The Umbrella Documentation Hub

Welcome to the Umbrella documentation hub. Here you'll find access to all of our Cisco Umbrella user guides.

Get Started    

Security Overview Report

To help gain a better perspective of security-related activity within your Umbrella environment, the Security Overview report provides you with easy to read charts of your organization's identities and their activity. You can easily see what's going on with groups of identities and the types of internet requests they're making and where any problems might be popping up. Then you can pivot from this Security Overview report to more advanced reports and determine if there are security risks to your environment that require you to take action.

Cisco Umbrella Packages

Not all features described here are available to all Umbrella packages. For example, the intelligent proxy is not available to all packages. Throughout this documentation, we highlight where features differ between packages and point out when a feature is only available to a specific package. If you encounter a feature described here that you do not have access to, contact your sales representative for more information about your current package. See also, Cisco Umbrella Packages.

Access the Security Overview Report

  1. Navigate to Reporting > Core Reports > Security Overview.
    The Security Overview report is divided into three main areas. At the top, you'll find overview charts for security events. The middle area provides you with a hierarchical view of your security activity—what is generating the most activity—and from which you can click through to other reports—Destination, Identity, and Activity Search. The bottom of the report is where you'll find statistical charts documenting the deployment activity for your organization.

Understanding the Security Overview Report

Filtering Based on Time Period

The Security Overview report is time-based and can be generated to show activity for the last 24 hours, the previous calendar day (yesterday), the last seven days, or the last month.

A percentage appears to compare the current time selected with the previous. For example, if 30 days is selected, the graphs will show as a percentage increase or decrease from the previous 30-day period to the last 30-day period.

Similarly, if Yesterday is selected, the graphs will show a percentage increase or decrease from the day before yesterday's data to yesterday's data.

Network Breakdown

The network request breakdown section shows the total number of requests, blocks, and security blocks for the selected period. Security Blocks refers to blocks in any security category.

You have the option to view which requests were blocked for security reasons, or to see all security events.

You can choose to view all requests in the network breakdown or view only DNS or Proxy requests.

DNS Requests

View the total number of DNS requests, total DNS blocks, and DNS security blocks for the selected time period.

To see all DNS security events check the See All Security Events checkbox.

Total Proxy Requests

View the total number of Proxy requests, total Proxy blocks, and Proxy security blocks for the selected period.

To see all Proxy security events check the See All Security Events checkbox.

Clicking on Total Requests, Total Blocks, or Security Blocks in any of the Network Breakdown tabs will bring you to the Activity Search Report with the appropriate filters.

Security Requests

The most security requests section shows which destinations, identities, and event types had the most security requests for the selected period. You have the option to see blocked requests for each tab, or check the See All Security Events checkbox to see all events.

Clicking on a specific destination will bring you to the Security Activity Report filtered by that domain and blocked or all responses.

Clicking on a specific identity will bring you to the Security Activity Report filtered by that identity and blocked or all responses.

You can also filter the identity tab by types of identities.

Clicking on a specific event type will bring you to the Security Activity Report filtered by that event type and blocked or all responses.

Deployment Health

The deployment health section shows which parts of your deployment are active.

  • Active Networks—The number of networks currently active.
  • Active Roaming Clients—The number of roaming clients currently active.
  • Active Virtual Appliances—The number of virtual appliances currently active.
  • Active Network Tunnels—The number of network tunnels currently active.

Clicking on any of the deployment types will redirect you to the Deployment section of the Umbrella dashboard.


Overview Report < Security Overview Report > Security Activity Report

Updated about a month ago


Security Overview Report


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.