Activity

You can report on the following activity:
  • DNS Activity. The DNS Summary report provides data on DNS activity in your network. This includes the total number of DNS queries and the top data values for the following categories: autonomous system name, domain, geolocation, query, and Acceptable Use Policy (AUP) category.

    The DNS Activity report shows data on DNS traffic that’s directed to ETP or ETP Proxy. To show specific DNS activity, you filter data by dimension. For example, you can filter data based on domain, source IP, policy, and more.

  • Proxy Activity. If Enterprise Threat Protector (ETP) Proxy is enabled in your network, data is presented on the Proxy Summary and Proxy Activity reports. The Proxy Summary report includes the total number of proxy transactions and the top transactions for the following categories: policy action, autonomous system name, client port, destination IP, destination port, domain, geolocation, HTTP request method, Layer 7 Protocol, source IP, and URI.

    The Proxy Activity report shows the traffic that’s directed to ETP Proxy. To show specific proxy traffic, you can apply filters based on dimensions. For example, you can report the requested domain, internal IP address of the user’s machine, the username of the user who made the request, the action that was applied to traffic, and more.

  • Network Traffic. The Network Traffic report shows detailed information about network traffic or connections that are directed to ETP. Similar to the data that is shown in the events reports, you can organize this data by the dimension you select. You can also view specific data about the connection, including how the connection was handled by ETP.
  • Security Connector. The Security Connector Activity report provides data on Security Connector events. Like the Threat Events and AUP Events reports, data is organized by dimension. You can view logged events based on the dimension you select.
  • Identity Provider Activity. The Identity Provider Activity report provides data on identity provider sessions. If authentication is required or optional within a policy and you assign users or groups to an AUP, you can report on identity provider activity.