Reviewing Data in Motion tab in Data Security dashboard

The Data in Motion dashboard consolidates all the DLP traffic that is in transit and inline over the proxy, SmartEdge Agent, Cloud SWG and ZTNA (Agentless and Agent based). This will help admins get a quick overview of possible risky activity occurring in realtime in their protected cloud applications.

The widgets on left side of the page displays information related to Unsanctioned Apps' traffic from Cloud SWG and SmartEdge Agent.





Filtering

You can further filter the information by selecting the appropriate filter from the Search drop-down list on top of date range.

Follow the below steps to filter the information:

  1. Click into the Search box and select the Field option you are filtering by.


    Available options are Username, User Groups and Action.

    On selecting the field option, Operator drop-down list appears.

  2. Select the appropriate operator from the drop-down list.

    Available options vary as per the field option selected. Available options are equals, does not equal, and Contains.



  3. Select the option from the drop-down list to filter the information.
    • If you select Username or User Groups from the Field drop-down list, then you can select available username or group from the drop-down list.
    • If you select Action in the Field drop-down list, then select the applicable value. Available options are Allowed and Denied.

    On entering the text or on selecting the option from the drop-down list, AND function appear.

  4. Select the AND function to continue your exact match filter.


    You can then continue to add refined filters as desired. Once ready to search, click into the space and press enter.

Sensitive Uploads to Unsanctioned Apps

The Sensitive Uploads to Unsanctioned Apps widget indicates number of times the sensitive data was uploaded and denied to unsanctioned applications.



You can drill down these logs.
  • Allowed - Click the number below the Allowed to open the Sensitive Uploads to Unsanctioned Apps : Allowed page. This page contains a modal table with Time, File Name, App Name, Domain, Username, Type and Event Count fields.


  • Denied - Click the number below the Denied to open the Sensitive Uploads to Unsanctioned Apps : Denied page. This page contains a modal table with Time, File Name, App Name, Domain, Username, Type and Event Count fields.


Top Groups Uploading Sensitive Data to Unsanctioned Apps

The Top Groups Uploading Sensitive Data to Unsanctioned Apps widget indicates top 10 groups uploading sensitive data to unsanctioned applications.



You can view Allowed or Denied data only by clicking the respective ledger at the bottom of the widget. Click the same ledger again to view the data for Allowed and Denied on the horizontal bar charts.

You can drilldown the data at different levels:
  • Drilling down at Group Level

    To drilldown at group level, click the name of the group and click Drill into <groupname> to open Top Groups Uploading Sensitive Data to Unsanctioned Apps: <GroupName> page. This page displays modal table with App Name, Domain, Event Count, DLP Action and User Count fields.



  • Drilling down the Allowed data of a group

    To drilldown the allowed data of a group, click the Allowed split bar of a group and click Drill into <GroupName>, allowed to open the Top Groups Uploading Sensitive Data to Unsanctioned Apps: <GroupName>, allowed page. This page displays modal table with App Name, Domain, Event Count and User Count fields.



  • Drilling down the Denied data of a Group

    To drilldown the denied data of a group, click the Denied split bar of a group and click Drill into <GroupName>, denied to open the Top Groups Uploading Sensitive Data to Unsanctioned Apps: <GroupName>, denied page. This page displays modal table with App Name, Domain, Event Count and User Count fields.



Top Sensitive Uploaders to Unsanctioned Apps

The Top Sensitive Uploaders to Unsanctioned Apps widget indicates top 10 users uploading sensitive data to unsanctioned applications.



You can view Allowed or Denied data only by clicking the respective ledger at the bottom of the widget. Click the same ledger again to view the data for Allowed and Denied on the horizontal bar charts.

You can drilldown the data at different levels:
  • Drilling down at User Level

    To drilldown at user level, click the name of the user and click Drill into <username> to open Top Sensitive Uploaders to Unsanctioned Apps : <UserName> page. This page displays modal table with App Name, Domain, Event Count, and DLP Action fields.



  • Drilling down the Allowed data of a User

    To drilldown the allowed data of a user, click the Allowed split bar of a user and click Drill into <UserName>, allowed to open the Top Sensitive Uploaders to Unsanctioned Apps: <UserName>, allowed page. This page displays modal table with App Name, Domain, and Event Count fields.



  • Drilling down the Denied data of a User

    To drilldown the denied data of a user, click the Denied split bar of a user and click Drill into <UserName>, denied to open the Top Sensitive Uploaders to Unsanctioned Apps: <UserName>, denied page. This page displays modal table with App Name, Domain, and Event Count fields.



Top Uploaded Patterns to Unsanctioned Apps

The Top Uploaded Patterns to Unsanctioned Apps widget indicates top 10 patterns uploaded to unsanctioned applications.



You can view Allowed or Denied data only by clicking the respective ledger at the bottom of the widget. Click the same ledger again to view the data for Allowed and Denied on the horizontal bar charts.

You can drilldown the data at different levels:

  • Drilling down the Pattern by User

    To drilldown the pattern by user, click the name of the pattern and click Split by User to open Top Uploaded Patterns to Unsanctioned Apps : Split by User page. This page displays modal table with Username, Allowed Event Count, Denied Event Count and DLP Action fields.



