View an Event's Details
In the Security Activity report, view the details of a security event, including date and time, destination, identity, and whether the event was blocked or allowed.
Prerequisites
- A minimum user role of Read-only. For more information, see Manage Accounts.
Procedure
- Navigate to Monitor > Reports > Security Activity.

- Choose a time period.
- Select the security event types or categories you want to view. By default, all events and categories are selected.

- For Response, select Allowed, Blocked, or both.
Note: If you select Antivirus Disposition is Malicious or Cisco AMP Disposition is Malicious as the Event Type, you cannot select Response > Allowed. Secure Access does not allow viruses to pass through the system. These will always be blocked.

The list of event details is stacked as cards and sorted by event type (if Group Security Categories is enabled).

- Click an event to view its details. Each security activity card groups an event by destination and lists the details of the event including date and time, destination, identity, and the event's result (Blocked or Allowed).

Details differ slightly between event type, but all list the destination and identity from which you can click through to the Destination Details and Identity Details.

Details for AMP and antivirus events will also include the SHA256 Hash.

View Activity and Details by Event Type or Security Category < View an Event's Details > Search for Security Activity
Updated 4 days ago