View Activity and Details by Event Type or Security Category
If you want to view data for individual event types or security categories in your environment to see which categories may pose more risk and at what times depending on trends, use the Group Events by Type feature.
Prerequisites
- A minimum user role of Read-only. For more information, see Manage Accounts.
Procedure
- Navigate to Monitor > Reports > Security Activity.
- Choose a time period of events to view. You can generate a report to document activities for the last hour, the last 24 hours, the previous calendar day (yesterday), the last seven days, or the last month.
- Select which security event types or categories you want to view in the report. By default, all events and categories are selected to display activity for all event types.
- For Response, select Allowed, Blocked, or both.
Note: If you select Antivirus Disposition is Malicious or Cisco AMP Disposition is Malicious as the Event Type, you cannot select Response > Allowed. Secure Access cannot allow viruses to pass through the system. These will always be blocked.
The activity graph updates to show each selected event type so you can compare activities for each type of security risk. You can click the event type on the graph or in the filter to view or hide the events in the graph.
Grouping security categories also reorganizes the events' details cards by event type. By viewing event details by event type or category, you can see which categories were more active and perhaps causing more risk to the environment.
Group Security Categories
When Group Security Categories is unchecked, the selected security categories are shown individually on the Activity graph. This enables you to view which categories had more activity within the given time frame or where spikes in some categories occurred. Clicking the category name on the graph or in the Security Categories filter will show or hide that category's events on the graph.
Rolling over a point on the line graph provides a summary of the security events at that time by the categories selected. Clicking the details redirects you to the Activity Search report where you can further view the activity's details.
View Activity and Details by Filters < View Activity and Details by Event Type or Security Category > View an Event's Details
Updated about 2 months ago