Activity Tab

Overview

The Activity tab's purpose is to show a detailed view of all activities, across all sources, associated with a given identity over time in one view. Without having to jump across different tools and platforms to piece together bits of a user's activity, the Activity tab can save you time and is incredibly valuable when investigating a user.

The Activity tab is the second tab of the User 360. This article will describe the different information and functionality available on the Activity tab in detail.

Activity table elements

The Activity table contains all the detailed event information for a particular user. Above the column headers on the left, you can see the total number of events for the selected timeframe, and on the right, the last data collection timestamp for each source, if you hover over "Last data collection".

The section below details the fields that appear in the table by default, as well as the definition of each field:

Diving deeper into an event

To see more information on an event in the Activity table, click on any blank space in the row related to the specific event you'd like to dig into.

This will open a slide panel from the right side of the page, that has 2 tabs - Event Attributes and Raw data. The event attributes themselves and raw data will vary depending on the relevant information for the event/action you are looking at.

• Event attributes shows you more detailed information on the attributes related to the event

• Raw data shows you the raw data for a given event

To close the slide panel, click the X in the top right corner, or click anywhere outside of slide panel.

Activity Tab general actions

This section describes the high level actions you can perform on the Activity tab. Click through the tabs below to learn more about how to utilize each feature.

Timeline visualization

The Activity tab has a timeline widget which displays a given user's total number of events per day, color coded by result type (ie: success, failure, challenge, etc). Hovering over a segment of the bar will display a tooltip with the date, the result, and the count of events for that result. By default, the view is set for 30 days but this can be adjusted to see a wider or smaller window of time using the + and - buttons in the top right corner of the timeline widget.

To export this visualization, click on the 3 line button in the top right corner of the widget. Downloading as a SVG or PNG will export an image, whereas downloading as a CSV will export the raw data for you in CSV format.

If you would like to hide this widget to get more space for the Activity table, click the Graph icon button next to the timeframe filter. To get the widget back, click the Graph icon button again.

Filters

Like the Users table, the Activity table is filterable by multiple attributes, enabling you to slice and dice the activity based on the parameters that are important to you.

Basic filters

To access the basic filters, click on the filter button that is to the left of the search bar, above the Activity table. This will open a slide panel from the left side of the page with the available filters.

The filter categories available via the slide panel are Result and Event. You can enable a filter by clicking the check box for the attribute you would like to filter by. The applied filters will be added to the search bar. The number of events that you are currently viewing, based on any filters and searches used, will appear in the top left corner of the Activity table, above the column headers.

Like on the Users tab, you can also select all attributes or exclude an attribute. To select all values within a given filter, hover over a filter value and click All. To exclude a value from filtered results (ie: NOT), you can click on the 🚫 icon in either the filter box in the search bar or the left hand filter menu. To remove a filter, you can either deselect a filter attribute from the filters list on left hand side of the Activity table, or click the X on the right hand side of the filter box that is in the search bar. To remove all filters, click the X located next to the Advanced Filter button in the search bar.

After you have selected your filters, the filters are retained as you navigate between different tabs within the platform.

Filtering via event attributes

Another way to filter in the Activity table is by clicking on an event attribute in the table or in the slide panel, which will add it to the search bar as a filter. The elements that can be filtered on via the table elements are:

• Source

• Event

• Session ID (in Initiator column if present)

• Target application (in Target column if relevant)

• Result

• OS and Browser (only works on icons, not free text)

Additionally, if you open the slide panel and click on any of the attributes in the Event Attribute tab, the attribute will be added as a filter.

Pivot on IP address

The IP address in the table or in the slide panel has a few actions associated with it that can be useful to learn more about an IP address and the associated activity.

The actions menu will pop up when left-clicking on a specific IP address in the Activity table. The actions are:

• Find user activity - Adds the selected IP address as a filter on the given user's Activity tab so you can see all the user's activity associated with this particular IP address

• See IP info - Add the selected IP address as a filter on the given user's Networks tab and opens the slide panel so you can see more detailed information about that IP address

• Copy to clipboard - Copies the IP address to your clipboard so that you can paste it within Identity Intelligence or another tool