By filtering sign-in events in your network, you can view the results based on criteria such as risk level, location, and authentication type.

• You can search for these events with the parameters User or Admin.

• To search for events, enter Public IP in the designated field and select a date from the Date/Time filter.

• You can choose a Risk Level or leave it blank.

• Once you have entered the necessary information, click the Search button.

• Your search results display Event, Authentication, Risk Level, Location and Time data based on the information you provide.

• Authentication field shows the steps of authentication, and the result of the each step. Green text indicates that step is successful, red means that failed.
• You can download a report as a csv file on both tabs, User and Admin, by clicking on Export button at the top right of the screen as shown in the image above. Once you click on Export, you will see a pop-up screen where you can click Download to get your report as a csv file.

View Event Details

You can see the details of the each by clicking on the ellipsis icon at the end of the row:

• Click the ellipsis icon in the row containing user or administrator information, and select View.

• Scroll down to view the IP Intelligence section in the Event Details window.

• On this section, you can see IP Intelligence information related to the IP address of the device used for sign-in:

The IP Intelligence section is only visible when a sign-in policy with the Untrusted IP Behavior has been defined for the specific IP.

• Proxy: Shows if a proxy server is detected.

• VPN: Shows if a VPN server is detected.

• TOR: Shows if a TOR network node is detected.

• Fraud Score: Shows the fraud score (1-100).

• Abuse Velocity: Shows abuse velocity (high/medium/low).

• Recent Abuse: Shows if recent abuse detected.

• Bot Activity: Shows if bot activity detected.