  • Drilling down the Pattern by Apps

    To drilldown the pattern by apps, click the name of the pattern and click Split by Apps to open Top Uploaded Patterns to Unsanctioned Apps : Split by Apps page. This page displays modal table with App Name, Domain, Event Count and DLP Action fields.



  • Drilling down the Allowed data of a Pattern

    To drilldown the allowed data of a pattern, click the Allowed split bar of a pattern and click Drill into <PatternName>, allowed to open the Top Uploaded Patterns to Unsanctioned Apps: <PatternName>, allowed page. This page displays modal table with App Name, Domain, Event Count and User Count fields.



  • Drilling down the Denied data of a Pattern

    To drilldown the denied data of a pattern, click the Denied split bar of a pattern and click Drill into <PatternName>, denied to open the Top Uploaded Patterns to Unsanctioned Apps: <PatternName>, denied page. This page displays modal table with App Name, Domain, Event Count and User Count fields.



Top Unsanctioned Enterprise Apps Receiving Sensitive Data

The Top Unsanctioned Enterprise Apps Receiving Sensitive Data widget indicates top 10 unsanctioned enterprise apps receiving sensitive data.



You can view Allowed or Denied data only by clicking the respective ledger at the bottom of the widget. Click the same ledger again to view the data for Allowed and Denied on the horizontal bar charts.

You can drilldown the data at different levels:

  • Drilling down the Apps by User

    To drilldown the apps by user, click the name of the application and click Split by User to open Top Unsanctioned Enterprise Apps Receiving Sensitive Data : Split by User page. This page displays modal table with Username, Allowed Event Count, and Denied Event Count fields.



  • Drilling down the Apps by Group

    To drilldown the apps by a group, click the name of the app and click Split by Group to open Top Unsanctioned Enterprise Apps Receiving Sensitive Data : Split by Group page. This page displays modal table with User Groups, Allowed Event Count and Denied Event Count fields.



Top Web Browsing Categories for Sensitive Uploads to Unsanctioned Apps

The Top Web Browsing Categories for Sensitive Uploads to Unsanctioned Apps widget indicates top 10 web browsing categories for sensitive uploads to unsanctioned applications.



You can view Allowed or Denied data only by clicking the respective ledger at the bottom of the widget. Click the same ledger again to view the data for Allowed and Denied on the horizontal bar charts.

You can drilldown the data at different levels:

  • Drilling down the Web Browsing Categories by User

    To drilldown the Web Browsing Categories by user, click the name of the category and click Split by User to open Top Web Browsing Categories for Sensitive Uploads to Unsanctioned Apps : Split by User page. This page displays modal table with Username, Allowed Event Count, and Denied Event Count fields.



  • Drilling down the Web Browsing Categories by Domain

    To drilldown the Web Browsing Categories by domain, click the name of the category and click Split by Domain to open Top Web Browsing Categories for Sensitive Uploads to Unsanctioned Apps : Split by Domain page. This page displays modal table with Domain, Allowed Event Count and Denied Event Count fields.



  • Drilling down the Web Browsing Categories by Group

    To drilldown the Web Browsing Categories by a group, click the name of the category and click Split by Group to open Top Web Browsing Categories for Sensitive Uploads to Unsanctioned Apps : Split by Group page. This page displays modal table with User Groups, Allowed Event Count and Denied Event Count fields.



The widgets on right side of the page displays information related to Sensitive Downloads to Unmanaged Devices, that is traffic from proxy and ZTNA (Agentless and Agent based).

Sensitive Downloads to Unmanaged Devices

The Sensitive Downloads to Unmanaged Devices widget indicates number of times the sensitive data was downloaded and download denied to unmanaged devices.



You can drill down these logs:

  • Allowed - Click the number below the Allowed to open the Sensitive Downloads to Unmanaged Devices : Allowed page. This page contains a modal table with Time, File Name, App Name, Domain, Username and Type fields.


  • Denied - Click the number below the Allowed to open the Sensitive Downloads to Unmanaged Devices : Denied page. This page contains a modal table with Time, File Name, App Name, Domain, Username and Type fields.


Top Groups Downloading Sensitive Data to Unmanaged Devices

The Top Groups Downloading Sensitive Data to Unmanaged Devices widget indicates top 10 groups downloading sensitive data to unmanaged devices.



You can view Allowed or Denied data only by clicking the respective ledger at the bottom of the widget. Click the same ledger again to view the data for Allowed and Denied on the horizontal bar charts.

You can drilldown the data at different levels:

  • Drilling down at Group Level

    To drilldown at group level, click the name of the group and click Drill into <groupname> to open Top Groups Downloading Sensitive Data to Unmanaged Devices : <GroupName> page. This page displays a modal table with App Name, Domain, Event Count, DLP Action and User Count fields.



  • Drilling down the Allowed data of a group

    To drilldown the allowed data of a group, click the Allowed split bar of a group and click Drill into <GroupName>, allowed to open the Top Groups Downloading Sensitive Data to Unmanaged Devices : <GroupName>, allowed page. This page displays modal table with App Name, Domain, Event Count and User Count fields.



