Could really use your help understanding the dashboard reports. Yes, I have read as much as I could through the articles, help menus, and other posts. :)
Can someone please help the noob? As an example 7,968 total requests at 4 pm.
As a whole, the Activity Search shows each DNS request made, and the other reports are:
Security Activity: This is the security related activity on your network, whether that's malware, botnet or any of the other security categories.
Total Requests: This is the total number of requests for web resources from your total Organization over a period of time. The report can be filtered based on individual identities or time periods.
Activity Volume: These are the queries from identities within your organization over a period of time, divided by security category or content type. This report has two views, a Snapshot and a Trend Over Time graph.
Top Domains: This report shows the most requested domains within your entire Umbrella for the period of time selected, or for the identities selected.
Top Categories: This is top content categories for your organization or a user within your organization over the time period selected.
Top Identities: This overlay shows the trends of activity along side the threats from either malware or botnets over the time period selected. By default this is 24 hours.
Thanks for the great response and I did read the guides. I guess what is considered average/normal. For instance at 5 pm I had 7,968 total requests. That seems excessive doesnt it?
An average user on a network will make approximately 1,000 requests per day. Note that each DNS request will be recorded and some websites make 10s of requests. I have two examples of busy websites. Each was run through a page analyzer and the output is each domain queried to load the page. These are some extreme examples, but they help indicate that 8K/hour is a reasonable number for an office of about 60 people for normal-light use.
