date and time.

Click the menu icon (**☰**) in the **ACTION** column to drill down further into the details, and use the search filter at the top to quickly filter for specific information. #### Printing Incidents The Printing Incidents widget helps you track files printed using non-corporate or unauthorised printers. It provides visibility into printing activities that may lead to hard-copy data leaks. Click the **View** icon in the **ACTION** column to view detailed information, including the username, file name, file path, printer name, PC name, and violation date and time.

Click the menu icon (**☰**) in the **ACTION** column to drill down further into the details, and use the search filter at the top to quickly filter for specific information. #### Keystroke Capture The Keystroke Capture widget helps you detect specific keywords or phrases typed by users that match predefined monitoring criteria (for example, financial terms, project codes, or classified labels). It helps detect early signs of policy violations, insider threats, or attempts to exfiltrate sensitive data through manual entry or chat messages. Additionally, screenshots are captured at the moment users type sensitive words, allowing you to visually review the exact scenario and better understand the intent and risk behind each action. Click the **View** icon in the **ACTION** column to view detailed information, including the username, application name, PC name, violation date and time, and a screenshot of the violation.

Click the menu icon (**☰**) in the **ACTION** column to drill down further into the details, and use the search filter at the top to quickly filter for specific information. #### Copy Paste The Copy Paste widget helps you monitor how sensitive information is copied and pasted into non-corporate applications across your organisation, giving you visibility into potential data leakage risks. The widget provides an overview of users involved and the number of incidents associated with each user. Additionally, screenshots are captured at the moment sensitive content is pasted, allowing you to visually review the exact scenario and better understand the intent and risk behind each action. Click the **View** icon in the **ACTION** column to view detailed information, including PC name, username, violation date and time, and a screenshot of the violation.

Click the menu icon (**☰**) in the **ACTION** column to drill down further into the details, and use the search filter at the top to quickly filter for specific information. #### Access of Documents on Local Devices The **Access of Documents on Local Devices** widget helps you track when Office documents, such as Word, Excel, or PowerPoint files, are opened on local devices. Tracking local document access helps ensure files are viewed only by authorised users and assists in identifying unusual access outside regular working patterns. Click the **View** icon in the **ACTION** column to view detailed information, including the username, file name, file path, PC name, and violation date and time.

Click the menu icon (**☰**) in the **ACTION** column to drill down further into the details, and use the search filter at the top to quickly filter for specific information. #### Usage of AI Tools The **Usage of AI Tools** widget helps you track any instance where corporate files are uploaded to AI-powered platforms such as ChatGPT, Gemini, and similar tools. These tools may inadvertently store or process sensitive information externally. Click the **View** icon in the **ACTION** column to view detailed information, including the username, application name, URL, PC name, and violation date and time.

Click the menu icon (**☰**) in the **ACTION** column to drill down further into the details, and use the search filter at the top to quickly filter for specific information. #### Usage of Non-Corporate Websites The **Usage of Non-Corporate Websites** widget helps you track how much time users spend browsing or interacting with non-corporate websites. It helps identify productivity risks and potential exposure to untrusted domains.

Click the **View** icon in the **ACTION** column to view detailed information, including the username, PC name, website source, total time spent on the website, and violation date. Use the search filter at the top to quickly filter specific information. #### Usage of Non-Corporate Applications The **Usage of Non-Corporate Applications** widget helps you monitor the use of unapproved applications that are not part of your organisation’s authorised software list. Frequent use of such tools can introduce vulnerabilities, create compliance risks, or bypass existing security controls.

Click the **View** icon in the **ACTION** column to view detailed information, including the username, PC name, application source, total time spent on the application, and violation date. Use the search filter at the top to quickly filter specific information. ### Data Type Risks #### Widgets in Data Type Risks

Category	Widget Name
Incident Overview	Incidents By Data Type
File and Data Transfers	Application Transfer
	Website Uploads
	Storage Transfers
Email and Printing	Printed Files
	Emails
User Activity	Document Views
	Keystrokes
	Copy Paste

#### Incidents By Data Type The **Incidents by Data Type** widget provides a breakdown of detected incidents based on predefined data types, helping you understand how sensitive information is being handled across different channels. You can use this widget to identify which types of sensitive data are most at risk, how they are being exposed, and through which user activities. This widget allows you to investigate incidents at multiple levels of detail: * **Summary View:** Displays an overview of incidents grouped by data type, helping you identify which sensitive data categories are most frequently involved in policy violations across different activities and channels.

