Manual Chapter :
Monitoring APM User Data
Applies To:
Show VersionsBIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0, 8.0.0, 7.1.0
Monitoring APM User Data
Managing a specific user in Access reporting
You can use the BIG-IQ Centralized Management Access reporting tools to view the user
dashboard for data on a specific user.
- Click.The User Summary screen displays, showing detailed information for specific users.
- Click on a User Name to display additional detail for that user.
User summary dashboard data
You can monitor your user base by viewing the BIG-IQ
Centralized Management Access user dashboard for data on specific users. The system displays
which users created the most sessions, were denied the most sessions, and had the longest
total session duration. You may use the user summary dashboard to view and monitor per-session
and per-request data for all end-users accessing the network through an Access Policy, or for
a specific user. Use this dashboard to troubleshoot connectivity and security issues for a
specific user accessing the network.
Dashboard |
Functionality |
---|---|
TOP 10 USERS BY SESSION COUNT |
Displays the the top 10 most frequent users and the
number of sessions per user. Click on a user to open a new screen that displays
the user summary for that specific user. |
TOP 10 USERS BY DENIED SESSION COUNT |
Displays the top 10 users who most frequently
attempted to start a session but were denied by the BIG-IQ system. |
TOP 10 USERS BY TOTAL SESSION DURATION |
Displays the top 10 users with the longest total
session time for the selected timeframe. |
Chart |
Functionality |
---|---|
Session Dashboard |
Displays session information, including the overall
number or sessions, the number of denied sessions, and the overall session
duration for the timeframe selected. |
Client Information Dashboard |
Displays the number of unique devices that
established a session, the number of unique geographical locations from where
the devices logged in, and the number of unique application URLs. |
Network Access Dashboard |
Displays network access information, including the
total number of network access sessions, the total bytes transferred, and the
overall session duration. |
Federation Dashboard |
Displays the total number of SAML assertions and
OAuth tokens. |
SESSION COUNTS OVER TIME |
Displays the total number of sessions over time for
the selected timeframe for this user, separated by Allowed and Denied
sessions. |
SESSION DURATION OVER TIME |
Displays the total duration of each session for this
user over time for the selected timeframe, separated by Allowed and Denied
sessions. |
TOP 10 CLIENT IP'S |
Lists the 10 most common IP addresses the client
used to access the network during the given timeframe. Select any one of these
IPs to drill down and learn more information. |
LOGON DEVICE DISTRIBUTION |
Lists the geographic distribution of each logon
device. |
SESSION TERMINATION REASONS |
Displays the most common reasons for session
termination for this user. Select a termination reason to learn more about a
type of termination, such as associated access policies, logon devices, and
more. |
IDENTITY FAILURES |
Displays the identity and Federation failures coming
from Active Directory, LDAP, RADIUS, HTTP, SAML, and OIDC. |
DEVICE POSTURE FAILURES |
Displays the failures associated with device posture
checks, including but not limited to antivirus, firewall, and HW encryption.
Select a failure to learn more about that failure type. |
DENIED SESSION REASONS |
Lists the denied session reasons for this user and
the number of denied sessions for each category. Select a reason to learn more
about this type of denial. |
DENIED RADIUS (MFA) FAILURES |
Displays the list of RADIUS multi-factor
authentication failures for this user. Click on a failure to learn
more. |
TOP 10 ACCESS PROFILES |
Lists the top 10 access profiles for this user.
Select an access profile to see more data associated with this user's activity
on this access profile. |
TOP 10 VIRTUAL SERVERS |
Lists the top 10 virtual server IP addresses for
this user and the number of times it has been used by this client during the
selected timeframe. Select an IP address to learn more acount activity on a
certain virtual server. |
TOP 10 CLIENT PLATFORMS |
Displays the top 10 operating systems this user is
accessing the network from. Click a platform to drill down and learn more about
user activity on this operating system. |
TOP 10 ACCESS POLICY RESULTS |
Lists the top 10 access polciies associated with
this user's network access. Select an access policy to learn more about this
user's activity associated with that policy or to determine which policy you
may need to troubleshoot in the Configuration tab. |
TOP 10 APPLICATIONS |
Lists the top 10 applications the user has accessed
on the network. |
TOP 10 ENDPOINT SOFTWARE PRODUCTS |
View the top 10 endpoint security products used by
the client to access the network. |
LOGON DISTRIBUTION BY LOCATION |
View the geographic distribution of user logons from
this map. Use this map to determine if a user may have logged on from different
geographic locations during a single session. |
Kill User Sessions |
View the geographic distribution of user logons from
this map. Use this map to determine if a user may have logged on from different
geographic locations during a single session. |