Transaction Viewer logs
This section lists the logs recorded in Transaction Viewer for the data collections available in Insights.
SSE
Admin
The Event logs will display all admin actions including logins, logouts, device profile matches, configuration/settings changes, etc.
You can access the Admin logs by navigating to (under SSE) as shown below.
Make sure to select Action and All Activities fields when viewing the Admin logs.
Clicking an event log line will take you to a details page providing further information about the event.
CASBAPI
You can access the CASBAPI logs by navigating to (under SSE) as shown below.
Make sure to choose "is equal to" Operator and "Alert" as Value under Action field when viewing the CASBAPI logs.
Clicking an event log line will take you to a details page providing further information about the event.
CASBInline
You can access the CASBInline logs by navigating to (under SSE) as shown below.
Make sure to choose "is equal to" Operator and "Alert" as Value under Action field when viewing the CASBAPI logs.
Clicking an event log line will take you to a details page providing further information about the event.
DLP
You can access the DLP logs by navigating to (under SSE) as shown below.
Make sure to select Alert and All Activities fields when viewing the DLP logs.
Clicking an event log line will take you to a details page providing further information about the event.
Health
The Health logs is a powerful support tool that can help customers pinpoint issues with their setup or within their cloud applications.
You can access the Health logs by navigating to (under SSE) as shown below.
Clicking an event log line will take you to a details page providing further information about the event.
Proxy
User activity data including events, logs, and other relevant records from all protected applications governed by inline access control and DLP policies is aggregated within the CASBInline and DLP collections.
You can access the Proxy logs by navigating to (under SSE) as shown below.
Clicking an event log line will take you to a details page providing further information about the event.
SWG
Captures all web browsing event logs generated by users using the SmartEdge Agent and Cloud SWG during website access.
You can access the SWG logs by navigating to (under SSE) as shown below.
Clicking an event log line will take you to a details page providing further information about the event.
SWGDLP
Captures logs of data related to DLP policies configured for SWG traffic.
You can access the SWGDLP logs by navigating to (under SSE) as shown below.
Clicking an event log line will take you to a details page providing further information about the event.
ZTNA
Captures logs of all agent-based (TCP) ZTNA events.
You can access the ZTNA logs by navigating to (under SSE) as shown below.
Clicking an event log line will take you to a details page providing further information about the event.
RBI
FileTransfer
You can access the FileTransfer logs by navigating to (under RBI) as shown below.
FileTransfer refers to the ability (or restriction) to download/upload files between the user's local device and the remotely hosted, isolated browser session.
Incidents
You can access the Incidents logs by navigating to (under RBI) as shown below.
Incidents Refer to any potentially malicious or policy-violating activities that occur within the isolated browser session. These incidents are crucial from a security monitoring and response perspective, as RBI serves as a protective layer between users and web-based threats.
SiteVisit
You can access the SiteVisit logs by navigating to (under RBI) as shown below.
Each site visit is logged for auditing and security incident analysis. Admins can view URL's accessed, Time of access, User identity,Threat Score, Client Type, Client Version, Action taken etc.
