View Activity and Details by Filters
The Security Activity report allows you to discover threats to your organization through the analysis of traffic patterns—events. You can filter results by event type, category, time period, and type of request.
Prerequisites
- A minimum of Read Only access to the Umbrella dashboard. See Manage User Roles.
Procedure
- Navigate to Reporting > Core Reports > Security Activity.
- Choose which security event types or categories you want to view in the report. By default, all events and categories are selected to display activity for all event types.
- Antivirus—Lists events that the Secure Web Gateway has filtered through a virus scan.
- Cisco AMP—Lists events that the Secure Web Gateway has run through Cisco Advanced Malware Protection (AMP).
- Security Category—Lists events allowed or blocked against selected security categories: Command and Control, Cryptomining, Malware, Phishing, and Other Categories (Contains Dynamic DNS, Newly Seen Domains, and Potentially Harmful categories).
- Choose a time period of events to view. You can generate a report to document activities for the last hour, the last 24 hours, the previous calendar day (yesterday), the last seven days, and the last month.
Timezones
Most, if not all, Umbrella reports are highly time dependent. The time is UTC by default, but can be changed to a different timezone on a per-user basis. Navigate to Settings > Accounts and update your account's time setting.
- Choose whether you want to populate all types of requests, only Blocked requests, or only Allowed requests.
Antivirus and Cisco AMP Events
If you select Antivirus or Cisco AMP as the Event Type, you cannot select Response > Allowed. Umbrella cannot allow viruses to pass through the system. These will always be blocked.
Once all filters have been selected, the activity graph and event details will reflect the chosen filters. The graph will display activities for the events selected during the selected time period. The event details cards will stack from most recent to oldest.
Hovering over a bar on the graph shows details for that time period (the hour or day). Clicking the details redirects you to the Activity Search report where you can view further details for that time period filtered by Response (if only one is selected) and the security categories selected.
Security Activity Report < View Activity and Details by Filters > View Activity and Details by Event Type or Security Category
Updated about 2 months ago