Use Search and Advanced Search
In addition to using the filters to narrow the activity results in the Activity Search report, the Search and Advanced Search features provide further filtering of event details. For example, you can search for events with specific domains but exclude subdomains you are not interested in. Wildcards available for some fields (Domains and URLs) allow you to search for all varieties within that field.
Table of Contents
Umbrella Packages and Feature Availability
Not all of the features described here are available to all Umbrella packages. Information about your current package is listed on the Admin > Licensing page. For more information, see Determine Your Current Package. If you encounter a feature here that you do not have access to, contact your sales representative for more information about your current package. See also, Cisco Umbrella Packages.
Search
You can search the Activity Search Report for domains, identities, or URLs. To search and filter the report by more options, such as threat type or file name, use the Advanced Search.
Wildcards
Domains
Domains can be searched in the search bar or advanced search with the wildcard * to include or exclude subdomains.
For example, example.com
will search the top-level parent domain of Example, *.example.com
will search for only the subdomains of Example, and *example.com
will search for both the parent and subdomains of Example.
You can use wildcards to search by top-level-domain (TLD).
For example, *.example
will search for all TLDs that end in .example.
URLs
The wildcard * can be used in any part of the URL path to search for URLs containing certain terms.
For example, example*
will search for for URLs containing "example."
Advanced Search
Fields Available
Some fields in Advanced Search are available only to the Cisco Umbrella SIG package. For more information see Determine Your Current Package and Cisco Umbrella Packages.
Identity—Includes most identity types such as users (including SAML if enabled), networks, sites, and roaming clients. You can include and exclude identities from your search.
Domain—You can search for more than one domain at a time. When you add a domain, a new field appears so that you can add or exclude another domain.
IP Address—Search for events associated with IP addresses on your network (either internal or public egress IP address). This does not provide the capability to search for destination IP addresses.
Threat—Search by threats.
Threat Type—Search by threat type. For more information, see Threat Type Definitions.
Public Application—Search by name to find a specific application.
Activity Search Report < Use Search and Advanced Search > App Discovery Report
Updated about 1 year ago