Secure Access Help Center

View the Activity Search Report

This topic explains the functions of the Activity Search report and where to find the report in Secure Access.

Table of Contents

Prerequisites

  • A minimum user role of Read-only. For more information, see Manage Accounts.

View the Activity Search Report

  1. Navigate to Monitor > Reports > Activity Search.
    This takes you to the default view of the Activity Search report, which lists all of your identities and the internet requests or traffic events for your organization, tracked over time. The default is 24 hours.
  1. Choose a time frame to view the report. You can view the results for the last 24 hours (default), Yesterday, Last 7 Days, Last 30 Days, or a Custom range.
125
  1. From the Requests menu, choose a request type or the default of All. Filters update to those that are relevant to the type of request chosen.
  1. Select available filters based on the request type.
  1. Optionally, select a Search Options filter:
    • Include All Traffic—Includes data from all domains including noisy domains that are filtered out by default.
    • Filter by Uncategorized—Includes destinations that are not classified under a specific security or content category.
252

Configure Columns to Display

To change the layout of the data presented in the Activity Search Report, select Columns. Check or clear the information you want to see displayed, then click Apply. You can also drag and drop items in the list to reorder their position on the page.

231

  • Request—When All Requests is selected, this column displays the type of request for each event.

  • Identity—The identity that performed the activity.

  • Policy or Ruleset Identity—The identity used to determine which policy applied to this activity.

  • Destination—The destination of the activity.

  • File Name—The name of the file involved with the activity, where applicable.
    Note: File Name will only populate for traffic matching policies with File Type Control or File Inspection enabled (you can enable File Type Control without blocking any file types by clicking enable and saving the policy.) If none of the policies have File Type Control enabled, the file name and extension fields remain blank.

  • Internal IP—The internal IP address for the activity.

  • External IP—The external IP address for the activity.

  • DNS Type—The record type for the DNS request.

  • Action—The activity is either Blocked or Allowed.
    Note: Certificate and TLS error events display as Blocked – Certificate Error. These errors will only be displayed where the request is processed by a ruleset that has ‘HTTPS inspection’ and 'File Analysis' enabled.

  • Categories—Content and Security categories flagged with the activity.

  • Application—What application is involved with the activity, when applicable. The Application field will only populate for traffic matching policies with Application Controls enabled. If no policies have Application Control enabled, then the field will remain blank.

  • Ruleset or Rule—The rule or policy applied. For more information about the rule (such as destination list or schedule applied), see View Full Details. Clicking the policy or Rule name redirects you to that policy or Rule.

  • Protocol—Displays whether the protocol is HTTP or HTTPS.

  • Application Category—If an application is involved with the activity, this column contains the categories associated with the application. To see a full list of application categories, see Application Categories. This is currently only applicable to Firewall policies.

  • Application Protocol—If an application is involved with the activity, this column contains the protocol for the application (HTTP, SSL, RTP, DNS, or none).

  • Referer—The ID of the program that made the request.

  • Status Code—Standard HTTP status codes.

  • Content Type—The type of content the user is able to see.

  • File Extension—The extension of the file involved in the activity, where applicable.

  • Date and Time—The date and time stamp of the activity.

From your search results, you can click an identity or destination and go to their respective detailed report.

View Actions

To learn more about the results of your activity search, click the View Actions icon (the blue ellipsis at the right of each item in the search results) for a result and choose an item from the menu.

View Full Details

With View Actions, you can view the full details of each activity result:

325

The detail fields available depend on the type of event.

Filter Views

Where applicable, the viewing of results can be filtered by the following:

  • Filter by Application
  • Filter by Destination
  • Filter by URL
  • Filter by Identity
  • Filter by External IP
282

Schedule an Activity Search Report

You can schedule a report to be emailed to you at regular intervals. Your emailed report is a table showing an HTML version of the report and an attached CSV file containing the entire data set. Also included in your email is a link to a live version of the same report. For more about scheduled reports, see Schedule a Report.

When scheduling a new report for Activity Search, any current filters selected apply.

760

Activity Search Report < Activity Search Report > View Zero Trust Events in Activity Search Report

Updated 1 day ago