Web Insights Filters

You can apply the following filters to the charts in Analytics > Web Insights.

After you define the filters, click Apply Filters to refresh the chart or click Logs to view the logs. (See Viewing Web Logs.)

Filter Description

Advanced Threat Super Category

Use this filter to view transactions in which advanced threats were detected. These advanced threats are detected by Advanced Threats Protection.

  • To view transactions associated with any type of virus or spyware, choose Any.
  • To view transactions associated with a particular type, choose one from the list or use the Search function.

Bandwidth Class

Use this filter to view transactions associated with a specific bandwidth class. Choose a bandwidth class from the list or type a bandwidth class in the Search field.

Bandwidth Rule

Use this filter to view transactions associated with a specific bandwidth rule. Choose a bandwidth rule from the list or type a bandwidth rule name in the Search field.

Client IP

Use this filter to view transactions associated with a source IP address. Enter either the Internet gateway location IP address or the IP address of the client device. You can enter an IP address, a range of IP addresses, or an IP address and netmask, as shown in the examples below the text box.

Cloud Application

Use this filter to view transactions associated with a specific application. Choose Any to view all transactions or choose an application to view its associated transactions.

Cloud Application Class

Use this filter to view transactions associated with a specific application class. Choose All to view all transactions or choose an application class to view its associated transactions.

Department

Use this filter to view transactions associated with a specific department. The default is All, which displays all transactions. Choose a department from the list or type a department name in the Search field. 

DLP Dictionary

Use this filter to view transactions in which data leakage was detected. Choose Any to view transactions associated with any DLP dictionary or choose a dictionary to view only its associated transactions.

DLP Engine

Apply this filter to view transactions in which data leakage was detected. Choose Any to view transactions associated with any DLP engine or choose an engine to view only its associated transactions.

File Type Category

Use this filter to view transactions in which a file was either uploaded or downloaded. Choose Any to view all transactions with uploaded or downloaded files or choose a file subtype, such as Java Applet or Microsoft Excel, to view its associated transactions only.

File Type Super Category

Use this filter to view transactions in which a specific file type was either uploaded or downloaded. Choose Any to view all transactions with uploaded or downloaded files or choose a file type, such as archive or executable, to view its associated transactions only.

IM Activity

Use this filter to view transactions associated with instant messaging applications. When you select this filter, the dialog automatically adds the Cloud Application Class filter set to Instant Messaging. From the IM Activity filter, choose All to view all transactions associated with instant messaging applications, choose Receive Message or Send Message to narrow down the transactions to sent or received messages, or choose Receive File or Send File to narrow down the transactions to file transfers only.

Location

Use this filter to view transactions associated with a specific location. Choose All to view all transactions or choose a location from the list or type a location name in the Search field.

Protocol

Use this filter to view transactions associated with a specific type of traffic. Choose a traffic type from the list or type a traffic type in the Search field.

Received Bytes

Use this filter to view transactions based on the number of bytes a destination web server returned for an HTTP request. Choose a size range from the list or choose Custom to specify a different range.

Referrer Search

Use this filter to find transactions associated with a referrer URL, which is the URL from which an HTTP request originated. Enter all or part of the URL in the text field and choose Contains, Exact, Ends With or Starts With.

Request Type

Use this filter to view transactions associated with the web traffic of an HTTP request method. Choose GET to see transactions only for HTTP requests to retrieve data, or choose POST to see transactions only for HTTP requests to submit data to be processed. Post requests include email that was sent though webmail or posting on a social networking site or blog.

Sandbox

Use this filter to view file downloads based on the Sandbox result.

  • To view all download results, choose Any.
  • To view known malicious results, choose Sandbox Adware, Sandbox Anonymizer, or Sandbox Malware.
  • To view known non-malicious results, choose Sandbox Benign.
  • To view unknown results, choose Sent for Analysis.

Sandbox Action

Use this filter to view file downloads based on the Sandbox action. Choose Blocked, Quarantined, or Sent for Analysis.

Sandbox MD5

Use this filter to view file download transactions based on the file hash value (MD5). Enter all or part of the MD5 in the text field and choose ContainsStarts WithEnds With, and Exact Match.

Secure Browsing Class

Use this filter to view transactions associated with Applications, Browsers, or Plugins and Extensions.

Secure Browsing Status

Use this filter to limit the data to web traffic from all installed browsers, plug-ins and applications, or only from installed browsers, plug-ins and applications that the service considers vulnerable. Choose either Installed or Vulnerable. This filter is not available in Logs view.

Secure Browsing Type

Use this filter to view transactions associated with a specific type of browser or web applications. Choose a browser or application type from the list or type a browser or application type in the Search field.

