In this article
Use this page to navigate the CyberSight dashboard and understand where to view summarized activity versus detailed user behavior.
The CyberSight dashboard includes two primary views:
- Activity Overview, which highlights top activity trends across the Organization
- Activity Logs, which provide a detailed, time-stamped record of individual user behavior
Together, these views support quick pattern recognition as well as deep investigation into specific events.
CyberSight Organization filters
The top-most filters apply across the Overview and Logs tabs—no need to re-filter while toggling between the two views.
Filter by high level information:
- Organization: Toggle between client Organizations from the MSP dashboard. Standard Organizations and MSP clients cannot edit this field
- Roaming Client: The agent Hostname
- User: The User logged in for the activity period
- Date: The date of the activity. Filter back up to one year at maximum 90-day increments
- Time: Time stamps are presented in the local browser’s time zone. When filtered, the range of data is based on the Started At time
- Exclude Weekends: Date ranges that include weekends automatically display weekend data. Enable this toggle to exclude weekend activity.
Once filters are in place, select Apply to save the settings. ✍️ Note: The applied settings can be bookmarked and sent to other admins for quick reference via the dashboard URL.
Activity Overview
The Activity Overview tab provides a high-level summary of CyberSight activity across the Organization. This view is designed for trend analysis, prioritization, and quick assessment of where time and attention are concentrated.
Top activity widgets
The top activity widgets display the top activity for each data set across the Organization. These include:
- Websites
- Applications
- Categories, which is independent of policy settings, e.g. both blocked and allowed content
- Steaming
- Roaming Clients, both most active and least active
Dig into User details
Select View All to see all widget activity, which includes deeper detail into the total agents and users contributing to the activity.
Any User or View option within a widget is clickable to see a breakdown of the activity related to that data. From the detail grid, select the Actions icon to View Activity Logs for the related data.
Time-based metrics
All time values shown in the Activity Overview represent total cumulative time across all users. For example, if 1,000 users each spend one hour in the same application, the total displays as 1,000 hours.
These totals help identify:
- Which applications, categories, or activities have the greatest overall impact
- Where policy changes, investigations, or optimizations would affect the most users
When filtered to a single user, the values still represent that user’s total time for the selected period.
Active Time Trend chart
The Active Time Trend chart visualizes total activity over time.
- The purple area represents total activity across all users per day
- The accompanying label shows the average daily activity for the selected time range
- The time range is controlled by the global date filter in the toolbar, representing the same timeframe as the widgets
Filtering by specific applications or activity types is not available at this time from the Overview dashboard. Toggle to Activity Logs to examine data on a more granular level.
Intended use
The Activity Overview tab is best suited for:
- Identifying high-impact applications or activity patterns
- Understanding where most user time is spent
- Informing policy reviews, investigations, or stakeholder discussions
- Supporting reporting and executive-level summaries
For detailed, per-user or event-level analysis, use the Activity Logs tab.
Activity Logs
The Activity Logs tab provides a detailed, time-stamped record of individual user behavior. This view supports investigation, validation, and root-cause analysis by showing exactly what occurred on a device before, during, and after a security event.
Pair these logs with DNS data to correlate user behavior with network activity and security outcomes.
Column Filters
Use filters to narrow results to specific behaviors, applications, or timeframes.
Dig deeper by filtering columns:
- Activity type: Includes Website, Application, Idle, Streaming, and system events
- Application: Displays the application name when available
- Website: Displays the visited website when available
- Window title: Shows the browser tab name or application window title
- Categories: Displays website categories associated with policy filters
- Application path: Shows the exact file path of the application, helping validate trusted software locations and detect suspicious executables
Intended use
The Activity Logs tab is best suited for:
- Investigating security alerts
- Understanding the origin of risky or suspicious activity
- Validating whether activity was user-driven or automated
- Supporting compliance reviews and internal investigations
- Troubleshooting reported issues with precise behavioral context
Comments
0 comments
Please sign in to leave a comment.