* **Incident Details View:** Click a specific record to view detailed incident information, such as username, violation date and time, activity type, device name, file name, application, and detected data type.

* **Detected Content View:** Click the menu icon (☰) in the **ACTION** column to further investigate the incident and view the specific sensitive data or matched policy content detected within the file or activity.

#### Application Transfer The **Application Transfer** widget helps you track policy violations detected during file transfers through specific applications or cloud-based services such as Dropbox, Google Drive, OneDrive, FileZilla, and WhatsApp. It provides visibility into tools, whether corporate-approved or not, being used to move data and users involved in moving the data, helping identify potential data-leakage channels or policy violations. You can filter the data by application name, data type, and user.

Click a specific record to view detailed information, including the username, date and time of the violation, application name, device name, file name, data type, and so on.

Click the menu icon (**☰**) in the **ACTION** column to further drill down into detected content in the transferred file.

#### Printed Files The **Printed Files** widget helps you track violations related to printing activities and identify potential data leaks through physical copies. It helps you identify unauthorised or excessive printing of sensitive or confidential documents and trace which users and devices were involved. You can filter the data by printer name, rule, and user.

Click a specific record to view detailed information, including the username, date and time of the violation, printer name, file name, data type, printer's location, first 500 characters of the printed document, and so on.

Click the menu icon (**☰**) in the **ACTION** column to further drill down into detected content in the printed file. #### Emails The **Emails** widget helps you track email-related policy violations across both message content and attachments, helping you monitor how sensitive information is shared within your organisation. It includes detailed insights into violations found in emails sent through both corporate and non-corporate accounts, allowing you to identify risks and ensure compliance with communication policies.

Click a specific record to view detailed information, including the username, date and time of the violation, email provider, subject, data type, file name, device name, sender and recipient information, VPN used or not, location, SSID, and the first 500 characters of the email content.

Click the menu icon (**☰**) in the **ACTION** column to further drill down into detected content in the printed file. #### Website Uploads The **Website Uploads** widget helps you detect and prevent potential data leaks by identifying websites where sensitive content was uploaded or shared. This widget shows which files are transferred and the total number of uploads or transfers to both corporate and non-corporate websites, such as public file-sharing services or personal cloud storage platforms, along with the users who initiated them.

Click a specific record to view detailed information, including the username, violation date and time, website URL, file name, device name, VPN used or not, location, SSID, and the first 500 characters of the transferred file.

Click the menu icon (**☰**) in the **ACTION** column to further drill down into detected content in the transferred file. #### Storage Transfers The **Storage Transfers** widget helps you detect and prevent potential data leaks by identifying files copied or transferred to removable media. This widget shows the total number of files transferred to USB drives or external storage devices, along with the users who performed these actions, and provides detailed visibility into file transfers to help you ensure they align with your organisation’s policies.

Click a specific record to view detailed information, including the username, violation date and time, website URL, file name, device name, file path, data type, VPN used or not, location, SSID, serial number of the USB, and the first 500 characters of the transferred file.

Click the menu icon (**☰**) in the **ACTION** column to further drill down into detected content in the transferred file. #### Document Views The **Document Views** widget helps you monitor how sensitive documents are accessed and viewed across your organisation. It provides detailed visibility into user activity, such as which documents were viewed and who viewed them, to ensure that confidential files are only accessed by authorised users within authorised limits.

Click a specific record to view detailed information, including the username, violation date and time, data type, VPN used or not, application used to view the file, file name, device name, file path, location, SSID, and the first 500 characters of the viewed file.

Click the menu icon (**☰**) in the **ACTION** column to further drill down into detected content in the viewed file. #### Keystrokes The **Keystrokes** widget helps you track and monitor sensitive phrases entered by users across your organisation. It enables you to detect potential insider threats and identify attempts to manually share confidential information through chat messages, documents, or forms.

Click a specific record to view detailed information, including the username, violation date and time, data type, VPN used or not, application used to view the file, device name, location, and SSID. The widget also **includes a screenshot** of the user’s screen at the time the sensitive phrase was entered, providing additional context for investigation.

