Proxy activity

If Enterprise Threat Protector (ETP) Proxy is enabled for your enterprise, you can report on the network traffic that's directed to proxy. The Proxy Activity report logs all traffic that’s directed to ETP Proxy. Information such as internal client IP, username, group name, and more are logged in this report. The Proxy Activity report also shows what action was applied to traffic.

You must be an ETP administrator or a user with a specific permission to view the Proxy Activity report. For more information, see Enterprise Threat Protector roles.

Note: If you do not enable authentication or the user skips authentication, ETP Proxy cannot report username and group information. This information is only recorded in the report when the user authenticates. For more information on authentication, see Authentication policy.
The organization of activity data is similar to event data. When navigating this tab:
  • Any applied date or data filter defines the data that is shown. You can filter data based on the selected date or date range, the time of day you enter, the area you select in the Time graph, and the actual filters applied to data on the page. You can create a filter where you include or exclude data from the view.
  • Data that appears on the Proxy Activity report is defined by the selected dimension.
    • The Top 6 area lists the top 6 data values for the selected dimension. For example, if you select the Location dimension, the Top 6 Locations are listed.
    • Activity data is grouped by the selected dimension. For example, if you select the Location dimension, this data is organized by specific locations. You can expand a specific location to view the associated activity.
  • You can perform the following actions on this page:
    • View activity details. If you select the information icon beside the activity data, more details appear in a separate window.
    • Add data to the filter. You can decide to exclude or include data in the filter.
    • View the Indicators of Compromise (IOC) details for a requested domain. When viewing events based on domain, you can click the information icon and the IOC Details appear in a separate window.

If the proxy activity produced an event, the activity details indicate whether the activity is also an event.

If you are a delegated administrator, the data that appears on this page is based on the locations you created and are allowed to access. A tenant administrator cannot view the Proxy Activity report.