User Details (Web Reporting)
The User Details page allows you to see specific information about a user that you have identified in the interactive Users table on the Web > Reporting > Users page.
The User Details page allows you to investigate individual user’s activity on your system. This page is particularly useful if you are running user-level investigations and need to find out, for example, what sites your users are visiting, what Malware threats they are encountering, what URL categories they are accessing, and how much time a specific user is spending at these sites.
To display the User Details page for a specific user, click on a specific user from the User table on the Web > Users page.
From the User Details page, you can view the following information pertaining to an individual user on your system:
|
Section |
Description |
|---|---|
|
Time Range (drop-down list) |
A menu that allows you to choose the time range of the data contained in the report. For more information on time ranges and customizing this for your needs, see the Choosing a Time Range for Reports. |
|
URL Categories by Total Transactions |
This section lists the specific URL Categories that a specific user is using. The set of predefined URL categories is occasionally updated. For more information about the impact of these updates on report results, see URL Category Set Updates and Reports. |
|
Trend by Total Transactions |
This graph displays at what times the user accessed the web. For example, this graph will indicate if there is a large spike in web traffic during certain hours of the day, and when those spikes occur. Using the Time Range drop-down list, you can expand this graph to see a more or less granular span of time that this user was on the web. |
|
URL Categories Matched |
The URL Categories Matched section shows matched categories for both completed and blocked transactions. From this section you can also find a specific URL Category. In the text field at the bottom of the section enter the URL Category and click Find URL Category. The category does not need to be an exact match. The set of predefined URL categories is occasionally updated. For more information about the impact of these updates on report results, see URL Category Set Updates and Reports. |
|
Domains Matched |
From this section you can find out about a specific Domain or IP address that this user has accessed. You can also see the time spent on those categories, and various other information that you have set from the column view. In the text field at the bottom of the section enter the Domain or IP address and click Find Domain or IP. The domain or IP address does not need to be an exact match. |
|
Applications Matched |
From this section you can find a specific application that a specific user is using. For example, if a user is accessing a site that requires use of a lot of Flash video, you will see the application type in the Application column. In the text field at the bottom of the section enter the application name and click Find Application. The name of the application does not need to be an exact match. |
|
Malware Threats Detected |
From this table you can see the top Malware threats that a specific user is triggering. You can search for data on a specific malware threat name in the Find Malware Threat field. Enter the Malware Threat name and click Find Malware Threat. The name of the Malware Threat does not need to be an exact match. |
|
Policies Matched |
From this section you can find the policy groups that applied to this user when accessing the web. In the text field at the bottom of the section enter the policy name and click Find Policy. The name of the policy does not need to be an exact match. |
Note | From Client
Malware Risk Details table: The client reports sometimes show a user with an
asterisk (*) at the end of the user name. For example, the Client report might
show an entry for both “jsmith” and “jsmith*”. User names listed with an
asterisk (*) indicate the user name provided by the user, but not confirmed by
the authentication server. This happens when the authentication server was not
available at the time and the appliance is configured to permit traffic when
authentication service is unavailable.
|
To view an example of how the User Details page may be used, see Example 1: Investigating a User.