Click the menu icon (**☰**) in the **ACTION** column to further analyse the detected content. #### Copy Paste The **Copy Paste** widget helps you monitor how data is transferred between applications through copy and paste actions. It provides visibility into potential data leakage by identifying when sensitive information is copied and pasted from one application to another.

Click a specific record to view detailed information, including the username, violation date and time, source application, target application, data type, VPN used or not, application used to view the file, device name, location, and SSID. The widget also includes a screenshot of the user’s screen at the time the sensitive content was pasted, providing additional context for investigation.

Click the menu icon (**☰**) in the **ACTION** column to further analyse the copied content. ### SharePoint Risks #### Widgets in SharePoint Risks

Category	Widget Name
File and User Activity	SharePoint File Access And Download Logs By File Name Or By Platform
Library Activity	SharePoint Activity Logs By Library Name
Link and Access Management	SharePoint Anonymous Link Creation By File Name Or By Username
	SharePoint External File Access Logs By File Name Or By Username
Downloads and Access by Platform	SharePoint File Download Logs By File Name
	SharePoint File Access Logs By Platform
	SharePoint File Download Logs By Platform

#### SharePoint File Access And Download Logs By File Name Or By Platform The **SharePoint File Access And Download Logs By File Name Or By Platform** widget displays detailed logs of file access and download activity for SharePoint files. It provides visibility into how and where files are being used across your organisation’s SharePoint environment, helping you track external collaboration and detect potential unauthorised sharing through anonymous or external access links. You can filter the data by filename, platform name, and IP address. For each file, the widget shows: * **Secure Links Created**: Number of secure or organisation-approved sharing links created. * **Anonymous Links Created**: Number of public or unrestricted sharing links generated. * **Accessed by (Internal/External)**: Number of times files were accessed by internal or external users. * **Downloaded by (Internal/External)**: Number of times files were downloaded within or outside the organisation.

Click a specific record to view detailed information, including the user who accessed or shared the file, file path, incident date and time, browser name, and so on. #### SharePoint Activity Logs By Library Name The **SharePoint Activity Logs By Library Name** widget displays activity logs for SharePoint libraries, showing file access, sharing, and download activity within each document library. It helps you track how data is being used within different libraries and identify which files or folders are being accessed most frequently, and detect unusual access patterns.

For each library, the widget lists details such as: * **File Path and Site Name:** Location of the library and the associated SharePoint site. * **File Name:** Name of the file stored in that library. * **Secure Links Created / Anonymous Links Created:** Number of secure or public links generated for files within the library. * **Accessed by (Internal/External):** Number of times files were accessed by internal staff or external users. * **Downloaded by (Internal/External):** Number of times files were downloaded inside or outside the organisation. Click a specific record to view detailed information, including the user who accessed the file, file name, file path, URL, incident date and time, browser name, and so on. #### SharePoint Anonymous Link Creation By File Name Or By Username The **SharePoint Anonymous Link Creation By File Name Or By Username** widget displays details of anonymous link creation activity within SharePoint. It helps you identify when files are shared publicly through links that allow access without authentication. The **SharePoint Anonymous Link Creation By File Name Or By Username** widget is crucial for monitoring data exposure risks, as anonymous links bypass user identity verification and can be forwarded to unauthorised recipients. By tracking which files and users are involved, you can review, revoke, or restrict public sharing and enforce secure link policies. You can filter the data by file name or user name. For each file or user, the widget shows: * **Number of Users:** How many users created anonymous links for the listed files. * **Number of Incidents:** How many times anonymous links were generated for the same file or by the same user. Click a specific record to view detailed information, including the user who created the link, file name, file path, URL, incident date and time, browser name, and so on. #### SharePoint External File Access Logs By File Name Or By Username The **SharePoint External File Access Logs By File Name Or By Username** widget provides visibility into external access activity for SharePoint files. It helps you track when and how files stored in SharePoint are being accessed by users outside the organisation’s domain. The **SharePoint External File Access Logs By File Name Or By Username** widget is essential for identifying data exposure risks through external collaboration or sharing. By reviewing external access patterns, you can verify whether file-sharing aligns with business requirements and take action to revoke access or strengthen permissions when needed. You can filter the data by file name or user name. For each file or user, the widget includes: * **Number of Users:** Total external users who accessed the file. * **Number of Incidents:** Total number of times the file was accessed externally. Click a specific record to view detailed information, including the user who accessed the file, file name, file path, URL, incident date and time, browser name, and so on. #### SharePoint File Download Logs By File Name The **SharePoint File Download Logs By File Name** widget displays detailed logs of file download activity within SharePoint. It helps you track which files are being downloaded, by whom, and how often, helping ensure that downloads comply with organisational data handling policies. You can filter the data by internal or external users. For each file, the widget shows: * **Number of Users:** Total users who downloaded the file. * **Incidents:** Total number of download actions recorded for that file. Click a specific record to view detailed information, including the user who downloaded the file, file name, file path, URL, incident date and time, browser name, and so on. #### SharePoint File Access Logs By Platform The **SharePoint File Access Logs By Platform** widget displays detailed records of SharePoint file access activity, categorised by platform or device type. It provides visibility into which operating systems and applications are being used to access SharePoint files, helping you detect unusual access from unauthorised devices, such as personal mobile phones or unregistered systems. You can filter the data by internal or external users. For each platform, the widget shows: * **Number of Users:** Total users who accessed files using that platform. * **Incidents:** Total number of access events recorded for that platform. Click a specific record to view detailed information, including the user who accessed the file, file name, file path, URL, incident date and time, browser name, and so on. #### SharePoint File Download Logs By Platform The **SharePoint File Download Logs By Platform** widget shows detailed information on SharePoint file download activity, categorised by platform or device type. It helps you identify which devices and operating systems are being used to download files, offering insights into unusual download patterns, such as large file transfers from unverified devices or unapproved operating systems. You can filter the data by internal or external users. For each platform, the widget displays: * **Number of Users:** Total users who downloaded files using that platform. * **Incidents:** Total number of download actions recorded for that platform. Click a specific record to view detailed information, including the user who downloaded the file, file name, file path, URL, incident date and time, browser name, and so on. ### AI Usage Risks #### Widgets in AI Usage Risks