  • Drilling down the Denied data of a Group

    To drilldown the denied data of a group, click the Denied split bar of a group and click Drill into <GroupName>, denied to open the Top Groups Downloading Sensitive Data to Unmanaged Devices : <GroupName>, denied page. This page displays modal table with App Name, Domain, Event Count and User Count fields.



Top Sensitive Downloaders to Unmanaged Devices

The Top Sensitive Downloaders to Unmanaged Devices widget indicates top 10 users downloading sensitive data to unmanaged devices.



You can view Allowed or Denied data only by clicking the respective ledger at the bottom of the widget. Click the same ledger again to view the data for Allowed and Denied on the horizontal bar charts.

You can drilldown the data at different levels:

  • Drilling down at User Level

    To drilldown at user level, click the name of the user and click Drill into <username> to open Top Sensitive Downloaders to Unmanaged Devices : <UserName> page. This page displays modal table with App Name, Domain, Event Count, and DLP Action fields.



  • Drilling down the Allowed data of a User

    To drilldown the allowed data of a user, click the Allowed split bar of a user and click Drill into <UserName>, allowed to open the Top Sensitive Downloaders to Unmanaged Devices : <UserName>, allowed page. This page displays modal table with App Name, Domain, and Event Count fields.



  • Drilling down the Denied data of a User

    To drilldown the denied data of a user, click the Denied split bar of a user and click Drill into <UserName>, denied to open the Top Sensitive Downloaders to Unmanaged Devices : <UserName>, denied page. This page displays modal table with App Name, Domain, and Event Count fields.



Top Downloaded Patterns to Unmanaged Devices

The Top Downloaded Patterns to Unmanaged Devices widget indicates top 10 patterns downloaded to unsanctioned applications.



You can view Allowed or Denied data only by clicking the respective ledger at the bottom of the widget. Click the same ledger again to view the data for Allowed and Denied on the horizontal bar charts.

You can drilldown the data at different levels:

  • Drilling down the Pattern by User

    To drilldown the pattern by user, click the name of the pattern and click Split by User to open Top Downloaded Patterns to Unmanaged Devices : Split by User page. This page displays modal table with Username, Allowed Event Count, Denied Event Count and DLP Action fields.



  • Drilling down the Pattern by Apps

    To drilldown the pattern by apps, click the name of the pattern and click Split by Apps to open Top Downloaded Patterns to Unmanaged Devices : Split by Apps page. This page displays modal table with App Name, Domain, Event Count and DLP Action fields.



  • Drilling down the Allowed data of a Pattern

    To drilldown the allowed data of a pattern, click the Allowed split bar of a pattern and click Drill into <PatternName>, allowed to open the Top Downloaded Patterns to Unmanaged Devices : <PatternName>, allowed page. This page displays modal table with App Name, Domain, Event Count and User Count fields.



  • Drilling down the Denied data of a Pattern

    To drilldown the denied data of a pattern, click the Denied split bar of a pattern and click Drill into <PatternName>, denied to open the Top Downloaded Patterns to Unmanaged Devices : <PatternName>, denied page. This page displays modal table with App Name, Domain, Event Count and User Count fields.



Top Enterprise Apps providing Sensitive Data to Unmanaged Devices

The Top Enterprise Apps providing Sensitive Data to Unmanaged Devices widget indicates top 10 enterprise apps providing sensitive data to unmanaged devices.



You can view Allowed or Denied data only by clicking the respective ledger at the bottom of the widget. Click the same ledger again to view the data for Allowed and Denied on the horizontal bar charts.

You can drilldown the data at different levels:

  • Drilling down the Apps by User

    To drilldown the apps by user, click the name of the application and click Split by User to open Top Enterprise Apps providing Sensitive Data to Unmanaged Devices : Split by User page. This page displays modal table with Username, Allowed Event Count, and Denied Event Count fields.



  • Drilling down the Apps by Group

    To drilldown the apps by a group, click the name of the app and click Split by Group to open Top Enterprise Apps providing Sensitive Data to Unmanaged Devices : Split by Group page. This page displays modal table with User Groups, Allowed Event Count and Denied Event Count fields.



Top Domains providing Sensitive Data to Unmanaged Devices

The Top Domains providing Sensitive Data to Unmanaged Devices widget indicates top 10 domains providing sensitive data to unmanaged devices.



You can view Allowed or Denied data only by clicking the respective ledger at the bottom of the widget. Click the same ledger again to view the data for Allowed and Denied on the horizontal bar charts.

You can drilldown the data at different levels:

  • Drilling down Domain by User

    To drilldown the domain by user, click the name of the domain and click Split by User to open Top Domains providing Sensitive Data to Unmanaged Devices : Split by User page. This page displays modal table with Username, Allowed Event Count, and Denied Event Count fields.



  • Drilling down Domain by Group

    To drilldown the domain by a group, click the name of the domain and click Split by Group to open Top Domains providing Sensitive Data to Unmanaged Devices : Split by Group page. This page displays modal table with User Groups, Allowed Event Count and Denied Event Count fields.