Manual Chapter : Monitoring APM User Data

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.3.0, 8.2.0, 8.1.0, 8.0.0, 7.1.0
Manual Chapter

Monitoring APM User Data

Managing a specific user in Access reporting

You can use the BIG-IQ Centralized Management Access reporting tools to view the user dashboard for data on a specific user.
  1. Click
    Monitoring
    DASHBOARDS
    Access
    User Summary
    .
    The User Summary screen displays, showing detailed information for specific users.
  2. Click on a User Name to display additional detail for that user.

User summary dashboard data

You can monitor your user base by viewing the BIG-IQ Centralized Management Access user dashboard for data on specific users. The system displays which users created the most sessions, were denied the most sessions, and had the longest total session duration. You may use the user summary dashboard to view and monitor per-session and per-request data for all end-users accessing the network through an Access Policy, or for a specific user. Use this dashboard to troubleshoot connectivity and security issues for a specific user accessing the network.
User Summary Dashboard: All Users
Dashboard
Functionality
TOP 10 USERS BY SESSION COUNT
Displays the the top 10 most frequent users and the number of sessions per user. Click on a user to open a new screen that displays the user summary for that specific user.
TOP 10 USERS BY DENIED SESSION COUNT
Displays the top 10 users who most frequently attempted to start a session but were denied by the BIG-IQ system.
TOP 10 USERS BY TOTAL SESSION DURATION
Displays the top 10 users with the longest total session time for the selected timeframe.
User Summary Dashboards: User-specific information
Chart
Functionality
Session Dashboard
Displays session information, including the overall number or sessions, the number of denied sessions, and the overall session duration for the timeframe selected.
Client Information Dashboard
Displays the number of unique devices that established a session, the number of unique geographical locations from where the devices logged in, and the number of unique application URLs.
Network Access Dashboard
Displays network access information, including the total number of network access sessions, the total bytes transferred, and the overall session duration.
Federation Dashboard
Displays the total number of SAML assertions and OAuth tokens.
SESSION COUNTS OVER TIME
Displays the total number of sessions over time for the selected timeframe for this user, separated by Allowed and Denied sessions.
SESSION DURATION OVER TIME
Displays the total duration of each session for this user over time for the selected timeframe, separated by Allowed and Denied sessions.
TOP 10 CLIENT IP'S
Lists the 10 most common IP addresses the client used to access the network during the given timeframe. Select any one of these IPs to drill down and learn more information.
LOGON DEVICE DISTRIBUTION
Lists the geographic distribution of each logon device.
SESSION TERMINATION REASONS
Displays the most common reasons for session termination for this user. Select a termination reason to learn more about a type of termination, such as associated access policies, logon devices, and more.
IDENTITY FAILURES
Displays the identity and Federation failures coming from Active Directory, LDAP, RADIUS, HTTP, SAML, and OIDC.
DEVICE POSTURE FAILURES
Displays the failures associated with device posture checks, including but not limited to antivirus, firewall, and HW encryption. Select a failure to learn more about that failure type.
DENIED SESSION REASONS
Lists the denied session reasons for this user and the number of denied sessions for each category. Select a reason to learn more about this type of denial.
DENIED RADIUS (MFA) FAILURES
Displays the list of RADIUS multi-factor authentication failures for this user. Click on a failure to learn more.
TOP 10 ACCESS PROFILES
Lists the top 10 access profiles for this user. Select an access profile to see more data associated with this user's activity on this access profile.
TOP 10 VIRTUAL SERVERS
Lists the top 10 virtual server IP addresses for this user and the number of times it has been used by this client during the selected timeframe. Select an IP address to learn more acount activity on a certain virtual server.
TOP 10 CLIENT PLATFORMS
Displays the top 10 operating systems this user is accessing the network from. Click a platform to drill down and learn more about user activity on this operating system.
TOP 10 ACCESS POLICY RESULTS
Lists the top 10 access polciies associated with this user's network access. Select an access policy to learn more about this user's activity associated with that policy or to determine which policy you may need to troubleshoot in the Configuration tab.
TOP 10 APPLICATIONS
Lists the top 10 applications the user has accessed on the network.
TOP 10 ENDPOINT SOFTWARE PRODUCTS
View the top 10 endpoint security products used by the client to access the network.
LOGON DISTRIBUTION BY LOCATION
View the geographic distribution of user logons from this map. Use this map to determine if a user may have logged on from different geographic locations during a single session.
Kill User Sessions
View the geographic distribution of user logons from this map. Use this map to determine if a user may have logged on from different geographic locations during a single session.