Category	Widget Name
AI Application Usage	Time Spent On Generative AI Application
	File Uploaded To Generative AI Application
AI Website Usage	Time Spent On Generative AI Website
	File Uploaded To Generative AI Website
Prompt Monitoring	Sensitive Prompt Used In Website

#### Time Spent On Generative AI Application The **Time Spent On Generative AI Application** widget displays how much time users spend using installed Generative AI applications on their devices, such as the desktop version of ChatGPT (e.g. `CHATGPT.EXE`) or other desktop-based AI tools. It shows the number of users who accessed the application and the total time spent, helping you understand how frequently AI tools are being used within the organisation. You can use this information to assess productivity impact, detect unauthorised AI tool usage, and ensure compliance with organisational policies. Click the **View** icon in the **ACTION** column to view detailed information, including the username, application name, and total time spent on the application.

Click the menu icon (**☰**) in the **ACTION** column to further analyse the incident details.

#### Time Spent On Generative AI Website The **Time Spent On Generative AI Website** widget displays time spent on AI websites or domains, listing the number of users and the total time spent on each platform. It provides visibility into how long employees interact with AI websites such as *ChatGPT*, *Claude*, *Gemini*, *DeepSeek*, and *so on*. You can use it to monitor engagement levels with AI tools, detect excessive usage, and evaluate whether users are relying on external AI systems for work-related tasks. Click the **View** icon in the **ACTION** column to view detailed information, including the username, website URL, and total time spent on the website. Click the menu icon (**☰**) in the **ACTION** column to further analyse the incident details. #### File Uploaded To Generative AI Application The **File Uploaded to Generative AI Application** widget helps you monitor file uploads to installed generative AI applications, such as CHATGPT.EXE and similar desktop-based AI tools. It shows which user uploaded which files to which AI applications, helping you track potential sharing of sensitive data. It helps you detect when corporate documents, reports, or other sensitive files are shared in AI software. This is useful for preventing data leakage through unmanaged or offline AI applications that bypass browser-based monitoring. Click the **View** icon in the **ACTION** column to view detailed information, including the username, violation date and time, file name, application name, device name, VPN used or not, SSID, and location. Click the menu icon (**☰**) in the **ACTION** column to further analyse the incident details. #### File Uploaded To Generative AI Website The **File Uploaded to Generative AI Website** widget helps you monitor file uploads to web-based generative AI platforms, such as *ChatGPT*, *Claude*, *Gemini*, *Perplexity, and so on*. It provides visibility into which users uploaded which files to which online AI tools, helping you identify potential exposure of sensitive information. Click the **View** icon in the **ACTION** column to view detailed information, including the username, violation date and time, URL, file name, device name, VPN used or not, SSID, and location. Click the menu icon (**☰**) in the **ACTION** column to further analyse the incident details. #### Sensitive Prompt Used In Website The **Sensitive Prompts Used in Website** widget helps you monitor how users interact with web-based generative AI platforms using potentially sensitive prompts. It provides visibility into the type and frequency of sensitive information being entered into AI websites, helping you identify data exposure risks. It helps you review prompt-level violations and take corrective actions such as user training or access restrictions. Click the **View** icon in the **ACTION** column to view detailed information, including the username, violation date and time, URL, device name, VPN used or not, SSID, and location. Click the menu icon (**☰**) in the **ACTION** column to further analyse the incident details. ### Behaviour Risks #### Widgets in Behaviour Risks

