Overview Report
The Overview report is the first page you see after logging into Umbrella. It provides an at-a-glance view of your Umbrella deployment's health for the selected period. The Overview report can be filtered by time: the last 24 hours, the previous calendar day (yesterday), the last seven days, the last month, and a custom range.
Table of Contents
- Message Center
- Deployment Health
- Network Request Breakdown
- Firewall Breakdown
- Security Categories
- App Discovery and Control
- Security Requests
- File Retrospective
Message Center
The message center lists notifications of upcoming updates and new features.
Deployment Health
The deployment health section displays status information indicating which parts of your deployment are active.
- Active Networks—The number of networks currently active.
- Active Roaming Clients—The number of roaming clients currently active.
- Active Virtual Appliances—The number of virtual appliances currently active.
- Active Network Tunnels—The number of network tunnels currently active.
Network Request Breakdown
The network request breakdown section shows the total number of requests, blocks, and security blocks for the selected period. Security Blocks refers to blocks in any security category. For more information about security categories, see DNS Security Categories and Web Security Categories.
You have the option to view which requests were blocked for security reasons, or to see all security events.
You can choose to view all requests in the network breakdown or to view only DNS or Proxy requests.
DNS Requests
View the total number of DNS requests, total DNS blocks, and DNS security blocks for the selected time period.
To see all DNS security events, check the See All Security Events checkbox.
Total Web Requests
View the total number of Web requests, total Web blocks, and Web security blocks for the selected period.
To see all Web security events, check the See All Security Events checkbox.
Clicking Total Requests, Total Blocks, or Security Blocks in any of the Network Breakdown tabs will bring you to the Activity Search Report with the appropriate filters.
Firewall Breakdown
The Firewall Breakdown provides two graphs depicting the total number of firewall sessions and the total firewall blocks in the selected time frame.
Hovering over a point on the graph will provide the date and number of sessions or blocks for that date. Click the point to be redirected to the Activity Search Report filtered by Firewall Logs.
Secure Web Gateway Packages
Firewall Breakdown is not available to all packages. To determine your current package, navigate to Admin > Licensing. For more information, see Determine Your Current Package. See also, Cisco Umbrella Packages.
Security Categories
Security Categories displays blocked events for Malware, Phishing, Command and Control, and Cryptomining within the selected time frame.
For more information on these categories, see DNS Security Categories and Web Security Categories.
To see all security events for these four categories, check the checkbox See All Security Events.
Hovering over a point on the graph will provide the date and number of events or blocks for that date in that category. Click a point to be redirected to the Activity Search Report filtered by that security category.
App Discovery and Control
The Umbrella Overview page includes three data charts that summarize the last 90 days of discovered apps in your environment. Like the other graphics in the main Umbrella Overview page, the purpose is to provide key information about overall app risk as well as display specific application categories and apps that represent a potentially high risk. The first chart shows a summary of discovered cloud apps, risky apps, and apps that are controlled or Blocked in the environment. The middle chart shows the top four relevant and risky app categories and the last chart shows the top four risky apps for further review.
Clicking View All will redirect you to the App Grid and clicking View Dashboard will bring you to the App Discovery Report. Clicking a specific flagged category will bring you to the App Grid filtered by that category. Clicking an app will bring you to that app's details.
Security Requests
The most security requests section shows which destinations, identities, and event types had the most security requests for the selected period. You have the option to see blocked requests for each tab, or to check the See All Security Events checkbox to see all events.
Clicking a destination will bring you to the Security Activity Report filtered by that domain and blocked or all responses.
Clicking an identity will bring you to the Security Activity Report filtered by that identity and blocked or all responses.
You can also filter the identity tab by types of identities.
Clicking an event type will bring you to the Security Activity Report filtered by that event type and blocked or all responses.
File Retrospective
Secure Web Gateway Packages
The File Retrospective report is not available to all packages. To determine your current package, navigate to Admin > Licensing. For more information, see Determine Current Package. See also, Cisco Umbrella Packages.
The file retrospective section shows files that have a change in their current disposition to malicious. This is a result of additional intelligence provided by the AMP Cloud, Secure Malware Analytics (Threat Grid), and Talos after the file was originally submitted for analysis. Clicking the SHA256 name will redirect you to the Activity Search Report filtered by that SHA256 name. For more information about file retrospectives, see File Retrospective Events and Cisco Secure Malware Analytics (Threat Grid).
Update a Scheduled Report < Overview > File Retrospective Events and Cisco Secure Malware Analytics (Threat Grid)
Updated 10 months ago