Understand Trial Adoption and Security Metrics
Note | This page is duplicated and presented in two different sections—Manage Trials and Understand Metrics—to make it easier for you to navigate and find relevant information. |
When you start a trial, it is important to monitor its usage by your customer. Adoption and security metrics let you review the activity being generated by your customer's use of Cisco Secure products and the protection the products provide.
Security metrics are designed to give you a sense of the overall protection being provided for each of your trials, information that you can use to prove to customers that the Cisco Secure product delivers on what it promises. You can also use these reports to monitor the health of each trial, letting you determine when or if you might need to help a customer better utilize their trial. For example, you might contact a customer to help them better utilize their trial after noticing they have not been sending traffic on their Umbrella trial or deployed any Secure Endpoint connectors.
Access Adoption and Security Metrics
To access trial adoption and security metrics, go to the Trials tab. Above the trial list, you'll find two tabs: Adoption metrics and Security metrics.
Umbrella
Umbrella’s adoption and security metrics populate dynamically as changes are made.
On the Trials page, as well as in a specific trial record, trial's health category is displayed. This metric which indicates trial use by the customer. You can update the heath category by selecting the Generate button or a corresponding icon left to the category.
Health categories for Umbrella trials:
-
– or N/A: Customer has not logged into their Umbrella dashboard.
-
Low: Customer has logged into their Umbrella dashboard but has not created an identity.
-
Medium: Customer has logged into their Umbrella dashboard, has created an identity, but has not yet sent traffic.
-
High: Customer has logged into their Umbrella dashboard, has created an identity, and has sent traffic.
Once a trial is up and running and sending traffic—indicated by a Trial Strength of High—you can make a request to have Umbrella generate a unique Security report for the trial. Umbrella's Security report lets you see in detail how Umbrella is protecting your customer's trial. For more information, see the Umbrella Security Report and our solutions brief.
Prerequisites for Umbrella Security Report
-
Umbrella trial dashboard should be sending traffic, indicated by a Trial Strength of High.
-
You should have access to the trial Umbrella dashboard.
Note | Once a request to generate a security report is received by Cisco, it takes approximately one day to generate it and then send it off. |
Secure Endpoint
Secure Endpoint adoption and security metrics are available in Cisco Secure Trials Console (STC) within up to 3 days of configuration.
Health categories for Secure Endpoint trials:
-
Fresh: New; <7 days old
-
At Risk: >7 days old, has not deployed connectors
-
Stale: >7 days old, deployed connectors, has not logged in within the last 7 days
-
Growing: Deployed connectors, logged in within the last 7 days, <50% features adopted
-
Ripe: Deployed connectors, logged in within the last 7 days, >50% features adopted
Extended Detection and Response (XDR)
Health categories for XDR trials:
-
Fresh: New trials, less than 7 days old.
-
At Risk: Trials older than 7 days with no deployed customers.
-
Stale: Trials where the user started but has not logged in within the last 7 days.
-
Growing: Trials with deployed customers actively engaging with incidents (e.g., the product blocked threats).
-
Ripe: Trials with deployed customers actively engaging with incidents (e.g., the product blocked threats) and using automated workflows (ACCESSED_AUTOMATE).
Secure Access
Health categories for Secure Access trials:
-
Fresh: Activated within the last 7 days.
-
At Risk: Activated more than 7 days ago but not sending traffic.
-
Stale: Inactive, with either no traffic or at least one non-Cisco admin user inactive in the last 7 days.
-
Growing: Provisioned but not fully adopted. Includes an organization ID, at least one non-Cisco system admin, and active traffic flow.
-
Ripe: Fully adopted. Includes active non-Cisco users, provisioned resources, custom configurations, recent firewall activity, and significant traffic within the last 7 days.