Category	Widget Name
Productivity Monitoring	Productivity
Activity Monitoring	Heatmap

#### Productivity The **Productivity** widget shows time spent by users on productive, unproductive, or uncategorised applications and websites. These categories are configured in [Organisation Settings](/insight/settings/organisation-settings.md), where applications and websites marked as **Organisational** are treated as productive, and **Non-organisational** are treated as unproductive. This widget helps you evaluate how users spend their time and identify opportunities to improve efficiency.

Click a percentage record to see the list of applications used by the user and the time spent on each application.

#### Heatmap The **Heatmap** widget helps you analyse application usage patterns and identify periods of increased activity across users throughout the day. This widget displays user activity in a visual heatmap format, where each row represents a user and each column represents an hourly time period. Colour intensity indicates the level of application usage during that period, allowing you to quickly identify peak activity hours, unusual behaviour patterns, or excessive application usage.

Hover over a specific record to view the number of incidents recorded during that time period. Click the record to see detailed information such as incident date and time, application name, vendor, and total time spent on each application.

### Label Events #### Widgets in Label Events

Category	Widget Name
Label Monitoring	Office Document
	Email

#### Office Document The **Office Document** widget helps you track activities involving classified or sensitivity-labelled Microsoft Office documents within the organisation. This widget displays details of the labelled Office documents, helping you identify how sensitive or classified information is being created, modified, or accessed across the organisation. Click the menu icon (**☰**) to expand the record and view detailed information such as label name, device name, host application, incident date and time, and URL of the document.

You can also switch between **By User** and **By Label** views to analyse incidents from different perspectives. #### Email The **Email** widget helps you track email activities involving classified or sensitivity-labelled information within the organisation. This widget displays details of the labelled emails, helping you identify how sensitive or classified information is being shared through emails. Click the menu icon (**☰**) to expand the record and view detailed information such as label name, device name, host application from where the email was sent, incident date and time, sender, recipient, and email subject.

You can also switch between **By User** and **By Label** views to analyse incidents from different perspectives. ### Location Risks **Location Risks** help you identify and analyse risk activities based on geographical locations. It helps organisations detect suspicious cross-region activities and gain better visibility into where sensitive data interactions are occurring. It provides a world map view highlighting countries where risks have been detected, allowing you to quickly identify regions with higher risk activity. The **Country List** table provides a detailed breakdown of incidents by country across different activity types, such as document views, email, storage transfer, web posts, data transfers, file uploads, printing, keystrokes, and copy-paste actions.

Click on any incident count to view detailed information, including username, device name, violated rule name, file name, email details, incident date and time, and so on. Click the menu icon (**☰**) to further drill down into detected content in each activity.

### Protected Files #### Widgets in Protected Files

Category	Widget Name
File and Data Transfers	Application Transfer
	Email Attachments
	Website Uploads
	Storage Transfers

#### Application Transfer The **Application Transfer** widget helps you monitor the transfer of **protected files** through specific applications or cloud-based services such as Dropbox, Google Drive, OneDrive, FileZilla, and WhatsApp. It provides visibility into where protected files are being transferred, the applications being used, and the users involved in the transfers, helping you verify that protected data is being handled appropriately and identify potential policy violations or attempts to move sensitive information outside authorised channels. You can filter the data by application name and user.

