GovernDesktop
Desktop · Audit Events
User behavior audit on the desktop client · Compliance and forensics
User behavior auditing on the desktop client. Events are tamper-proof, retained long-term, suitable for compliance and forensics.
Event Coverage
| Category | Includes |
|---|---|
| Authentication | Login success / failure · Multi-device login · Active logout · Lock screen |
| Data access | Viewing Agent / Workflow / KB / Documents |
| File operations | Upload / download / delete / export |
| Policy hits | Operations blocked by policy (e.g. attempted copy was prevented) |
| Device fingerprint | Device ID / IP / geolocation / client version |
| Session events | Session timeout / forced logout |
Query Capabilities
| Dimension | Example |
|---|---|
| Time range | Last 24 hours / 7 days / custom |
| User | Single user / department / role |
| Event type | Authentication only / files only / policy hits only |
| Status | Success / failure / blocked |
Export
CSV / JSON export supported, can integrate with external SIEM (Splunk / ELK / Datadog).
Alert Rules (Planned)
| Rule example | Trigger |
|---|---|
| Same user has ≥ 5 login failures in 1 hour | Notify admin |
| Single user downloads > 10 files in one session | Notify + secondary verification |
| Login from unusual geolocation | Notify + force MFA |
Retention
| Scenario | Recommended retention |
|---|---|
| General SaaS | 90 days |
| Internal compliance | 1 year |
| MLPS Level 3 / Finance / Healthcare | 7 years |
In Private, customers can customize per compliance.
Compliance Mapping
| Compliance | Coverage |
|---|---|
| MLPS | Required: traceable audit logs |
| GDPR | Data access traceability; supports data subject rights |
| ISO 27001 | A.12.4 logging and monitoring control family |
Next Steps
- Configure policies → Policy push
- Client settings → Desktop settings