Skip to main content

Get reports from the Cyber Shield Top 10 Dashboard

Abstract

The Cyber Shield Top 10 Dashboard provides two types of reports: high-level event counts for domain and traffic filtering and a detailed report of the actual domain names for the observed or blocked domain filtering events.

The Cyber Shield Top 10 Dashboard provides two types of reports: high-level event counts for domain and traffic filtering and a detailed report of the actual domain names for the observed or blocked domain filtering events.

Download the Domain and Traffic filtering metrics as a CSV file

To download the report, follow the steps below:

  1. Navigate to Shield > Overview.

  2. Scroll down to the Top 10 Dashboard section.

  3. Select the desired timeframe from the time duration drop-down. The choices are This hour, Last 24 Hours, Last 7 Days, and Last 30 Days.

  4. Based on the graph view selected and displayed, you will see in the bottom left corner of the Top 10 Dashboard section one of the hyperlinked texts below:

    • Observed domains by categories

    • Blocked domains by categories

    • Observed traffic by categories

    • Observed traffic by priorities

    • Blocked traffic by categories

    • Blocked traffic by priorities

  5. Click on the hyperlinked text

    You will see a table view of the data presented in the bubble chart. The table has Name, Percentage, and Count as columns. The rows are sorted in descending order based on Count.

    A search search_icon.png icon is present at the top right.

    A button to export the data as a CSV file is also present.

    Note

    The observed and blocked domain table shows all the content categories with events and can exceed the top 10 displayed categories.

  6. Click Export to .csv.

    The displayed tabular data is downloaded as a CSV file and saved in your web browser's default download directory.

Receive a detailed report for monitored or blocked domains

The detailed report provides information about any monitored and blocked domains for the time range selected in the Top 10 Dashboard and the drill-down level granularity. For instance, at the top level of the Top 10 Dashboard, the detailed report contains data for all categories, Users, and Devices. If you drill down to a specific category, the report contains domains only from that category for all Users and Devices. At the User level, the report contains domains only for that User for all Devices for that specific domain category. You can also drill down to the Device level. Refer to Investigate using Cyber Shield Top 10 Dashboard.

The signed-in Administrator receives an email with a link to access the generated CSV report. The link is valid for three days.

To receive the report, follow the steps below:

  1. Navigate to Shield > Overview.

  2. Scroll down to the Top 10 Dashboard section.

  3. Select the desired timeframe from the time duration drop-down. The choices are This hour, Last 24 Hours, Last 7 Days, and Last 30 Days.

  4. Click either Observed domains or Blocked domains tab as desired.

    An Export to .csv button will be displayed in the bottom left corner below the bubble chart.

  5. Click Export to .csv

    A success notification will inform you that you will receive the report at your email address.

  6. In a few minutes, you will receive an email with a Download Report button in it. The download link is valid for three days.

  7. Click Download Report in the email.

    You must sign in to the Administration Portal if you are signed out. The download will start and a .zip file will be downloaded in your web browser's default download directory.

Once the file is unzipped and opened, you will that it contains the following information:

  • Day - The date of the event.

  • First resolve time - The time when the domain name was first queried during the day of the event.

  • Last resolve time - The time when the domain name was last queried during the day of the event.

  • Hit count - The number of domain name resolutions during the above time interval

  • Domain - The domain name that was queried

  • Category - The classification category for that domain name.

  • User - The username that initiated the domain name lookup query. This field is blank if the DNS request came from a Host or Network.

  • Device - The device from which the domain name lookup query was initiated. This field is blank if the DNS request came from a Host or Network.

  • Host - The Host's name that initiated the domain name lookup query. This field is blank if the DNS request comes from a user’s device.

  • Network - The Network's name that initiated the domain name lookup query. This field is blank if the DNS request comes from a user’s device.

  • Connector - The Connector's name from which the domain name lookup query was initiated. This field is blank if the DNS request comes from a user’s device.