The Available Activities page allows you to drill into the details of all monitored activities in your Sanctioned cloud services used to determine anomalies. This page is available at Incidents > User Activity > Available Activities.
The Available Activities page displays the following information:
- Activity Name: The name of the activity that has been identified.
- Considered for Threats: The name of the threat or threats that the activity is being used to evaluate.
- Service: The sanctioned service where the activity is monitored.
- Source: If the activity is monitored over API integration or through the MVISION Cloud Secure proxy.
- Activity Count: The number of times the activity was detected over the past 24 hours and the past 7 days.
- Thresholds: The anomaly thresholds used to determine if the activity is anomalous. The current daily, weekly and monthly thresholds are displayed.
To improve performance, Available Activities data is cached for 5 minutes. So be aware that any update to Thresholds or the Activity Count, for example, will take 5 minutes to take effect.
Filter the Available Activities List
The available activities list can be filtered using the pull-down menus above the list. The list can be filtered by the following criteria:
- All Services
- All Sources
- All Activity Categories
KNOWN ISSUE: If you have multiple instances of a service configured, in the All Services menu, you will see those instances listed separately, depending on how you have named the instances. This list will differ from what is shown in the Available Activites from <Service> menu above.