View an Event's Details

In the Security Activity report, you can view the details of a security event, including date and time, destination, identity, and the event's result (Blocked or Allowed).

Prerequisites

• A minimum user role of Read-only. For more information, see Manage Accounts.

Procedure

1. Navigate to Monitor > Reports > Security Activity.

2. Choose a time period of events to view. You can generate a report to document activities for the last hour, the last 24 hours, the previous calendar day (yesterday), the last seven days, and the last month.

3. Select which security event types or categories you want to view in the report. By default, all events and categories are selected to display activity for all event types.

4. For Response, select Allowed, Blocked, or both.
   Note: If you select Antivirus Disposition is Malicious or Cisco AMP Disposition is Malicious as the Event Type, you cannot select Response > Allowed. Secure Access cannot allow viruses to pass through the system. These will always be blocked.

The list of events' details is stacked as cards and sorted by event type (if Group Security Categories is enabled).

5. Click an event to view its details. Each security activity card groups an event by destination and lists the details of the event including date and time, destination, identity, and the event's result (Blocked or Allowed).

Details differ slightly between event type, but all list the destination and identity from which you can click through to the Destination Details and Identity Details.

Details for AMP and Antivirus events will also include the SHA256 Hash.

---

View Activity and Details by Event Type or Security Category < View an Event's Details > Search for Security Activity