If you want to view data for individual event types or security categories in your environment to see which categories may pose more risk and at what times depending on trends, use the Group Events by Type feature.
- A minimum of Read Only access to the Umbrella dashboard. See Manage User Roles.
- Navigate to Reporting > Core Reports > Security Activity.
- Choose a time period of events to view. You can generate a report to document activities for the last hour, the last 24 hours, the previous calendar day (yesterday), the last seven days, or the last month.
- Choose whether you want to populate all types of requests, only Blocked requests, or only Allowed requests.
- Choose which security event types or categories you want to view in the report. By default, all events and categories are selected to display activity for all event types.
- Check Group Events by Type.
The activity graph updates to show each selected event type so you can compare activities for each type of security risk. You can click the event type on the graph or in the filter to view or hide the events in the graph.
Grouping security categories also reorganizes the events' details cards by event type. By viewing event details by event type or category, you can see which categories were more active and perhaps causing more risk to the environment.
When Group Security Categories is unchecked, the selected security categories are shown individually on the Activity graph. This enables you to view which categories had more activity within the given time frame or where spikes in some categories occurred. Clicking the category name on the graph or in the Security Categories filter will show or hide that category's events on the graph.
Rolling over a point on the line graph provides a summary of the security events at that time by the categories selected. Clicking the details redirects you to the Activity Search report where you can further view the activity's details.
Updated about 21 hours ago