Sent Bytes

Use this filter to view transactions based on the size, in bytes, of the HTTP request that was sent to the destination web server. Choose a range from the list or choose Custom to specify a different range.

Server IP

Use this filter to view transactions associated with a destination server. Specify an IP address, a range of IP addresses, or an IP address and netmask, as shown in the examples below the text field.

Social Networking Activity

Use this filter to view transactions associated with social networking sites. When you select this filter, the dialog automatically adds the Cloud Application Class filter set to Social Networking. From the Social Networking Activity filter, choose All to view all transactions associated with a social networking activity, choose View to see only transactions associated with viewing networking sites, or choose Publish to see only transactions associated with posting or uploading content.

SSL Decrypted?

Use this filter to view SSL transactions. Click Select to view decrypted SSL transactions only or clear the check box to view only SSL transactions that were not decrypted.

Streaming & File Sharing Activity

Use this filter to view transactions associated with streaming media and file sharing sites. When you select this filter, the dialog automatically adds the Cloud Application Class filter set to Streaming Media/File Share. From the Streaming & File Sharing Activity filter, choose All to view all transactions associated with streaming media and file sharing sites, choose Listen to view only transactions associated with downloading files, or choose Upload to view only transactions associated with uploading content.

Threat Category

Use this filter to view transactions associated with a specific threat category.Choose Advanced Threats, Sandbox, Viruses & Spyware, or use the Search function to find transactions associated with a specific threat. These threats are detected by Malware Protection.

Threat Class

Use this filter to view transactions associated with a specific threat class. Choose Viruses & Spyware, Advanced Threats, Sandbox, or use the Search function to find transactions associated with a specific threat.

Threat Super Category

Use this filter to view transactions associated with a specific threat super category. Choose Any to view all transactions or choose a threat super category to view its associated transactions.

Throttled request bytes

Use this filter to view transactions based on the total size of the throttled requests. Choose a range from the list or choose Custom to specify a different size range.

Throttled response bytes

Use this filter to view transactions based on the total size of the throttled response. Choose a range from the list of choose Custom to specify a different size range.

Total Bytes

Use this filter to view transactions based on the total size of the HTTP request and response. Choose a range from the list or choose Custom to specify a different size range.

URL Category

Use this filter to view transactions associated with a specific URL category. The default is All, which displays all transactions. Choose a URL category to view its associated transactions.

URL Class

Use this filter to limit the data to a specific URL super category. The default is All, which displays all transactions. Choose a URL category to view its associated transactions.

URL Search

Use this filter to find transactions associated with a specific URL.

  • Do one of the following:
    • Click URL and enter all or part of the URL.
    • For example: http://www.zscaler.com/products-user-security.php
    • Click Path and enter all or part of the path information.
    • For example: products-user-security.php
    • Click Host and enter all or part of the host name.
    • For example: www.zscaler.com
    • Click Domain and enter all or part of the domain name.
    • For example: facebook
  • Choose Contains, Exact, Ends With or Starts With.
  • Click Display Results or Export to CSV.

URL Super Category

Use this filter to view transactions associated with a specific URL super category. The default is All, which displays all transactions. Choose a URL super category to view its associated transactions.

User

Use this filter to view the transactions of a specific user. The default is All, which displays all transactions. Choose a user from the list or type a user name in the Search field.
If applicable, enable Exclude Location to limit the data to only users. By default, user-related traffic data includes locations and users.

User Agent

Use this filter to find transactions associated with the user-agent string that the browser included in its GET request. The user-agent string contains browser and system information that the destination server can use to provide appropriate content.
The service lists the commonly used user agents in the Known category. To find a user-agent string, click the Known tab and scroll or use the Search function to find the user-agent string in this category. If the user-agent string is not found, click Unknown and enter all or part of the user-agent string in the text field and choose ContainsExactEnds With, or Starts With. Example: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:18.0) Gecko/20100101 Firefox/18.0.

Web Action

Use this filter to view transactions according to the action taken by the service. The default is All, which displays all transactions. Choose Allow to view transactions that were allowed or choose Block to view transactions that were blocked. When viewing logs, you can also choose Allowed with caution to view allowed transactions in which a Caution notification was displayed, or choose Blocked with caution to view blocked transactions in which a Caution notification was displayed.

Webmail Activity

Use this filter to view transactions associated with webmail applications. When you select this filter, the dialog automatically adds the Cloud Application Class filter set to Web Mail. From the Webmail Activity filter, choose All to view all webmail transactions, choose Send to view transactions in which webmail was sent, choose Send Attachment to view webmail transactions that included attachments, or choose View to view transactions in which webmail was viewed.