Skip to main content

DashboardDashboards Guide

Zscaler HTTP Dashboard

If you use the Zscaler ZIA Cloud Collector, you can use the pre-built Zscaler HTTP traffic dashboard to view internet activity in your organization. The dashboard enables you to view details about:

To use and customize this dashboard, see the following topics:

Time Range Filter

The Event : Approx Log Time filter sets the time range for the event data. The default setting is in the last 7 days. You can update this filter with a wide range of customizable settings.

To update the time range filter, click the arrow (icon-expand.png) on the right, under the Edit button, to expand the filters panel. In the Event : Approx Log Time filter, select an operator from the first drop down menu and then enter or select values in the subsequent fields, depending on the operator you selected. To save your filter changes, click Apply on the right side of the filter panel. The updated filter is applied to the visualization.

time-range-options.png

Log Volume by Action

Use this graph to view the amount of logs Zscaler generates over time. To view the values represented in the chart, hover your pointer over the graph lines to display the data points.

zscaler-dashboard-log-volume-by-action.png

To view the underlying events of a value, click the data point, and then click Show Results in Search.

Top Hosts (HTTP Traffic)

Use this pie chart to identify the top hosts (up to 10) that are sending large amounts of HTTP traffic. The center of the chart displays the total amount of traffic (in bytes) for the selected time period. Each host segment is color-coded with corresponding labels below. You can hover over each host segment in the chart to view the amount of traffic attributed to the host. To further drill down into a host's traffic, you can select the segment and then Show Results in Search.

zscaler-dashboard-top-hosts-http-traffic.png

Top Users (HTTP Traffic)

Use this pie chart to identify the top users (up to 10) that are sending large amounts of HTTP traffic. The center of the chart displays the total amount of traffic (in bytes) for the selected time period. Each user segment is color-coded and with corresponding labels below the chart. You can hover over each user segment in the chart to view the amount of traffic attributed to the user. To further drill down into a user's traffic, you can select the segment and then Show Results in Search.

zscaler-dashboard-top-users-http-traffic.png

Top Hosts POST Method

Use this chart to identify hosts that are using the POST method to upload large volumes of data which can be symptomatic of data exfiltration. This chart lists the top 10 hosts in order of the total amount (in Gbps) of data uploaded for the selected time period.

zscaler-dashboard-top-hosts-post-method.png

Top Hosts GET Method

Use this chart to identify hosts that are using the GET method to download large volumes of data. This chart lists the top 10 hosts in order of the total amount (in Gbps) of data downloaded for the selected time period.

zscaler-dashboard-top-hosts-post-method.png

High Risk Categories by Host & Category

Use this table to threat hunt to determine why a host is identified as high-risk. For each source host, you can view the corresponding high risk category, and the URLs associated with the high risk behavior.

zscaler-dashboard-high-risk-categories.png