Activity Search Report
The Activity Search Report in Umbrella helps you find the result of every DNS request from the various provisioned identities to refine your Policies, ordered in descending date and time.
The activity search bar includes the response—allowed or blocked, or proxy, or allowed or blocked due to destination list, the identity that made the DNS query, the External IP that the request came from and the Internal IP of that request—if using the Umbrella VA for granularity.
The export button in the upper right allows you to export the report you've generated to CSV (Excel) format. You can also Share the report and Bookmark it for later.
The search reflects all of the activity from within your Umbrella within the time(s) selected:
Note: The Activity Search only reports the past 28 days as the amount of data in this report is very large. In order to store data for a period longer than 28 days, please look at the ability to export logs and store them in Amazon S3:https://support.umbrella.com/hc/en-us/articles/231248448-Cisco-Umbrella-Log-Management-in-Amazon-S3
These results can be filtered by Umbrella identity by typing in the name of the identity you’d like to report on, then clicking Run Report.
The filter for destination should be set to ‘domain.com’, so if you wanted to search for any results from Google, specify this as ‘google.com.’ Wildcards for *.search are automatically included (the * must not be included in the search!); however, wildcards are not supported inline.
Ensure you've picked the correct type of DNS response and click Run Report:
If you're unsure of what Unidentified Requests are when running reports, click here for more information.