Security Overview Report
To help give our users a better perspective from a single-pane-of-glass report, the Security Overview report is meant to give you a total snapshot of your environment before you dig into the advanced reports. The report is designed to be fairly self-explanatory, but this article runs through the features of the report. To access Security Overview reports, go to Reports > Security Overview.
The Security Overview report consists of these main areas:
- Security Categories
- Top Security Events – Events by Domain
- Top Security Events – Events by Identity
- Deployment Summary
All portions of the report are time-specific. The report can be run for the last 24 hours, the previous calendar day (yesterday), the last seven days and the last month:
The Security Categories portion of the report covers the majority of security category results grouped together: Prevent (malware & drive-by downloads), Contain (botnet command and control requests) and Phishing. Hovering over a point in the graph will highlight more details for that specific time period:
Top Security Events
Top Security Events are divided into two areas, Top Events by Domain, and Top Events by Identity. The number of identities requesting the Top Event Domains is also noted. There is no action from this report, but it is a good idea to use it to establish a baseline. Over time, normal trends—busy identities, such as networks—will consistently be near the top but anomalies, such as Roaming Clients showing large numbers of callouts to a single domain, will emerge as actionable.
At the bottom of the list of events, you have an action to go check out the reports for either Top Domains or Top Identities in more depth:
n the Deployment Summary section of the report, charts of Networks, Roaming Clients, and Virtual Appliances quickly show you how many of each identity type are currently online and active. "Active" references those with a green status in their respective reports. Click View All [Identity Type] to see more.