Skip to main content
Skip table of contents

2807 - Using BloxOne Security Reports


Scenario

You're tasked to investigate a recent event that might prove itself to be malicious, you're trying to prove that the investigated malicious domain has been dealt with correctly and securely by blocking it. using Security Activity Reports you decided to investigate the domain and export the logs of it being blocked for your team leader and department head alongside a more summarized report for them to use for the higher-up management.

Estimate Completion Time

  • 30-40 Minutes

Course Reference

  • 1106: BloxOne Reports

Prerequisites

  • Administrative access to the CSP

  • Lab 2804: Managing BloxOne Endpoints

Tasks

  • Task 1: Access security activity reports

  • Task 2: Search for a specific source

  • Task 3: Export Security Events report

  • Task 4: Creating Summary Reports


Task 1: Access security activity reports

  • Using your pod's Jump-Desktop, Log into CSP and access the security activity reports page.

    • Use the page to investigate the overall health of your environment.

Task 2: Search for a specific source

  • Use the search tool to query the suspious domain streamthembase.top or any domains that might be similar to it in name.

    • Verify from the logs that the specifed domain was indeed blocked and the user was redirected

Task 3: Export Security Events report

  • Export your findings out into a csv file to be used by other team members

Task 4: Creating Summary Reports

  • Using the Summary Reports tool in CSP, Create both an Executive Summary Report and a Comprehensive Security Report for the past week


Solutions

Task 1 solution: Access security activity reports

  1. On jump-Desktop, in your CSP browser, navigate to Reports > Security Activity, you should land on the Security Events page.

  2. Investigate the Security Events tab, we should find all our previous attempts to access malicious domains listed.

  3. Click throw the different tabs on the top of the page and investigate what each page would show.

Task 2 solution: Search for a specific source

  1. In the search bar in the Security Events tab, enter query = stream* and click search. The output will include all streamthembase.top requests.

  2. Clear the search bar and using the options bar under or next to the search bar, change the Action from any to Redirect, the output displayed should only include Block-Redirect domains.

  3. Revert the Action back to Any, Change the Show value from 1 hour (default) to 7 days.

Task 3 solution: Export Security Events report

  1. Click the Export button above the security events table.

  2. A new popup window will appear, choose the Downloads folder as your destination, and click Save. The name of the downloaded file should be security-activity_security-events.csv.

Task 4 solution: Creating Summary Reports

  1. Navigate to Reports > Summary Reports, select Executive Summary Report from the list in step 1 and in step 2 select 7 days as the duration and click on Export.

  2. Select Comprehensive Security Report from the list in step 1 and in step 2 select 7 days as the duration and click on Export.

  3. Examine both reports and view their various elements.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.