View and Customize the Activity Search Report

This topic explains the functions of the Activity Search report and where to find the report in Secure Access.

Table of Contents


  • A minimum user role of Read-only. For more information, see Manage Accounts.

View the Activity Search Report

  1. Navigate to Monitor > Reports > Activity Search. This takes you to the default view of the Activity Search report, which lists all of your identities and the internet requests or traffic events for your organization, tracked over time.
  1. Hover over individual column values to apply it as a search filter or to exclude it from the search.
  2. To learn more about individual results, click the blue ellipsis View Actions icon to the right of each search result. For more information, see View Activity Search Report Actions.

Customize the Activity Search Report

  1. Choose a time frame to view the report. The default is Last 24 Hours.
  1. Filter Request by selecting an option from the dropdown menu at the top right. The default is All.
  1. Search and select additional Filters to the left of the report results. Filter options available in this menu are determined by the Request selected in the previous step.

  1. Select Search Options below the Filters menu in the previous step.
  • Include All Traffic— Includes data from all domains including noisy domains that are filtered out by default.
  • Filter by Uncategorized— Includes destinations that are not classified under a specific security or content category.

  1. Customize Columns to select columns to display, drag and drop to reorder column position, then click Apply.
Column NameColumn Purpose
RequestWhen All Requests is selected, this column displays the type of request for each event.
IdentityThe identity that performed the activity.
Policy or Ruleset IdentityThe identity used to determine which policy applied to this activity.
DestinationThe destination of the activity.
File NameThe name of the file involved with the activity, where applicable. Note: File Name will only populate for traffic matching policies with File Type Control or File Inspection enabled (you can enable File Type Control without blocking any file types by clicking enable and saving the policy.) If none of the policies have File Type Control enabled, the file name and extension fields remain blank.
Internal IPThe internal IP address for the activity.
External IPThe external IP address for the activity.
DNS TypeThe record type for the DNS request.
ActionThe activity is either Blocked or Allowed. Note: Certificate and TLS error events display as Blocked – Certificate Error. These errors will only be displayed where the request is processed by a ruleset that has ‘HTTPS inspection’ and 'File Analysis' enabled. -
CategoriesContent and Security categories flagged with the activity.
ApplicationWhat application is involved with the activity, when applicable. The Application field will only populate for traffic matching policies with Application Controls enabled. If no policies have Application Control enabled, then the field will remain blank.
Ruleset or RuleThe rule or policy applied. For more information about the rule (such as destination list or schedule applied), see View Full Details . Clicking the policy or Rule name redirects you to that policy or Rule.
ProtocolDisplays whether the protocol is HTTP or HTTPS.
Application CategoryIf an application is involved with the activity, this column contains the categories associated with the application. To see a full list of application categories, see Application Categories . This is currently only applicable to Firewall policies.
Application ProtocolIf an application is involved with the activity, this column contains the protocol for the application (HTTP, SSL, RTP, DNS, or none).
RefererThe ID of the program that made the request.
Status CodeStandard HTTP status codes.
Content TypeThe type of content the user is able to see.
File ExtensionThe extension of the file involved in the activity, where applicable.
Date and TimeThe date and time stamp of the activity.

Save Activity Search Report columns and filters for future use

  • Once you select a filter on a new search, a Save Search button will appear. Configure filters and customize columns, then click Save Search.
  • Review search filters applied to this search, then click Continue.
  • Review customized columns selected for display for this search, then click Continue.
  • Search name is required and Description is optional. Once you Save, you will be able to access and update your customized report from the Saved Searches dropdown at the top right of the report.

Activity Search Report < Activity Search Report > View Zero Trust Events in Activity Search Report