Application Control

The Logging & Reporting > Web Protection > Application Control page contains comprehensive statistics about the most active sources, most frequently visited destinations, and the most popular applications given for various time ranges.

From the first drop-down list, select the type of data to display, e.g., Top Sources or Top Applications. Select the desired entry, and, if an additional box is displayed, specify the respective filter argument. Additionally, using the drop-down list below, you can filter the entries by time. Always click Update to apply the filters.

On the By Source and By Destination views you can manually provide an IP/Network, as well as network ranges (e.g., 192.168.1.0/24 or 10/8).

On the Top Sources view, if you click an IP or a hostname in the result table, it will automatically be used as a filter for the Top Applications by Source view. On the Top Applicationsand Top Application Categories views, if you click an application or application category in the result table, it will automatically be used as a filter for the Top Sources by Application or Top Sources by Application Category view.

By default, 20 entries per page are displayed. If there are more entries, you can jump forward and backward using the Forward and Backward icons, respectively. In the Number of rows drop-down list, you can increase the number of entries displayed per page.

You can sort all data by clicking the table column headers.

You can download the data in PDF or Excel format by clicking one of the corresponding icons in the top right corner of the tab. The report is generated from the current view you have selected. Additionally, by clicking the Pie Chart icon—if present—you can get a pie chart displayed above the table.

The most active sources do not appear immediately in the table, but only after a session timeout had occurred. This is the case if a certain client (username or IP address) has ceased to surf the web for five minutes. Sophos UTM determines this surfing session as "dead" and sends it to a database before it gets displayed on the most active sources list.