Self-service search for Virtual Apps and Desktops

Use the self-service search to get insights into the user events received from the Virtual Apps and Desktops data source. When users use virtual apps and virtual desktops, events corresponding to their activities and actions are generated. Examples of user events are file download, account logon, and app start. Citrix Analytics for Security receives these user events and displays them on the self-service page. You can track the users and their activities.

For more information on the search functionalities, see Self-service search.

Select Virtual Apps and Desktops data source

To view the events, in the search box, select Apps and Desktops from the list. Select the time period for which you want to view the events and then click Search.

Select Citrix Virtual Apps and Desktops

By default, the self-service page displays the events for the last one month. The page also provides you with several facets and a search box to filter and focus on the required events.

Self-service overview page

Select the facets to filter events

Use the following facets that are associated to the Virtual Apps and Desktops events.

Virtual Apps and Desktops facets

  • Event Type- Search events based on the event type such as account logon, app end, session end.

  • Tenant- Search events based on the tenants.

  • Domain- Search events based on the domains such as citrate.net.

  • Platform- Search events based on type of platforms such as chrome, Mac, windows.

For example, you want to view the events of users who have logged on to their accounts in the last one hour. Select Account Logon in the Event Type facet. Select the time period. The search page displays the corresponding events.

Virtual Apps and Desktops facet selection

Specify search query to filter events

Place your cursor in the search box to view the list of dimensions for the Virtual Apps and Desktops events. Use the dimensions to specify your query and search for the required events.

Virtual Apps and Desktops dimensions

You can also use the operators in your search query to expand your search criteria and get the required result.

For example, you want to search events for the user “John Doe” who is using the Windows operating system.

  1. Enter “U” in the search box to get the related suggestions.

    Virtual Apps and Desktop search query 1

  2. Click User-Name and enter the value “John Doe” using the equal operator.

    Virtual Apps and Desktop search query 2

  3. Select the AND operator and the OS dimension. Assign the value “Windows” using the equal operator.

    Virtual Apps and Desktop search query 3

  4. Select the time period and click Search to view the events based on the DATA table.

Supported values to filter events

When you select a dimension in the search box, specify a value to define a custom risk indicator.

Event-Type

For the Event-Type dimension, select any of the following values based on your requirement:

Value Type Description
Account.Logon String Triggers when you log on to StoreFront is through Citrix Workspace app.
Session.Launch String Triggers when you launch your session through Citrix Workspace app.
Session.Logon String Triggers when you log on to your session.
Session.End String Triggers when you terminate your session.
App.Start String Triggers when you start an app session. Note: This dimension is not applicable when the application is launched within the desktop session
App.End String Triggers when you terminate an app session.
File.Download String Triggers when you download or transfer a file through CDM or when you transfer a file within the Citrix Workspace app launched session.
Printing String Triggers when you print a file with the Citrix Workspace app launched session.
App.SaaS.Launch String Triggers when Citrix Workspace app launches a SaaS app in Embedded browser Engine(BE).
App.SaaS.End String Triggers when Citrix Workspace app closes a SaaS app in Embedded browser Engine(BE).
App.SaaS.Url.Navigate String Triggers when BE navigates a URL.
App.SaaS.File.Print String Triggers when print is initiated in BE.
App.SaaS.Clipboard String Triggers when Clipboard operation is performed in BE.

Device-ID

For the Device-ID dimension, select the following value:

Value Type Description
XYZ (example) String Device ID used for licensing, client name, or operating system hardware ID.

Jail-Broken

For the Jail-Broken dimension, select the following value:

Value Type Description
Yes or No String Indicates if the device is rooted or not.

If this dimension is absent, the device is not rooted. This key applies to Citrix Workspace app for iOS and Android devices.

Platform

For the Platform dimension, select the following value:

Value Type Description
iPad, iPhone, Tablet, Desktop, or Chromebook String Information on the device’s platform.

Browser

For the Browser dimension, select the following value:

Value Type Description
Chrome 62.0.3202.89 String Browser name and version.