Click an incident count to view detailed information, including the username, date and time of the violation, application name, device name, file name, data type, and so on.

You can export the widget’s data to **PDF or Excel** by clicking the **Download Excel** or **Download PDF** **icons** in the top-right corner of the page. #### Email Attachments The **Email Attachments** widget helps you monitor how **protected files** are shared through email attachments. It provides visibility into which protected files are being sent, the users sending them, and the email accounts used, helping you ensure that sensitive information is shared in accordance with your organisation’s policies. This widget helps identify potential policy violations, unauthorised sharing of protected files, and risks associated with transmitting sensitive data through email. You can filter the data by user and email provider.

Click an incident count to view detailed information, including the email provider, email subject, sender and recipient email addresses, file name, device name, username, date and time of the violation, data type, whether a VPN was used, SSID, and the sender's location. You can export the widget’s data to **PDF or Excel** by clicking the **Download Excel** or **Download PDF** **icons** in the top-right corner of the page. #### Website Uploads The **Website Uploads** widget helps you monitor the upload of **protected files** to websites, including both corporate and non-corporate platforms such as file-sharing services, cloud storage sites, and web applications. It provides visibility into which protected files are being uploaded, the websites receiving the files, and the users performing the uploads, helping you ensure that sensitive information is shared only through authorised channels. This widget helps identify potential policy violations and reduce the risk of sensitive data being exposed through web-based transfers. You can filter the data by website and user.

Click an incident count to view detailed information, including the username, violation date and time, website URL, file name, device name, data type, VPN used or not, SSID, and location. You can export the widget’s data to **PDF or Excel** by clicking the **Download Excel** or **Download PDF** **icons** in the top-right corner of the page. #### Storage Transfers The **Storage Transfers** widget helps you monitor the transfer of **protected files** to removable and external storage devices, such as USB drives and external hard drives. It provides visibility into which protected files are being transferred, the users performing the transfers, and the devices involved, helping you ensure that sensitive information is handled in accordance with your organisation’s policies. This widget helps identify potential policy violations and reduce the risk of data leakage through removable media.

Click an incident count to view detailed information, including the device name, file name, file path, serial number of the USB, violation date and time, data type, VPN used or not, SSID, and location. You can export the widget’s data to **PDF or Excel** by clicking the **Download Excel** or **Download PDF** **icons** in the top-right corner of the page. ### System Risks #### Widgets in System Risks

Category	Widget Name
Activity Status	Online Devices
	Online Users
	Online Web Console Users
	Last Cloud Sync
Inventory and Lists	List of Devices
	List of Users
	List of Web Console Users
Administration and Monitoring	Audit Log
	GuardWare Cloud Monitor
	Database Tables
Device Inventory	Devices - Software Installed
	Devices - Hardware Specification

#### Online Devices The **Online Devices** widget displays the total number of devices that are active in the environment. This widget helps you quickly monitor endpoint availability and determine which systems are active across the network.

#### Online Users The **Online Users** widget displays the total number of users currently active in the environment. This widget helps you monitor active user sessions. #### Online Web Console Users The **Online Web Console Users** widget displays the number of users currently logged in to the GuardWare Management console. This widget helps you monitor active console access and track administrative or monitoring activities within the platform. #### Last Cloud Sync The **Last Cloud Sync** widget displays the most recent cloud synchronisation time between the endpoint devices and the Cloud Monitor. This widget helps you verify whether cloud synchronisation is occurring successfully and identify potential delays in data updates or communication. #### List of Devices The **List of Devices** widget provides detailed information about online and offline endpoint devices, such as device name, serial number, assigned username, and last online time, helping administrators monitor device connectivity and user-device associations. You can switch between **Online** and **Offline** views to filter devices based on their current connection status.

#### List of Users The **List of Users** widget displays users associated with endpoint devices along with their assigned device names and last online time. This widget helps you monitor user activity and identify when users were last connected to the system. You can switch between **Online** and **Offline** views to filter users based on their activity status.

#### List of Web Console Users The **List of Web Console Users** widget displays users who have access to the GuardWare Management console, along with their last online activity. This widget helps you monitor console access and track user login activity within the management console. You can switch between **Online** and **Offline** views to filter users based on their login status. #### Audit Log The **Audit Log** widget provides a record of user and system activities performed within the Management Console. It displays details such as username, activity performed, and event time, helping you monitor administrative actions, track user activity history, and maintain audit visibility for security and compliance purposes.

