Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Monitor CASB Logs

To access this page, click Monitor > Logs > CASB.

Juniper Secure Edge provides full-stack Security Service Edge (SSE) capabilities to protect web, Software as a service (SaaS), and on-premises applications and provide users with consistent and secure access that follows them wherever they go.

Cloud Access Security Broker (CASB) provides visibility into the security of your cloud applications. You can apply granular controls to ensure authorized access, threat prevention, and compliance to secure your data.

When associated with a Secure Edge policy, a CASB profile collects logs from its configured cloud applications. Use this page to view and monitor these action-based and activity-based application logs.

Use the time-range slider to quickly focus on the action or activity that you are most interested in. Once the time range is selected, all data presented in your view is refreshed automatically. You can also use the Custom button to set a custom time range.

Tasks You Can Perform

You can perform the following tasks from this page:

  • View a graphical representation of traffic logs for a specified time range in the Time Range widget.

  • The X-axis represents the defined time while the Y-axis represents the number of traffic logs.

  • Use the slider to decrease or increase the time range of the traffic logs. You can also select from predefined time ranges such as 5m, 10m, 20m, 30m, 1h, 2h, 4h, 8h, 16h, 24h, or Custom.

  • If you select Custom, you must specify the dates and time range in MM/DD/YYYY and HH:MM:SS 24-hour or AM/PM formats to display the traffic logs for a specific period.

  • View information related to traffic logs. See Table 1.

  • View similar traffic logs. To do this, select a traffic log and click Show exact match.

  • Group the traffic logs based on the options available in the Group by list.

    For example, you can group the traffic logs based on the destination country and the destination IP address.

  • View the complete details of logs. To do this, select the event row and then click More > Detail.

  • Filter on cell data. To do this, select an event row and then click More > Filter on cell data.

    The search filter string is displayed in the advanced search field. The data in the corresponding column is filtered based on the filter string. Click X to clear the advanced search field.

  • Exclude cell data. To do this, select an event row and then click More > Exclude cell data.

    The search filter string is displayed in the advanced search field. The data in the respective column is excluded based on the filter condition. Click X to clear the advanced search field.

  • Add filters. To do this:

    1. Click the filter icon and then select Show advanced filter.

      The Add Criteria window opens.

    2. Select the values for Field and Condition from the list.

    3. Enter the value for the selected field and conditions.

    4. Click Add.

    5. Click Save.

      The Save Filter page opens.

    6. Enter a filter name and description and then click OK.

      The filter is saved.

      Note:

      Click X to clear the saved filters.

  • Hide filters. To do this, click the filter icon and then select Hide advanced filter.

  • View or load all the default or saved filters. To do this:

    1. Click the filter icon and then select All Saved Filters.

      The View/Load Filters page opens.

    2. Select a saved filter and click OK to load the data based on filter conditions.

    3. Select a saved filter and click the delete icon on the upper-right corner of the page to delete it.

  • Show or hide the columns displayed on the page. To do this, click the three vertical dots on the upper-right corner of the page and then select Hide/Show Columns. Select the columns that you want to display in the grid.

  • Reset CASB profile monitoring preferences. To do this, click the three vertical dots on the upper-right corner of the page and then select Reset Preference.

Table 1 provides information related to action and activity based application logs.

Note:

The Action and Activity Logs tabs only display the CASB-related application log information.
Table 1: CASB Page—Action and Activity Logs Tabs

Fields

Description

Action

View the action taken for the event: permit and deny.

Activity

View the activity logging for the CASB profile: Login, Upload, Download, and Share.

Application

View the cloud application name associated with the traffic that triggered the event.

Application Instance

View the application instances of the event.

Authentication Status

View the authentication status of the user.

Authentication Method

View the authentication method used by the user.

Category

View the event category of the traffic log.

Client Hostname

View the client hostname that is associated with the traffic that triggered the event. For example, if a specific computer is infected, the name of that computer is displayed.

Description

View the description of the log.

Destination Country

View the destination country name from where the event occurred.

Destination IP

View the destination IP address of the event (IPv4 or IPv6).

Destination Port

View the destination port of the event.

Destination Zone

View the destination zone of the site.

Event Category

View the event category of the traffic log.

Event Name

View the event name of the traffic log.

Generated By

The device that generates the log.

Message

View the message received after the login authentication.

Name

View the name of the event.

Nested Application

View the name of the Layer 7 application.

Path Name

View the path name of the log.

Policy Name

View the policy name in the log.

Profile Name

View the name of the CASB profile that triggered the log.

Protocol ID

Protocol ID of the traffic that triggered the event.

Received Time

View the time when the traffic log was received.

Roles

View the role names associated with the event.

Rule Name

View the rule name.

Service Name

View the name of the Layer 4 service used for the traffic that triggered the event. For example, FTP, HTTP, SSH, and so on.

Session ID

View the Session ID mapped by site to an event.

Site

View the sites for which application visibility data is available.

Source Country

View the source country name from where the event originated.

Source IP

View the source IP address from where the event occurred (IPv4 or IPv6).

Source Port

View the source port of the event.

Source Zone

View the source zone of the site.

Tag

View if the application instance is untagged, sanctioned, or unsanctioned.

Time

View the time when the traffic log was generated.

Type

View if the cloud application access type is unclassified, work, or personal.

Username

View the username.

URL

View the accessed URL name that triggered the traffic log.