Skip to main content

Welcome to Skyhigh Security!

Skyhigh Security

Activity Settings

SSL Terminated Logs

This section allows you to enable Activity Monitoring for Shadow Services (using SSL Terminated Logs).

PREREQUISITE: You must set up SSL termination on your firewall/proxy before you can leverage this feature.

Skyhigh CASB allows customers to monitor activities on several shadow services. Skyhigh CASB tracks over 21,000 activity signatures of shadow services. So, when customers access shadow cloud services, Skyhigh CASB is able to provide administrators with a log of the activities performed on these services.

The activity signatures tracked by Skyhigh CASB can be mapped to 14 canonical activity categories. Customers can also add their own activity categories based on their requirements. 

Canonical activity categories include: 

  • Administration
  • Data Access
  • Data Delete
  • Data Download
  • Data Sharing
  • Data Updates
  • Data Upload
  • External Data Sharing
  • Login Failure
  • Login Success
  • Report Execution
  • Service Usage
  • User Account Creation
  • User Account Deletion

After the feature is enabled, it may take up to 36 hours before activity becomes available on the Activity Monitoring page.

Examples of some supported CSPs include: 

  • Salesforce
  • Box
  • Office365
  • Dropbox for Business
  • Slack
  • Google Drive
  • Service Now - Beta
  • Atlassian Jira - Beta
  • Github - Beta
  • Jive Hosted - Beta

Enable Activity Settings for SSL Terminated Logs

To enable activity settings for SSL terminated logs:

  1. Go to Incidents > User Activity > Activity Settings.
  2. For SSL Terminated Logs, click ON.
    ssl_logs_on.png

Activity Monitoring

It may take up to 36 hours before data becomes available in Incidents > User Activity > Activity Monitoring. Once it does, you can switch between services on the Activity Monitoring page by using the drop-down menu in the Activity from <Service> title. 

ssl_logs_activity_list.png

Available Activities

To see available activities, go to Incident> User Activity > Available Activities, and from the All Sources menu, select Proxy/SSL Logs

API & Proxy

Create an API connection or set up the Skyhigh CASB proxy to monitor activity on services supported by Skyhigh Security.

Click Setup to go to the Settings > Service Management page. 

 

  • Was this article helpful?