Dashboard

The Dashboard tab provides a quick overview of Web Appliance activity and status in several panels: Select View, Summary Statistics Today; URL Test; Virus Updates; Web Traffic; Blocked Sites, Viruses and Malware; and Traffic Patterns.

The Select View section of this page is only available on a Management Appliance. When All appliances is selected in the Select View section, the numbers displayed are totals or averages of all managed Web Appliances. Also, the links to reports in the Blocked Sites, Viruses and Malware panel are not available on joined Web Appliances.

Select View

This panel allows you to select from which appliances the Dashboard draws its information. You can select any joined Web Appliance, or you can select All appliances.

Note
When viewing the information for All appliances, the time period covered is based on the Management Appliance's time zone. When viewing the information for a specific Web Appliance, the time period covered is based on the viewed appliance's time zone.

Summary Statistics Today

The Summary Statistics Today panel displays the following information:

  • Unique users (since 12AM): The total number of users that have used the Web Appliance's services since midnight.
  • Concurrent users: The number of concurrent users in the last minute.
  • Concurrent users peak: The peak number of concurrent users during the busiest minute today.
  • Connected endpoints: The total number of active Sophos Endpoint Security and Control users whose web activity is currently filtered by an appliance-based policy. You must use Sophos Enterprise Console together with an appliance to deploy web filtering by way of Endpoint Security and Control. Click to view details of any connected endpoints. If you are not filtering at the endpoints, the number shown is always zero.
  • Page latency: The average time in milliseconds per page that was added to page loads by the Web Appliance in the last minute.
  • Page latency peak: The peak time in milliseconds that has been added to page loads by the Web Appliance during the busiest minute today. This peak value may be due to a large or complex download and should not be interpreted as average page latency, which is shown in the preceding Page latency value.
  • Bytes downloaded: The total number of bytes (expressed in kB, MB, or GB) of content downloaded through the Web Appliance today since midnight. This is a comprehensive measure of the bytes downloaded.
Note
If the domain name or the time zone of the Web Appliance is changed, the count for the number of Concurrent Users is set to zero, potentially causing an inaccurately low number to be displayed for the rest of the day on which the change was made.

The lower part of the Summary Statistics Today panel displays the following information:

  • Bandwidth consumption: The bandwidth usage today, both in terms of bytes (expressed in KB, MB, or GB) and as a percentage of today's total bandwidth use for:
    • Page views: The bandwidth consumed by loading all pages that show HTML content, including graphics, style sheets, and JavaScript.
    • Downloads: The bandwidth consumed by loading all other (non-HTML page) content.
  • Download requests: The file download requests today, both in terms of the number of requests and as a percentage of the total for:
    • Allowed (download requests)
    • Denied (download requests)
  • Page requests: The web page view requests today, both in terms of the number of requests and as a percentage of the total for:
    • Allowed (web page requests)
    • Denied (web page requests)
  • Throughput: The number of kilobits or megabits per second of data passed to users throughout the current day (in white), and the same information over the preceding day (in red).

Test URL/Submit to Sandstorm

To test the category and security risk of a URL, click the Test URL tab, type a URL or IP address, and click Test.

To send a file to Sandstorm for analysis, click the Submit to Sandstorm tab, select a file or type the URL of a file, and click Submit. To view the progress of the test, click Search and go to Sandstorm > Sandbox Activity.

Note
This option is available only to licensed users of Sophos Sandstorm.

Advanced Threat Protection

Information on the number of machines on your network that are potentially infected. If no threats have been detected for a given time interval, a green checkmark will be displayed. If any potentially infected machines have been detected, a red circle with an X will be displayed. Click the infected hosts count to show the Advanced Threat Protection report with details for the indicated time interval.

Web Traffic

The Web Traffic panel displays two gauges:

  • Throughput (kbps/Mbps): The total kilobits or megabits per second of data passed to users.
  • Added latency (ms): The time in milliseconds that is added to page loads by the Web Appliance.

Blocked Web Traffic

The Blocked Web Traffic panel displays the following information:
  • Viruses: The total number of viruses blocked. Click to view the full Users: Virus Downloaders report.
  • PUAs: The total number of PUAs blocked. Click to view the full Users: PUA Downloaders report.
  • High risk sites: The number of blocked URL requests for high-risk sites. Click to view the full Users: High Risk Site Visitors report.
  • Policy violations: The total number of policy violations. Click to view the full Users: Policy Violators report.
  • App Control Violations: The total number of web application violations. Click to view the full Users: Top Web Application Users report.
Note
These are not available on a joined Web Appliance. All numbers reset at midnight.

Sophos Sandstorm

Sophos Sandstorm is a cloud-based service that provides enhanced protection against new and targeted attacks. You can configure the appliance to send suspicious files to Sandstorm for analysis or submit suspicious files on an individual basis. Sandstorm detonates the file to check for malware and sends the results to you. Because the analysis takes place in the cloud, your system is never exposed to potential threats.

The Sophos Sandstorm panel displays the following information:

  • Suspicious Downloads: The total number of downloads that have been flagged as suspicious. Depending on how you have configured Sandstorm, some of these may not be sent to the Sophos Active Sandbox for analysis.
  • Sent for Analysis: The total number of downloaded items sent to the Sophos Active Sandbox today.
  • Awaiting result: The number of downloaded items that were sent to the Sophos Active Sandbox, and that are currently waiting to be analyzed.
  • Malicious: The total number of suspicious items users attempted to download that exhibited unwanted or risky behavior when executed.
  • Clean: The total number of suspicious items users downloaded that did not pose a threat.
  • Average Analysis Time: The average amount of time it takes to process an item submitted for analysis.
    Note
    If you have a trial license, this will display the number of days left in your trial.
  • Malicious/Suspicious gauge: displays information about the number of downloaded items that were categorized as malicious (red), and the total number of items flagged as suspicious (blue) during the last seven days.
Note
This information is available only to licensed users of Sophos Sandstorm.