View an Event's Details

In the Security Activity report, you can view the details of a security event, including date and time, destination, identity, and the event's result (Blocked or Allowed).

Prerequisites

• A minimum of Read Only access to the Umbrella dashboard. See Manage User Roles.

Procedure

1. Navigate to Reporting > Core Reports > Security Activity.

2. Choose a time period of events to view. You can generate a report to document activities for the last hour, the last 24 hours, the previous calendar day (yesterday), the last seven days, and the last month.

3. Choose whether you want to populate all types of requests, only Blocked requests, or only Allowed requests.

4. Choose which security event types or categories you want to view in the report. By default, all events and categories are selected to display activity for all event types.

The list of events' details is stacked as cards and sorted by event type (if Group Security Categories is enabled).

5. Click an event to view its details. Each security activity card groups an event by destination and lists the details of the event including date and time, destination, identity, and the event's result (Blocked or Allowed).

Details differ slightly between event type, but all list the destination and identity from which you can click through to the Destination Details and Identity Details.

Details for AMP and Antivirus events will also include the SHA256 Hash and a link to view further details in Investigate if applicable.

---

View Activity and Details by Event Type or Security Category < Security Activity Report > Search for Security Activity