Top Threats Report

The Top Threats report displays threats your organization may have been exposed to in a user-defined time period and whether the threats were blocked or allowed.

Note:You may see activity blocked under Security Activity but not see anything blocked under Top Threat Types. This occurs when a threat does not have a threat type associated with it.

Table of Contents

• Prerequisites
• View the Threats Report
• View Top Threat Types in the Threat Activity Breakdown
• View How Threats Impact Your Environment
• Search for Threats in Activity Search

Prerequisites

• A minimum of Read Only access to Secure Access.

View the Threats Report

1. Navigate to Monitor > Reports > Top Threats.
2. From the top-right menu, select a date and time range.

View Top Threat Types

The Threat Activity Breakdown enables you to assess the top threat types and their activities for a selected time period. The breakdown provides an overview of the top threat types and activities, but you can also select individual threat types to see their activities and associated threats.

1. Navigate to the Threat Activity Breakdown.

2. From the left pane, select a threat type.

3. Click any point on the graph to view information about allowed or block threats for the timestamp.

4. View the top threats associated and blocked with this threat type. Click a threat name will bring you to its details.

5. View the identities most active with this threat type and the number of blocked threats for each identity.

View How Threats Impact Your Environment

1. Navigate to Reporting > Core Reports > Top Threats > Impact.
2. View the identities with the most threats.
   The chart lists the identities, the total threats associated with that identity for the time frame, and how many threats were blocked and allowed.

3. View the top malicious domains.
   The charts lists the domains where threats are most prominent, the threat category associated with
   the domain, and the number of blocked and allowed requests.

Click an identity's name or View in Activity Search to view details in the Activity Search with the appropriate filters.

4. View domains that have recently been seen by Umbrella's resolvers for the first time, and whether they've been allowed or blocked.
   Newly Seen Domains are not blocked by default.

Search for Threats in Activity Search

1. Navigate to Reporting > Core Reports > Activity Search.
2. In the search field, click Advanced to open options for searching in Activity Search Report. You can search by Threat and Threat Type.

Export Admin Audit Log Report to an S3 bucket < Top Threats Report > Threat Type Details