Report Scheduling

Various reports in Secure Access can be configured so that Secure Access regularly emails you a summary of that report. You can configure filters for these reports so that they only contain the information you want. Each emailed report includes an HTML version of the report, a .ZIP file containing a CSV file with the entire data set, and a link to Secure Access and the report. See Schedule a Report.

Reports can be scheduled so that you receive an email daily, weekly, or monthly.

Note: You can unsubscribe from a report email through the Unsubscribe link at the bottom of every report email.

You can schedule the following reports:

  • Activity Search—Activity from the identities in your environment over a selected time period. Filterable by identity name, destination, source IP, response, content category, and security category.
  • Top Threats Report—Highlights blocked and allowed threats your organization may have been exposed to over a selected period of time.
  • Total Requests—Total requests for destinations from your organization over the selected time period. Filterable by identity.
  • Activity Volume—Total queries within your organization broken down by security categories and results over the selected time period.
  • Top Destinations—A list of the top traffic-generating identities over the selected time period. Filterable by identity and destination.
  • Top Categories—A list of the top content categories for your organization over the selected time period. Filterable by identity and response.
  • Top Identities—Lists your identities in the order of which is most active, then allowing you to drill down to find out more about that specific identity and what destinations they have visited, whether those destinations are malicious or not, and a trend of their overall traffic.
  • Data Loss Prevention—Lists data violations detected through the DLP Real Time and SaaS API rules.
  • Cloud Malware Report—Provides an overview of malicious files within your environment and details the potential risk and exposure these files present.



Cisco Secure Access uses SparkPost as the service to deliver email. Some mail filters, either at the local level or even at a transport layer (like an ISP) may block communications from SparkPost as marketing-related spam. If after scheduling your reports you do not receive them, check the spam filter at your mail server gateway. Whether your mail server gateway is hosted locally or in the cloud, it's likely the email was quarantined at that level.

Secure Access sends its reports from [email protected].

Report Retention < Schedule Reports > Schedule a Report