Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Activity history for Data Security Investigation displays information about activities performed in each area of your investigation. Activities associated with searches, investigation scopes, AI analysis, and mitigation activities are included in the Activity history.
Each time an activity is created or requested in a workflow area, specific activities are automatically started and logged in the Activity history. For example, if you search for data and select *Estimate scope in an investigation, Generate statistics and Generate sample activities are listed in the Activity history list for the investigation.
To view and manage activities, complete the following steps:
- Go to the Microsoft Purview portal and sign in using the credentials for a user account assigned Data Security Investigations (preview) permissions.
- Select the Data Security Investigations (preview) solution card and then select Investigations in the left nav.
- Select an investigation, then select the Activities tab.
Activity history dashboard
The Activity history dashboard lists all the activities for an investigation and contains the following information for each activity:
- Activity type: The type of activity.
- Status: The status of the activity.
- Export name: The name of the export. For nonexport activity types, this value is blank.
- Created: The date and time the activity was created.
- Completed: The date and time the activity was completed.
- Duration: The duration of the activity.
- Created by: The user that created the activity.
To customize the columns display for the Activity history, select Customize columns to choose the columns to display or drag and drop the columns in the list to reorder. To download the list of activities and the column information, select Download list to create a .csv file containing this information.
Grouping activities
When viewing a large list of activities for an area, it's often helpful to group activity. Select Group to group review sets by the following parameters:
- None: Activities are ungrouped in the Activity history.
- Activity type: Activities grouped by the Activity type values.
- Created by: Activities grouped by the Created by values.
Activity details
Select an activity listed in the Activity history for more information in the following areas:
- Overview tab: Lists a summary of information for the activity. Includes a calculation for the time remaining to completion for in-progress activities. Select Download report to combine all Overview information into a single .zip file.
- Settings tab: Summarizes the Statistics view setting options selected for the investigation.
Progress bar
When an activity is selected in the Activity history, a progress bar is displayed that shows details about the current state of the activity. For long-running activities, there are three phases:
- Assessment phase: In this phase, the progress is submitted and backend services assess the scope of the activity. This activity includes examining the input conditions based on data sources, query, and relevant activity settings. The service analyzes the scope of the work and identifies the number of locations and number of items for activities. During this phase, a completion estimate isn't available and a flashing progress bar is displayed. The progress bar displays the status of the assessment while the scope is calculated. When all locations and items are identified, the activity transitions to the next phase.
- In progress phase: In this phase, the progress bar displays the current status, number of locations, and number of items for the activity. An estimated completion and current elapsed time are displayed in hours, minutes, and seconds.
- Catch-up phase (optional): If there are locations or items with errors, activities are retried. The progress of any retries is displayed.
Download activity list
To download a .csv file of the activity items on the Activity history dashboard, select Download list on the dashboard command bar.
Activity types and descriptions
These activities are triggered by user actions when using and managing searches, investigation scopes, AI activities, and more.
| Activity type | Area | Description |
|---|---|---|
| Add to scope | Investigation scope | A user adds search results to an investigation scope. The items are copied to an Azure Storage location and then those items in the Azure Storage location are reindexed. This new index is used when querying and analyzing items in the data set. |
| Categorize | AI analysis | A user categorizes items in an investigation scope. |
| Examine | AI analysis | A user analyzes data in an investigation scope by running AI examination and recommendation tools, such as Credentials, Mitigation, Risks. |
| Generate sample | Search | After a user creates and runs a new search (or reruns an existing search), the search tool prepares a sample subset of items that match the search query for preview. Previewing search results help you determine the effectiveness of the search. |
| Generate scope | Search | After a user creates and runs or reruns a search, the search tool searches the index for items that match the search query and prepares a scope estimate that includes the number and total size of all items by the search, the number of data sources searched and other relevant pattern to the search hits like keywords, sensitive information types, and more. |
| Prepare data for AI | AI analysis | A user prepares selected items in an investigation scope for AI activities. |
Activity status
The following table describes the different status states for activities:
| Status | Description |
|---|---|
| Abandoned | The activity was automatically stopped. This stoppage might be due to excessive activities time or other reasons. |
| Canceled | The activity was canceled by the user. |
| Complete | The activity was successfully completed. |
| Failed | The activity encountered an error and failed to complete. This error might be caused by a wrongly formatted query. |
| In progress | The activity is in progress. You can also monitor the progress of the activity in the progress bar in the applicable area |