#### GuardWare Cloud Monitor The **GuardWare Cloud Monitor** widget displays the certificate/token expiry information of the Cloud Monitor along with the last updated time. This widget helps you monitor certificate validity, ensure uninterrupted cloud communication, and identify certificates or tokens approaching expiration. #### Database Tables The **Database Tables** widget provides visibility into database usage and storage statistics within the environment. It displays details such as table name, row count, and table size in MB, helping you monitor database growth, identify large or heavily used tables, and manage storage utilisation more effectively. #### Devices - Software Installed The **Devices - Software Installed** widget provides information about software installed across endpoint devices. It displays details such as software name, vendor, description, example installation path, and the number of devices where the software is installed. This widget helps you monitor software inventory, identify unauthorised or unapproved applications, and gain visibility into software distribution across devices. You can switch between **By Software** and **By PC** views to analyse the data from different perspectives.

#### Devices - Hardware Specification The **Devices - Hardware Specification** widget provides detailed hardware information for endpoint devices. It displays details such as device name, RAM, available free space, CPU information, hardware change count, and last audit time. This widget helps you monitor device hardware configurations, track hardware changes, and maintain visibility into system resources and endpoint specifications across the organisation.

## Create a New Dashboard 1. Navigate to ***INSIGHT > Dashboard***. 2. Click **Configure Dashboards**.

3. Click **+New Dashboard**.

4. In **General Details**: 1. Enter the **Dashboard Name** and **Description.** Use a clear, descriptive name that reflects the dashboard’s purpose. 2. Select the **Duration** for which you want the data to be displayed (for example, Daily, Weekly, Monthly). 3. Select **Set as an Active Dashboard** to make it visible and accessible from the Dashboard page. You can switch between active dashboards at any time using the **Switch Dashboard** dropdown. 4. Click **Next**.

5. In **Select Devices:** 1. Search and select the devices you want to monitor in this dashboard and click **Next**. The dashboard will show activities performed on those specific devices only. 2. You can also select a configured **Advanced Setting** from the dropdown to display only the devices associated with the selected Advanced Setting.

6. In **Select Users:** 1. Search and select the users whose data you want to monitor in this dashboard and click **Next**. 2. You can also select a configured **User policy** from the **Select policy dropdown** to display only the users associated with the selected policy.

7. In **Select Data Types**, search and select the data types you want to monitor in this dashboard and click **Next**.\ ![](/files/AE3TpJYBD3Cm5PC62D9Y) 8. In **Select Risks**, select the risks you want to monitor in this dashboard and click **Next**. These risks are displayed in Risk Summary.

9. In **Select Widget**, select the widgets to customise your dashboard insights and click **Review and Save**. Only the selected widgets appear in the dashboard.

10. Review the details and click **Save** to confirm the configuration. You'll see the newly created dashboard in the **Dashboards** list, from where you can view and edit the details. ## Edit a Dashboard 1. Navigate to ***INSIGHT > Dashboard***. 2. Click **Configure Dashboards**. 3. Search for the dashboard you want to edit and click **Edit** in the **ACTIONS** column.

4. Update the details and click **Review and Save**. ## Delete a Dashboard 1. Navigate to ***INSIGHT > Dashboard***. 2. Click **Configure Dashboards**. 3. Search for the dashboard you want to delete and click the **Delete** icon in the **ACTIONS** column.

4. In the confirmation alert, click **Yes, Delete it!** to confirm. ## View a Dashboard's Details 1. Navigate to ***INSIGHT > Dashboard***. 2. Click **Configure Dashboards**.

3. Search for the dashboard you want to view and click **View Details** in the **ACTIONS** column.\ \ You can review the selected dashboard's configuration, including the dashboard name, description, duration, and active status, along with the selected devices, users, data types, risks, and widgets. This helps you verify the dashboard setup before making changes. ## Set a Dashboard as Active 1. Navigate to ***INSIGHT > Dashboard***. 2. Click **Configure Dashboards**. 3. Search for the dashboard you want to set as active and enable the **SET AS ACTIVE** toggle.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.guardware.com/insight/dashboard/insight-dashboard.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.