Analytics and Reporting
Analytics Overview
GuardAxion provides comprehensive analytics to monitor security events, user behavior, and system performance.
Analytics Dashboards
Main Dashboard
Displays overview metrics:
- Total enrolled browsers
- Security events (24h)
- Top threats blocked
- Active users
- Policy violations
Advanced Analytics
Location: Analytics & Monitoring > Advanced Analytics
Features:
- Real-time event stream
- Security trends over time
- DLP violation analysis
- User behavior patterns
- Geographical distribution
Predictive Analytics
Location: Analytics & Monitoring > Predictive Analytics
AI-powered insights:
- Threat forecasting
- Anomaly detection
- Risk scoring
- Pattern recognition
- Trend predictions
Event Types
Security Events
- Block: Firewall blocked domain access
- DLP Violation: Data loss prevention trigger
- DLP Bypass: Excluded URL accessed
- Threat Detected: Malicious content identified
- Login Anomaly: Unusual login pattern
System Events
- Enrollment: New browser registered
- Policy Sync: Rules updated
- Configuration Change: Settings modified
- User Action: Administrative activity
Filtering and Searching
Filter Options
- Time Range: Last hour to 90 days
- Event Type: Specific event categories
- Severity: Critical, High, Medium, Low
- Service Class: Policy group
- User/Browser: Individual tracking
- Domain: Specific website
Search Capabilities
- Full-text search across events
- Regular expression support
- Combined filters
- Saved search queries
Custom Reports
Creating Reports
- Navigate to desired analytics view
- Apply filters for data needed
- Click Export or Generate Report
- Select format (CSV, PDF, JSON)
- Download or schedule delivery
Scheduled Reports
- Configure report parameters
- Set schedule (daily, weekly, monthly)
- Add email recipients
- Save scheduled report
Report Types
- Executive Summary: High-level metrics
- Security Incidents: Detailed event log
- Compliance: Audit trail for regulations
- User Activity: Individual behavior
- Trend Analysis: Historical patterns
Key Metrics to Monitor
Security Metrics
- Threats blocked per day
- DLP violations by severity
- Top blocked domains
- Failed login attempts
- Policy bypass attempts
User Metrics
- Active users count
- Login patterns
- Most visited sites
- Policy violation rate
- Browser enrollment status
System Metrics
- Policy sync success rate
- API response times
- Error rates
- Browser version distribution
Anomaly Detection
Automated Alerts
System automatically detects:
- Unusual login times
- Geographic anomalies
- Spike in violations
- New threat patterns
- Policy circumvention attempts
Configuring Alerts
- System Settings > Alerts
- Set thresholds for:
- Event volume
- Severity levels
- User behavior
- System health
- Configure notification methods
Using Analytics for Security
Threat Hunting
- Review anomaly detections
- Investigate unusual patterns
- Correlate multiple events
- Identify compromised accounts
- Block emerging threats
Compliance Reporting
- GDPR data access logs
- SOC 2 audit trails
- HIPAA activity monitoring
- PCI-DSS web filtering
Performance Optimization
- Identify policy bottlenecks
- Optimize rule priorities
- Reduce false positives
- Improve response times
Best Practices
- Review analytics daily
- Set up automated alerts
- Export logs for long-term storage
- Correlate with other security tools
- Use predictive analytics proactively
- Document incident responses
- Regular reporting to stakeholders
- Tune policies based on data
Troubleshooting
Missing Data
- Check time range selection
- Verify filters applied
- Ensure browsers are syncing
- Check service class assignment
Slow Performance
- Reduce time range
- Limit concurrent filters
- Export data for offline analysis
- Contact support for optimization