This dimension applies to Citrix Workspace app and for Chrome HTML5.

Location

For the Location dimension, select the following value:

Value Type Description
Latitude and longitude values. Structure Location of the device if available.

An example location value:

{
"latitude" : "12.975618700000002",
"longitude" : "77.62914669999999",
"estimated" : "place or whatever available from OS"
}

App-Name

For the App-Name dimension, select the following value:

Value Type Description
Application or desktop sessions. String Name of an application or desktop launched. Also, specify the farm name if it is present.

Example application sessions:

  • A session without farm name:

     #Cloud - Excel 2016
    
  • A session with the farm name:

     XA65PROD#Concur
    

Example desktop sessions:

  • A session without farm name:

     #SINXIAP0616 $S1-1
    
  • A session with the farm name:

     XA65PROD#SINXIAP0616 $S1-1
    

Session-Server-Name

For the Session-Server-Name dimension, select the following value:

Value Type Description
RDSHosted Desktop String Name of the application or desktop connected to as received from a server.

Session-User-Name

For the Session-User-Name dimension, select the following value:

Value Type Description
A user name String User name received from server.

Session-Launch-Type

For the Session-Launch-Type dimension, select the following value:

Value Type Description
Application or Desktop String Specify whether the launched session is an application or desktop type.

File-Download-File-Size

For the File-Download-File-Size dimension, select the following value:

Value Type Description
A file size in kilobytes (KBs). Example, 8.05 Number Specify the downloaded file size.

File-Download-File-Name

For the File-Download-File-Name dimension, select the following value:

Value Type Description
A file name. Example, example-fle.txt String Specify the downloaded file name.

File-Download-File-Path

For the File-Download-File-Path dimension, select the following value:

Value Type Description
A file path. Example, C:\Users\admin\Desktop String Specify the path of the downloaded file.

File-Download-Device-Type

For the File-Download-Device-Type dimension, select the following value:

Value Type Description
A device type. Examples: USB, hard drive, remote drive, CD-ROM, or browser downloads. String Specify the device type where the file is downloaded or transferred.

Printer-Name

For the Printer-Name dimension, select the following value:

Value Type Description
A printer name. String Specify the name of a printer.

Printing-Job-Details-File-Name

For the Printing-Job-Details-File-Name dimension, select the following value:

Value Type Description
A file name. Example: example-file.pdf String Specify the name of the printed file.

App-URL

For the App-URL dimension, select the following value:

Value Type Description
An application URL. Example: https://www.example.com String Specify the URL of a SaaS application.

Clipboard-Operation

For the Clipboard-Operation dimension, select the following value:

Value Type Description
Clipboard operations such as cut, copy, and paste. String Specify what clipboard operation is performed.

Clipboard-Details

For the Clipboard-Details dimension, select the following value:

Value Type Description
The clipboard operation details. [Need more information] Structure Specify from where the clipboard operations are made.

Examples:

  • For successful clipboard operation:

     { "result" : "success", "formattype" : "text", "formatsize" : 10, "initiator" : "keyboard" }
    
  • For blocked clipboard operation:

     { "result" : "blocked", "initiator" : "keyboard" }
    

User-Name

For the User-Name dimension, select the following value:

Value Type Description
A user name. Example: Specify username or domain\\username String Specify the user name or domain\\username (Used for store login. If store logon is not handled by Citrix Workspace app for HTML5 or Chrome, then this value is same as the one received from server.

Important

If the data source is Citrix Workspace app for HTML5 or Chrome, the Account.Logon and Session.Launch dimensions do not have this field. [Need Clarification]

IP-Address

For the IP-Address dimension, select the following value:

Value Type Description
An IP address. Example: 10.10.10.10 String Specify an IP address of the user endpoint.

Domain

For the Domain dimension, select the following value:

Value Type Description
A domain name. Structure Specify a domain name of a server that sent a request.

Self-service search for Virtual Apps and Desktops