Security Connector activity

When Enterprise Security Connector is deployed in your organization, Security Connector events are reported on the Security Connector activity report. The organization of events is similar to threat and AUP events:
  • Any applied date or data filter ultimately defines the data that is shown. You can filter data based on the selected date or date range, the time of day you enter, the area you select in the Time graph, and the actual filters applied to security connector events. You can create a filter where you include or exclude data from the view.
  • Event data that appears on the Security Connector activity report is also defined by the selected dimension. The selected dimension defines how events are organized. This includes the Top 6 area of the page and the grouped events area.

    The Top 6 area of the page lists the top 6 items for the selected dimension. For example, if you select Affected Internal IP as the dimension, the Top 6 Affected Internal IP addresses are listed.

    The events area of the page also groups events based on the selected dimension. For example, if you selected Affected Internal IP, events are grouped by the affected internal IP address. You expand the provided IP address to view the associated events.

You can perform the following actions on this page:

  • View event details. If you select the information icon beside an event, event details appear in a separate window.
  • Add data to the filter. You can decide to exclude or include data in the filter.
  • View the corresponding threat event. A Threat Events option is available when you click event data.
  • View the Indicators of Compromise (IOC) details for a requested hostname. When viewing events based on hostname, you can click the information icon and the IOC Details appear in a separate window.
Note: A delegated administrator can view data based on the locations they are allowed to access. A tenant administrator cannot view the Security Connector activity report.