The Enterprise Threat Protector (ETP) dashboard reports threat and AUP events, as well as DNS activity in your network. The dashboard allows you to easily monitor network traffic at a glance, investigate activity, and block suspicious or malicious domains or IP addresses. You can:

  • View events from this month, the last 24 hours, 7 days, 30 days, or within a specified date or date range. You can also specify a time of day.
  • Search for a domain. Search results appear on the Indicator Search page.
  • View the total number of events that are identified as threats (such as malware, phishing, command and control), violations of the Acceptable Use Policy (AUP), DNS request activity, and other alerts for threat events.
  • Review analytics for threat and AUP events based on specific criteria. For more information see Event dimensions.
  • If the ETP Proxy is enabled for your enterprise, in addition to DNS threat events, you can also view threat events related to HTTP(S) traffic.
  • Your view of the dashboard depends on your administrator role. For example, if you are a delegated administrator or tenant administrator, the Dashboard shows events and activity based on the locations that you are allowed to access. A tenant administrator cannot see HTTP(s) events or Security Connector events. You must be a report viewer or a super administrator to view all data that applies to your enterprise.
Note: If you are trying Enterprise Threat Protector with the new Enterprise Center interface, a new dashboard is available where you can create widgets to show the data you need to track. To learn more about the new Dashboard, see New Dashboard.