EXALogo colour Help

SurfProtect Reporting tools

SurfProtect Reporting tools

These tools allow for you to get an overview of the web activity that your SurfProtect service has filtered.

Website Analytics

Website Analytics provides an overview of all web requests made within a queried time period, providing information about when it happened, who did it, what they did and what the filtering decision was.

This is broken down into a number of easier to digest sections:

Query Options

These options allow you to filter the Analytics results to a more limited set of results.

query options

The first three of these options are broad, quick filters which can be applied to the displayed results. By default, the ‘All’ filter is selected, which shows every request that has been filtered. Switching to the ‘Permit’ or ‘Reject’ filters shows only results which either have a Permitted or Rejected status.

The final option, the search icon, allows you to filter results in a much more granular way.

refine log search

This allows you to filter results down to specific time periods, internal or external ips, users, etc. The ‘All’, ‘Permit’ and ‘Reject’ options can be enabled, which will limit the results further to these specific statuses.

When these more advanced filters have been set, you can see them listed beneath the activity graph.

Activity Graph

This graph shows the rate of filtered requests over the queried time period. Requests are grouped into five-minute intervals so that the volume of traffic being generated over these time periods can be more easily visualised at high resolution.

The data in this graph shows permitted and rejected requests independently, however currently it is not possible to filter these results further and will not update to match the filters that are set.

activity graph

Activity Logs

The final section of this page is the Activity logs themselves, which show data about every filtered web request that has been handled by your SurfProtect service. These logs are split into four tabs of data:

activity log

Activities: This is the most granular set of logs, showing every request in the order it happened during the queried time period, limited to the query filters set by the user.

Unique activities: This is an alternative view of the Activities logs. In this view you can see all of the unique activities, how many times each has happened, when it first occurred and when it last occurred within the queried time period. Some information is not shown here, like usernames, as this view is focused on the number of occurrences rather than the specific logs.

Searches: This is a view of all the requests seen by the filtering where an identifiable search query was found, again limited to queried time period and query filters.

Unique searches: This is an alternative view of Search logs. In this view you can see all of the unique searches which were performed, how many times each has happened, when it first occurred and when it last occurred within the queried time period. Some information is not shown here, like usernames as this view is focused on the number of occurrences rather than the specific logs.

Real-time Alerts

SurfProtect Real-time Alerts is a monitoring system that looks for specific types of behaviour when users are web browsing. When a set of requests within a given timeframe are identified as something that should be reported upon, an incident is created with those requests as events within it.

The interface on the panel allows a user to view and manage these incidents as they are reported.


When viewing the SurfProtect panel, if the user has been granted access to view Real-time Alerts, a menu option under the Reporting area will be visible (as shown in the image). From this menu users are able to view and/or manage three different aspects of Real-time Alerts; Incidents, Contacts and History. If you are unable to see this menu this may be due to the following:

  • Your user credentials are not associated with the ownership of the SurfProtect service.
  • The user you are logged in with does not have sufficient access rights to view Real-time Alerts
  • Screenshot 2023 10 26 at 11.50.52

    Managing logins

    Due to the sensitive nature of the data available, specific access rights must be granted to access the panel. The ability to access Real-time Alerts can only be granted by an existing user of that account.

    For example, if a user needs to be able to view your Real-time Alerts then the Admin user can either grant an existing user access or create a new user with access.

    Once logged into the self administration panel, existing user logins for the account can be managed from the user menu in the top right hand corner.

    Screenshot 2023 10 26 at 11.51.03

    Selecting the ‘Manage logins’ menu option will navigate to show the list of all user logins for the account. This page then allows for the creating and updating of those users.

    Screenshot 2023 11 03 at 16.06.18

    To create a new user account, and grant Real-time Alerts access, simply click the plus button in the top right corner of the Login Management table. This will open the user creation dialogue, which takes the following values:

    Screenshot 2023 11 03 at 16.08.09

    Customer: The customer you would like to assign the new user to.

    Real time alert user: A toggle that allows the user to access real time alerts data for the account.

    Application Access: The applications the user is able to access. This will allow the user to access the full panel, or only the SurfProtect panel.

    Real name: The full real name of the user.

    Username: The chosen username for the user. This will be used to log into the application, and will be displayed on the panel after login.

    Password: Password for the new user, which must at least meet the medium strength requirements to be created.

    Comment: This section allows you to add additional comments. This is not required. 

    For existing users, toggling ‘Real time alert user’ on the Login Management table will prompt to either enable or disable the ability for the user to access Real-time Alerts data on the panel.

    Managing contacts

    This is the area where designated contacts for Real-time Alerts are setup and managed. A contact is defined as someone who should receive notifications about incidents (e.g. Safeguarding Officer/Lead). Each contact is made up of three parts:

    Screenshot 2023 10 26 at 11.52.03

    Contact information: First name and last name

    Contact method: Email is the only available contact method currently. In future alternative methods of contact may be developed

    Locations managed: Identification of all Locations the User is to receive alerts for

    Adding a contact who does not already have a user profile will only generate the alert emails and will not grant access to the Real-time Alert area within the panel.


    An incident is a one or more online activities (“events”) that are deemed to be potentially harmful. There are two types of incident, category and keyword. The number of events required to trigger an incident depends on the specific category or keyword.


    Attempts to directly visit a website with containing a specific type of category, as determined by SurfProtect’s content classification system.

    Screenshot 2023 10 26 at 12.17.30


    Attempts to search for restricted words or phrases from a given keyword list on websites like Google, Bing and Wikipedia.

