Prerequisites

You must configure your Cyber Shield Domain Filtering to block specific domain categories. More details on domain filtering can be found here: Configuring Cyber Shield Domain Filtering.

Before setting up a drill-down investigation, we also recommend that you refer to this documentation: Cyber Shield Top-10 Dashboard.


Conduct a drill-down investigation

  1. Access the Cyber Shield page in the administration portal, and on the Top 10 Dashboard pane select a dashboard view.

    For this example we’re using Blocked Domains by Category.

  2. Turn the Investigate Mode switch on.

  3. Click one of the category circles on the dashboard. For this example we’re using Malware.

    The dashboard displays the users that originated any DNS queries that are classified in the malware category.

  4. Click on a user to drill down into that data set.

  5. The dashboard displays the devices on which traffic was blocked because it was flagged by the malware domain filter.

    You can navigate back to either the Category view or the Malware view by clicking the breadcrumbs.