You can perform steps to monitor and analyze the traffic. Forcepoint ONE SSE Log Export REST API allows customers to query and pull cloud and access Logs. Alternatively, customers with Splunk or QRadar can instead utilize the Forcepoint ONE SSE Splunk app or the Forcepoint ONE SSE QRadar App for easy integration with the Forcepoint ONE SSE REST API to extract Forcepoint ONE SSE logs.
Admin can review various logs generated for user activities.
Describes about initial account configurations, such as creating and assigning administrator accounts and roles, and configuring portal access and timeout policies in Forcepoint ONE Security Service Edge.
You can configure user identity settings and synchronize user information from your directory in order to assign policies to users or groups.
Describes how to configure common components such as login policies, various notifications, custom notification files and so on.
Forcepoint ONE SSE supports SmartEdge Agent and Cloud SWG traffic steering methods. This chapter describes steps to deploy each of those so that traffic can be forwarded to Forcepoint ONE SSE.
DLP is a data loss prevention capability that allows for pattern matching (via regular expressions and keywords) against data as it is either being downloaded, uploaded, or scanned via API at rest.
Forcepoint ONE SSE's Agentless and Agent-based Zero Trust Network Access (ZTNA) provides an alternative to VPNs allowing admins to provide inline protection to internal apps without the need for VPN service to be running on the user's local machine.
This chapter describes how to setup various cloud applications in Forcepoint ONE SSE so that Admins can monitor the data at rest and data in motion.
Describes how to configure policies for your application in Forcepoint ONE SSE portal so that you can monitor the data at rest and data in motion.
Forcepoint ONE SSE Log Export REST API allows customers to query and pull Cloud and Access Logs.
Forcepoint ONE SSE provides a QRadar app within the QRadar hub for easily integrating with Forcepoint ONE SSE's REST API for pulling Forcepoint ONE SSE logs into QRadar.
Forcepoint ONE SSE provides a QRadar app within the QRadar hub for easily integrating with Forcepoint ONE SSE's REST API for pulling Forcepoint ONE SSE logs into QRadar. You will first need to create an Access Point in Forcepoint ONE SSE and then download the Forcepoint ONE App from the QRadar app hub before you install the extension into your QRadar setup. Once installed, you can then configure the setup to start pulling logs.
Forcepoint ONE SSE provides a Splunk app on Splunkbase for easily integrating with Forcepoint ONE SSE's REST API for pulling Forcepoint ONE SSE logs.
Forcepoint provides a Splunk app on Splunkbase for easily integrating with Forcepoint ONE SSE's AWS S3 data lake for pulling Forcepoint ONE SSE SWG Web raw logs for Allowed, Denied, Process via Cloud and Isolated actions.
Forcepoint ONE SSE enables you to generate Web debug logs, for the websites accessed by users with the SmartEdge agent and Cloud SWG, to enable more effective debugging.
The Proxy logs are where admins go to review all user activity (events/logs/etc) in all protected applications associated with inline access control and DLP policies.
The API logs page provides visibility into data at rest in cloud applications integrated via API.
The Web logs is where all the web browsing events generated from users using the SmartEdge agent and Cloud SWG while accessing websites are logged. Reports are generated every 5 minutes with new log data. Log data is kept for 30 days.
The SmartEdge agent and Cloud SWG support the ability to block possible data leakage attempts on uploads to any sites.
The ZTNA logs page is where all the agent based ZTNA events by the end-users are displayed.
The Health dashboard allows admins to identify if issues that users encounter are brought on by Forcepoint ONE SSE or the backend server (example: Google, Exchange, Salesforce, etc).
The Admin log page will display all admin activity within the Forcepoint ONE SSE.
The log Settings page allows administrators to set some of the setting on report generation and some log restrictions.
The Data Security page provides information on sensitive data and its exposure across different mediums.
The Threat page provides information on malware that is detected in motion or within cloud repositories.
Forcepoint ONE SSE's SmartEdge agent and Cloud SWG can also generate ShadowIT logs for web browsing.
Forcepoint ONE SSE's SmartEdge agent and Cloud SWG can also generate ShadowIT logs for enterprise applications.
Forcepoint ONE SSE supports various cloud applications so that Admins can monitor data which is in transit, in motion and at rest.