    Screenshot 2023 10 26 at 12.17.43

    Incident overview

    This overview lists all incidents which have occurred within the SurfProtect service.

    At a glance, each incident row allows you to view

    1. When the incident began,
    2. The incident’s current state.
    3. The SurfProtect location associated with the incident.
    4. The name of the staff member assigned to the incident.
    5. The username of the individual who generated the incident.
    6. The category or keyword list associated with the incident.

    From here you can alter the state of an incident between Open, Assigned or Closed.

    Screenshot 2023 10 26 at 12.23.54

    Open: New, unassigned incident. In this state you have the option to assign the incident to a specific staff member.

    Assigned: Ongoing incident which is assigned to a staff member.

    Closed: An incident which has been deemed as complete.

    Select the eye icon , to view any incident in further detail

    Viewing a specific incident gives a more detailed view of the incident as a whole, broken up into three sections:

    Screenshot 2023 10 26 at 12.28.32

    Incident information: Gives you the same overview as was available on the incidents list; however in this view there is the option to reassign the incident to a different user and the unique identifier for the incident.

    Comments: Lists any comments that users have made on the incident itself. Each comment record shows a time stamp, the user who commented and the comment itself. Click the plus icon on the right of the comments title bar to add a new comment.

    Events: Shows every event that is linked to this incident. Each event is time stamped and provides the host that was visited. If the alert was raised due to a restricted keyword being searched then the search query and specific matched keyword will also be listed.

    Screenshot 2023 10 26 at 12.45.24


    This section details all actions performed by users within the Real-time Alerts section of your panel. A single history record shows:

    1. The time the action was actioned

    2. What action was performed

    3. Who performed the action

    Screenshot 2023 10 26 at 12.52.32

    Alongside this is any extra information that was recorded about the action, such as who an incident was assigned to. Click on the eye icon on the right of each row to view any history record in further detail.

    Screenshot 2023 10 26 at 12.55.44

    Suggested Next Read

    Related Help Articles

    The Exa Foundation

    Contact us


    Contact us

    Is DarkLight connectivity best suited to you?

    Dark fibre is perfect if you are looking for a potentially limitless, ultrafast connection with complete flexibility and control.

    If you fully rely on the internet, a dark fibre connection could be the best option for you.

    Is Leased Line connectivity best suited to you?

    Leased Lines are best suited to you if you have high bandwidth requirements and need a reliable, uncontended service.

    It is ideal for you if you regularly carry out large uploads and downloads, use cloud based services and a VoIP telephone system as well as video conferencing, for everyday communication.

    Is GPON connectivity best suited to you?

    GPON is a great choice for you if you need gigabit speeds but don’t need them to be symmetrical. It is becoming more widely available across the UK but may not be immediately available to you yet.

    Is Rural Fibre connectivity best suited to you?

    If you want to make the move to full fibre, but are based in a rural area, this option is for you.

    Is FTTP connectivity best suited to you?

    If you have a number of users who use cloud-based applications to upload and download data on a daily basis, but don’t transfer large amounts of data, FTTP might be your best option.

    Is Gfast connectivity best suited to you?

    If your line cannot support a minimum of 100Mbps, this connection is not for you. Gfast must meet the speed as a minimum. 

    If your line meets this need, and you’re looking for an ultrafast, consistent and reliable connection without the hassle and upheaval of construction work – this could be a good fit.

    It’s worth noting that Gfast is a stop gap to FTTP, and is not a technology that is likely to be around for a long time.

    Is FTTC connectivity best suited to you?

    If you need more bandwidth but don’t really need a guaranteed speed, FTTC could be for you. It is widely available throughout the UK, making it suitable as a main connection. As this connection provides higher speeds than ADSL, it is also a good option for a back up to a leased line.

    As with ADSL, once the PSTN is turned off in 2025/26, FTTC will become virtually obsolete and at the very least you will require FTTP to remain connected.



    Office hours

    Monday: 8:30am – 5pm
    Tuesday: 8:30am – 5pm
    Wednesday: 8:30am – 5pm
    Thursday: 8:30am – 5pm
    Friday: 8:30am – 5pm
    Saturday: Closed
    Sunday: Closed


    Contact us

    Office hours

    Monday: 8am – 4pm
    Tuesday: 8am – 4pm
    Wednesday: 8am – 4pm
    Thursday: 8am – 4pm
    Friday: 8am – 4pm
    Saturday: Closed
    Sunday: Closed


    Contact us

    Office hours

    Monday: 8am – 5pm
    Tuesday: 8am – 5pm
    Wednesday: 8am – 5pm
    Thursday: 8am – 5pm
    Friday: 8am – 5pm
    Saturday: Closed
    Sunday: Closed

    Is DSL connectivity best suited to you?

    DSL connections offer very limited bandwidth so it might be right for you if you typically use the internet for less data-intensive tasks. If you’re sending emails, browsing the web, downloading very small files and working with small amounts of data – you should be fine with DSL.

    It is worth noting connections based on copper wire, like DSL, will be switched off in the UK by Openreach, with a phased approach due to begin at the end of 2025. If you don’t have a fibre connection at the moment, you’ll need to upgrade this as well as move to a VoIP telephone system.

    Technical Support

    Contact us

    Office hours

    Monday: 8am – 6pm
    Tuesday: 8am – 6pm
    Wednesday: 8am – 6pm
    Thursday: 8am – 6pm
    Friday: 8am – 6pm
    Saturday: 10am – 4pm
    Sunday: 10am – 4pm