The Activity Search Report helps you find the result of every DNS request from your various provisioned identities, ordered in descending date and time. It is the primary report for a number of core functions, including ensuring that the data in other reports is showing correctly. The Identity column gives a good sense of who is reporting as what identity and what you might expect to see in other reports based on that.

Navigate to Reporting > Activity Search.

The activity search bar includes the response—allowed or blocked, or proxy, or allowed or blocked due to destination list, the identity that made the DNS query, the External IP that the request came from and the Internal IP of that request—if using the Umbrella VA for granularity.

The Activity Search only reports the past 28 days as the amount of data in this report is very large.

In order to store data for a period longer than 28 days, please look at the ability to export logs and >store them in Amazon S3.

The search reflects all of the activity from within your Umbrella within the time(s) selected:

These results can be filtered by Umbrella identity by typing in the name of the identity you’d like to report on, then clicking Run Report.

The filter for domain should be set to ‘domain.com’, so if you wanted to search for any results from Google, specify this as ‘google.com.’ For more granularity, add the subdomain eg: mail.google.com.

Wildcards do not apply to this filter.

Ensure you've picked the correct type of DNS response: Both Allowed & Blocked, Allowed, or Blocked, and click Run Report.

If you're unsure of what Unidentified Requests are when running reports when you have Insights for Active Directory configured, click here for more information.

The Activity Search includes the following information:

  • Record is the DNS Record type (eg: A, AAAA, MX and so on).
  • Category is the category or categories that a destination has been categorized as, whether that's security or content.

The New Activity Search Report < Activity Search Report > The New Security Activity Report