View and Customize the Activity Search Report
This topic explains the functions of the Activity Search report and where to find the report in Secure Access.
Table of Contents
- Prerequisites
- View the Activity Search Report
- Customize the Activity Search Report
- Save Activity Search Report columns and filters for future use
Prerequisites
- A minimum user role of Read-only. For more information, see Manage Accounts.
View the Activity Search Report
- Navigate to Monitor > Reports > Activity Search. This takes you to the default view of the Activity Search report, which lists all of your identities and the internet requests or traffic events for your organization, tracked over time.
- Hover over individual column values to apply it as a search filter or to exclude it from the search.
- To learn more about individual results, click the blue ellipsis View Actions icon to the right of each search result. For more information, see View Activity Search Report Actions.
Customize the Activity Search Report
- Choose a time frame to view the report. The default is Last 24 Hours.
- Filter Request by selecting an option from the dropdown menu at the top right. The default is All.
- Search and select additional Filters to the left of the report results. Filter options available in this menu are determined by the Request selected in the previous step.
- Select Search Options below the Filters menu in the previous step.
- Include All Traffic— Includes data from all domains including noisy domains that are filtered out by default.
- Filter by Uncategorized— Includes destinations that are not classified under a specific security or content category.
- Customize Columns to select columns to display, drag and drop to reorder column position, then click Apply.
| Column Name | Column Purpose |
|---|---|
| Request | When All Requests is selected, this column displays the type of request for each event. |
| Identity | The identity that performed the activity. |
| Policy or Ruleset Identity | The identity used to determine which policy applied to this activity. |
| Destination | The destination of the activity. |
| File Name | The name of the file involved with the activity, where applicable. Note: File Name will only populate for traffic matching policies with File Type Control or File Inspection enabled (you can enable File Type Control without blocking any file types by clicking enable and saving the policy.) If none of the policies have File Type Control enabled, the file name and extension fields remain blank. |
| Internal IP | The internal IP address for the activity. |
| External IP | The external IP address for the activity. |
| DNS Type | The record type for the DNS request. |
| Action | The activity is either Blocked or Allowed. Note: Certificate and TLS error events display as Blocked – Certificate Error. These errors will only be displayed where the request is processed by a ruleset that has ‘HTTPS inspection’ and 'File Analysis' enabled. - |
| Categories | Content and Security categories flagged with the activity. |
| Application | What application is involved with the activity, when applicable. The Application field will only populate for traffic matching policies with Application Controls enabled. If no policies have Application Control enabled, then the field will remain blank. |
| Ruleset or Rule | The rule or policy applied. For more information about the rule (such as destination list or schedule applied), see View Full Details . Clicking the policy or Rule name redirects you to that policy or Rule. |
| Protocol | Displays whether the protocol is HTTP or HTTPS. |
| Application Category | If an application is involved with the activity, this column contains the categories associated with the application. To see a full list of application categories, see Application Categories . This is currently only applicable to Firewall policies. |
| Application Protocol | If an application is involved with the activity, this column contains the protocol for the application (HTTP, SSL, RTP, DNS, or none). |
| Referer | The ID of the program that made the request. |
| Status Code | Standard HTTP status codes. |
| Content Type | The type of content the user is able to see. |
| File Extension | The extension of the file involved in the activity, where applicable. |
| Date and Time | The date and time stamp of the activity. |
Save Activity Search Report columns and filters for future use
- Once you select a filter on a new search, a Save Search button will appear. Configure filters and customize columns, then click Save Search.
- Review search filters applied to this search, then click Continue.
- Review customized columns selected for display for this search, then click Continue.
- Search name is required and Description is optional. Once you Save, you will be able to access and update your customized report from the Saved Searches dropdown at the top right of the report.
Activity Search Report < Activity Search Report > View Zero Trust Events in Activity Search Report
Updated 2 months ago