SSL Terminated Logs
This section allows you to enable Activity Monitoring for Shadow Services (using SSL Terminated Logs).
PREREQUISITE: You must set up SSL termination on your firewall/proxy before you can leverage this feature.
Skyhigh CASB allows customers to monitor activities on several shadow services. Skyhigh CASB tracks over 21,000 activity signatures of shadow services. So, when customers access shadow cloud services, Skyhigh CASB is able to provide administrators with a log of the activities performed on these services.
The activity signatures tracked by Skyhigh CASB can be mapped to 14 canonical activity categories. Customers can also add their own activity categories based on their requirements.
Canonical activity categories include:
- Data Access
- Data Delete
- Data Download
- Data Sharing
- Data Updates
- Data Upload
- External Data Sharing
- Login Failure
- Login Success
- Report Execution
- Service Usage
- User Account Creation
- User Account Deletion
After the feature is enabled, it may take up to 36 hours before activity becomes available on the Activity Monitoring page.
Examples of some supported CSPs include:
- Dropbox for Business
- Google Drive
- Service Now - Beta
- Atlassian Jira - Beta
- Github - Beta
- Jive Hosted - Beta
Enable Activity Settings for SSL Terminated Logs
To enable activity settings for SSL terminated logs:
- Go to Incidents > User Activity > Activity Settings.
- For SSL Terminated Logs, click ON.
It may take up to 36 hours before data becomes available in Incidents > User Activity > Activity Monitoring. Once it does, you can switch between services on the Activity Monitoring page by using the drop-down menu in the Activity from <Service> title.
To see available activities, go to Incidents > User Activity > Available Activities, and from the All Sources menu, select Proxy/SSL Logs.
API & Proxy
Create an API connection or set up the Skyhigh CASB proxy to monitor activity on services supported by Skyhigh Security.
Click Setup to go to the Settings > Service Management page.