Get reports from the Cyber Shield Top 10 Dashboard
The Cyber Shield Top 10 Dashboard provides two types of reports: high-level event counts for domain and traffic filtering and a detailed report of the actual domain names for the observed or blocked domain filtering events. A detailed report for the observed and blocked traffic flows is also available.
The Cyber Shield Top 10 Dashboard provides two types of reports: high-level event counts for domain and traffic filtering and a detailed report of the actual domain names for the observed or blocked domain filtering events. A detailed report for the observed and blocked traffic flows is also available.
Download the Domain and Traffic filtering metrics as a CSV file
To download the report, follow the steps below:
Navigate to Shield > Overview.
Scroll down to the Top 10 Dashboard section.
Select the desired timeframe from the time duration drop-down. The choices are This hour, Last 24 Hours, Last 7 Days, and Last 30 Days.
Based on the graph view selected and displayed, you will see in the bottom left corner of the Top 10 Dashboard section one of the hyperlinked texts below:
Observed domains by categories
Blocked domains by categories
Observed traffic by categories
Observed traffic by priorities
Blocked traffic by categories
Blocked traffic by priorities
Click on the hyperlinked text
You will see a table view of the data presented in the bubble chart. The table has Name, Percentage, and Count as columns. The rows are sorted in descending order based on Count.
A search
icon is present at the top right.A button to export the data as a CSV file is also present.
Note
The observed and blocked domain table shows all the content categories with events and can exceed the top 10 displayed categories.
Click Export to .csv.
The displayed tabular data is downloaded as a CSV file and saved in your web browser's default download directory.
Receive a detailed report for monitored or blocked domains
The detailed report provides information about any monitored and blocked domains for the time range selected in the Top 10 Dashboard and the drill-down level granularity. For instance, at the top level of the Top 10 Dashboard, the detailed report contains data for all categories, Users, and Devices. If you drill down to a specific category, the report contains domains only from that category for all Users and Devices. At the User level, the report contains domains only for that User for all Devices for that specific domain category. You can also drill down to the Device level. Refer to Investigate using Cyber Shield Top 10 Dashboard.
The signed-in Administrator receives an email with a link to access the generated CSV report. The link is valid for three days.
To receive the report, follow the steps below:
Navigate to Shield > Overview.
Scroll down to the Top 10 Dashboard section.
Select the desired timeframe from the time duration drop-down. The choices are This hour, Last 24 Hours, Last 7 Days, and Last 30 Days.
Click either Observed domains or Blocked domains tab as desired.
An Export to .csv button will be displayed in the bottom left corner below the bubble chart.
Click Export to .csv
A success notification will inform you that you will receive the report at your email address.
In a few minutes, you will receive an email with a Download Report button. The download link is valid for three days.
Click Download Report in the email.
You must sign in to the Administration Portal if you are signed out. The download will start and a .zip file will be downloaded in your web browser's default download directory.
Once the file is unzipped and opened, you will that it contains the following information:
Day - The date of the event.
First resolve time - The time when the domain name was first queried during the day of the event.
Last resolve time - The time when the domain name was last queried during the day of the event.
Hit count - The number of domain name resolutions during the above time interval
Domain - The domain name that was queried
Category - The classification category for that domain name.
User - The username that initiated the domain name lookup query. This field is blank if the DNS request came from a Host or Network.
Device - The device from which the domain name lookup query was initiated. This field is blank if the DNS request came from a Host or Network.
Host - The Host's name that initiated the domain name lookup query. This field is blank if the DNS request comes from a user’s device.
Network - The Network's name that initiated the domain name lookup query. This field is blank if the DNS request comes from a user’s device.
Connector - The Connector's name from which the domain name lookup query was initiated. This field is blank if the DNS request comes from a user’s device.
isBlocked - true if the domain query was blocked.
Receive a detailed report for monitored or blocked traffic
The detailed report provides information about any monitored and blocked traffic that matched the configured categories and priorities rules for the time range selected in the Top 10 Dashboard and the drill-down level granularity. For instance, at the top level of the Top 10 Dashboard, the detailed report contains data for all categories, Users, and Devices. If you drill down to a specific category, the report contains traffic matches only from that category for all Users and Devices. At the User level, the report contains traffic matches only for that User for all Devices for that specific traffic category. You can also drill down to the Device level. Refer to Investigate using Cyber Shield Top 10 Dashboard.
The signed-in Administrator receives an email with a link to access the generated CSV report. The link is valid for three days.
To receive the report, follow the steps below:
Navigate to Shield > Overview.
Scroll down to the Top 10 Dashboard section.
Select the desired timeframe from the time duration drop-down. The choices are This hour, Last 24 Hours, Last 7 Days, and Last 30 Days.
Click either Observed traffic or Blocked traffic tab as desired.
An Export to .csv button will be displayed in the bottom left corner below the bubble chart.
Click Export to .csv
A success notification will inform you that you will receive the report at your email address.
In a few minutes, you will receive an email with a Download Report button. The download link is valid for three days.
Click Download Report in the email.
You must sign in to the Administration Portal if you are signed out. The download will start, and a .zip file will be downloaded in your web browser's default download directory.
Once the file is unzipped and opened, you will see that it contains the following information:
Day - The event date.
Hit count - The number of events per day
First occurrence - The timestamp of the first event.
Last occurrence - The timestamp of the last event.
Threat signature - unique ID of the signature.
Event - name of the identified event.
Category - The classification category for that event.
Classification - a classification for the event.
Priority - Cyber Shield priority of the event.
Protocol - the network protocol.
Source IP - the IP of the event initiator.
Source Ports - a list of ports for the initiator.
Destination IP - the destination IP of the traffic flow.
Destination Ports - the destination ports of the traffic flow.
Source User - The username that initiated the traffic.
Source Device - The device from which the traffic was initiated.
Source Host - The Host's name that initiated the traffic.
Source Network - The Network's name that initiated the traffic.
Source Connector - The Connector's name from which the traffic was initiated.
isBlocked - true if the traffic flow was dropped.