Data Insights & Reports
      Back to home
      1. Help Center
      2. Setup Guides
      3. Data Insights & Reports

      CyberSight™️ Walkthrough

      Unlocking the Power of CyberSight: A Comprehensive User Guide

      Welcome to the guide on enabling a powerful feature and accessing insightful reports with ease. In this walkthrough, we'll lead you through the steps to activate this feature and utilize its comprehensive reporting capabilities. By following these instructions, you'll harness the full potential of this tool to gain valuable insights into user behavior and enhance your organization's security posture. Whether you're configuring settings, accessing reports, or exploring user activity, you're on your way to making informed decisions and optimizing your cybersecurity efforts. Let's get started.

      Enabling CyberSight

      To enable CyberSight and access reports, follow these steps:

      Step 1. Select the Customer you want to enable CyberSight on and navigate to the "Endpoints" tab

      Step 2. Next, click the "Edit" button beside the Group(s) or Endpoint(s) you want to enable CyberSight for

      Screenshot 2023-03-29 at 2.53.17 PM

      Step 3. When you click the group edit button, a screen with various permissions appears. To enable CyberSight for the entire group, toggle the "Enable CyberSight" option, check the "Sync these permissions to everything in this group" box, and click "Save Group" to apply the permission to all endpoints within that group.

      Screenshot 2023-10-03 210919-2


      If you prefer to enable it on an individual endpoint or a few selected endpoints, you'll be presented with a screen like the one below.

      Screenshot 2023-10-03 211535-1


      Just like in Group settings, simply check the "Enable CyberSight" toggle for an individual endpoint, and then click "Save Endpoint" since there are no syncing permissions for singular endpoints.

      Step 4. Finally, verify that the setting is enabled by checking for a small clock icon under the permissions column, located next to the group(s) or endpoint(s) where you activated CyberSight. If you enabled it for a group containing multiple endpoints, you'll see the icon in both the Groups and Endpoints sections, next to the respective endpoints.

      Screenshot 2023-03-29 at 2.56.33 PM

      Activating the Browser Extension for Full URL Context

      Elevate the power of CyberSight with our Browser Extension, giving you a complete view of user activity through full URL context. To get started, explore our step-by-step guide here

      CyberSight Reports

      ***Note*** Please be aware that the provided reporting metrics/data are based on user interactions with actively used browser tabs and windows. This may result in a shorter timeline than expected, as CyberSight records only active actions. If no actions or streaming are detected within a 10-second interval, it will be marked as idle. Background tabs and windows will not be reflected in the reporting metrics/data.

      Customer Activity Overview

      The Customer Activity Overview offers a comprehensive snapshot of user behavior and technological patterns within a customer's organization. This tool provides valuable insights into how time is allocated across the business, offering a deep understanding of SaaS application usage, the detection of shadow IT, and the evaluation of active license utilization. It serves as a crucial resource for engaging in meaningful conversations with customers, enabling businesses to provide advice and optimize their operations. By gaining a clear picture of where time and resources are being invested, this feature greatly facilitates executive reporting and enhances the quality of Quarterly Business Reviews (QBRs).

      Accessing Customer Activity Overview
      1. Navigate to the CyberSight left menu and select Overview
      2. Select the relevant Customer and customize the date range according to your preferences. Additionally, you have the option to apply filters to specific Endpoints if you want to narrow your focus.
      3. An interactive dashboard will load in real time, allowing you to analyze the data.
      4. From the ellipsis menu, you can easily download the report in PDF format for your convenience.

      This report will also be available in the Report Library for scheduling at regular intervals or on-demand.

      report

      report2

      Endpoint Weekly Activity

      The Endpoint Weekly Activity view provides valuable insights into the top applications and URLs used each week on a specific endpoint, complete with time spent. You can interactively filter this weekly activity by day and conveniently download the report in PDF format. It helps you better understand your organization's security risks by examining user behavior. By detecting anomalies and resource variations, you can proactively strengthen your cybersecurity defenses, making your risk assessment more effective and enabling you to mitigate potential threats.

      Accessing Endpoint Weekly Activity
      1. Navigate to the CyberSight left menu and select Weekly Activity
      2. Select the relevant Customer and customize the date range according to your preferences. Additionally, you have the option to apply filters to specific Endpoints if you want to narrow your focus.
      3. An interactive dashboard will load in real time, allowing you to analyze the data.
      4. From the ellipsis menu, you can easily download the report in PDF format for your convenience.

      This report will also be available in the Report Library for scheduling at regular intervals or on-demand.
      report3

      Endpoint Activity Logs

      In the cybersecurity landscape, the ability to analyze user activity down to the second is a paramount tool for incident response. Our comprehensive report offers deep insights into user behavior, distinguishing between user-originated and process-originated activities, and providing a clear understanding of user and full URL context. In today's world, where insider threats are a pressing concern, swift detection and containment are critical for effective response. Our report equips you with the means to promptly rule out users based on their activities, significantly enhancing your incident response capabilities.

      Accessing Endpoint Activity Logs

      1. Choose the specific "Customer" you want to investigate.
      2. Navigate to the "Activity Logs" tab.
      3. Select the relevant "Endpoints" you wish to include in your analysis.
      4. Specify the "Date Range" you want to load.

      Screenshot 2023-10-03 213023

      Once you've completed these steps, the dashboard will load, presenting data in three distinct sections:

      • Timeline: This section provides a visual Gantt chart of events, enabling you to understand the chronological order of activities.
      Screenshot 2023-10-03 213350
      • Activity Summary: Here, you can break down events by hour and day, offering an insightful overview of activity patterns.
      • Events: This section presents raw data logs by the second, providing an in-depth view of user actions. Additionally, you have the option to export this data to CSV, allowing you to leverage it with EDR/XDR tools for advanced analysis and incident response.
      Screenshot 2023-03-29 at 3.04.10 PM

      ***Note:*** CyberSight is an Agent solution designed for various cybersecurity purposes, but it does not apply to Network Filtering. Please be aware that macOS and Safari are not supported by CyberSight at this time.