New to Central

Question

Hi, 
 I am new to Sophos Central. I've been given an existing deployment to own. We are running Intercept-X on a bunch of windows workstations and the SAV on some LInux servers. 
 In the SC dash>Endpoint Protection>Web Stats section, I see a bunch of things under "Web Threats Blocked", "Policy Violations Blocked" etc. 
 I drill down on Web Threats Blocked and it gives me a summary list of a user, computer, # of visits and "High Risk". 
 How do I drill down on what those visits were, when they were etc? All I'm seeing is a summary from an unknown time period. 
 If I go to the Events Report, I can tune the 'type' and try narrow down a data range but then all I get is a display of only 6 events and a notice saying there's >100000 events. I try download the events as CSV for offline manipulation. Downloading the current view gives me that same 6 in a CSV (which is useless). The only other option is to download 'the past 90 days' which just times out with "this page isnt working". 
 cheers 
 iain

Barb@Sophos · Answer

Hi IainH, 
 Regarding reports and timeouts, please take a look at this article for information/steps: Sophos Central Admin: Exporting events limits within Central Admin 
 To view the reports, try this please: Go to Logs & Reports ---> Events --> un-check everything but Web Control (for example) At the top, select the desired time frame within the past 90 days Hit Update If there are still too many results, you will want to narrow down the time frames (as covered in the article). 
 Regarding the details, from the events report you will see date, severity and other info (including any urls) : SEV DATE EVENT USER DEVICE 
 Please let me know if this helps. 
 Regards,