Users: Sandstorm Users

By default, a pie chart of the top five users who have had the most files referred to Sophos Sandstorm, plus all others, each shown as a percentage of the total number of files flagged as suspicious today since midnight. The data table shows the following:

  • Username: Full list of users with files referred to Sandstorm during the reporting period. If your web appliance is configured to access a single-domain Active Directory server, only the username of each user is displayed; if the web appliance is configured to access the global catalog of a multidomain Active Directory forest, users are displayed in the form "domain\username". Usernames for eDirectory are specified in the form user.context.
  • Originating IP: The originating IP of the user.
  • Clean: files that have been analyzed and that exhibit no malicious behavior.
  • Malicious: files that Sandstorm has determined are malicious.
  • Unsuccessful: files that could not be analyzed.
  • Excluded: files that were not sent for analysis due to policy settings.
  • Total: the total number of files that were flagged as suspicious.

Click on a username or IP address to view a Search > By User of all URLs blocked by the policy.

The available search parameters vary from one report to another. See “Modifying Reports” for a description of each parameter.