View Zero Trust Events in Activity Search Report

The Activity Search report includes the full details about the Zero Trust Access traffic events in your organization. For more information about the Activity Search report, see View the Activity Search Report.

Table of Contents

Prerequisites

  • A minimum user role of Read-only. For more information, see Manage Accounts.

Procedure

  1. Navigate to Monitor > Reports > Activity Search.
  2. Choose a time frame to view the report. You can view the results for the last 24 hours (default), Yesterday, Last 7 Days, Last 30 Days, or a Custom range.
  3. From the Requests menu, choose a request type or the default of All. Filters update to those that are relevant to the type of request chosen.
  4. For an item in the report, click on the ellipsis (...). Click View Full Details to display the details of the Zero Trust Access event.

Event Details

View the Zero Trust event details in the Activity Search report.

Field NameDescription
Connection MethodThe type of connection method: ZTA Client-based or ZTA Browser-based.
TimeThe time of the event.
ActionIndicates if the traffic was blocked or allowed.

Access Details

View the Zero Trust access details in the Activity Search report.

Field NameDescription
IdentityThe name and email of the user identified in the Zero Trust connection event.
Resource/ApplicationThe name of the private application.
Resource Connector GroupThe ID of the resource connector group that provides access to the private resource.
Ingress RegionThe geographic region of the data center where Secure Access received the incoming traffic.
Tunnel TypeThe type of traffic supported by the network tunnel, which the endpoint established with the proxy. The transport protocol on the tunnel is either HTTP or HTTP3.
Transaction IDThe unique ID associated with the Zero Trust connection request. Use the transaction ID to correlate and troubleshoot connection issues.

Block Details

View the Zero Trust block details in the Activity Search report.


Field NameDescription
Block ReasonSecure Access provides an explanation for blocking access to the private resource.
Associated RuleWhen access was blocked for not meeting access or posture requirements, Secure Access reports the closest matched policy rule that would have allowed access.
Associated PostureThe posture profile that is configured for the associated rule.

Endpoint Details

View the Zero Trust endpoint details in the Activity Search report.



Field NameDescription
Client LocationThe two-character country identifier.
Client Location IPThe IP of the client.
OSThe operating system of the client's device.
Endpoint Security AgentThe name of the endpoint security agent.
Disk EncryptionIndicates if the client's device has disk encryption.
FirewallIndicates if the client environment has a firewall enabled.
System PasswordIndicates if the client has a system password enabled.
Endpoint ApplicationThe name of the endpoint application, which initiated the connection.
Application SignatureThe SHA256 signature of the endpoint application process.
Endpoint UsernameThe username that is associated with the endpoint application process.


View Firewall Events in Activity Search Report < View Zero Trust Events in Activity Search Report > View Activity Search Report Actions