There are multiple reports you can use to gain a better perspective on the usage of Cisco Umbrella in regard to malicious activity that was blocked, overall activity to web sites, and which of your Identities are generating requests.
These reports covered in more depth here: https://docs.umbrella.com/product/umbrella/getting-started-learning-to-use-reports-and-exporting-reports/
Some of our reports you can try out are:
- Activity Search—Activity in your environment over the selected time period. Filterable by Identity, destination, source IP, response, content category, and security category.
- Security Activity—Security-related activity in your environment, including malware, command and control, and all other security categories over the selected time period. Filterable by Identity, destination, source IP, and security category.
- Cloud Services—Overview of cloud services accessed by your organization over the selected time period. Filterable by Cloud Service Name, Identity, and Classification.
- Destinations—Information about the destinations that your identities are visiting, determining which are the most actively requested and when this activity occurs.
- Identities—Activity information for your identities, determining which are the most active and which destinations they are visiting. For customers with Umbrella Insights or Platform packages, or for MSPs and customers of those MSPs.