Transaction Viewer logs

This section lists the logs recorded in Transaction Viewer for the data collections available in Insights.

SSE

Admin

The Event logs will display all admin actions including logins, logouts, device profile matches, configuration/settings changes, etc.

You can access the Admin logs by navigating to Transaction Viewer > Data Collections > Admin (under SSE) as shown below.

Make sure to select Action and All Activities fields when viewing the Admin logs.

Clicking an event log line will take you to a details page providing further information about the event.

CASBAPI

You can access the CASBAPI logs by navigating to Transaction Viewer > Data Collections > CASBAPI (under SSE) as shown below.

Make sure to choose "is equal to" Operator and "Alert" as Value under Action field when viewing the CASBAPI logs.

Clicking an event log line will take you to a details page providing further information about the event.

CASBInline

You can access the CASBInline logs by navigating to Transaction Viewer > Data Collections > CASBInline (under SSE) as shown below.

Make sure to choose "is equal to" Operator and "Alert" as Value under Action field when viewing the CASBAPI logs.

Clicking an event log line will take you to a details page providing further information about the event.

DLP

You can access the DLP logs by navigating to Transaction Viewer > Data Collections > DLP (under SSE) as shown below.

Make sure to select Alert and All Activities fields when viewing the DLP logs.

Clicking an event log line will take you to a details page providing further information about the event.

Health

The Health logs is a powerful support tool that can help customers pinpoint issues with their setup or within their cloud applications.

You can access the Health logs by navigating to Transaction Viewer > Data Collections > Health (under SSE) as shown below.

Clicking an event log line will take you to a details page providing further information about the event.

Proxy

User activity data including events, logs, and other relevant records from all protected applications governed by inline access control and DLP policies is aggregated within the CASBInline and DLP collections.

You can access the Proxy logs by navigating to Transaction Viewer > Data Collections > Proxy (under SSE) as shown below.

Clicking an event log line will take you to a details page providing further information about the event.

SWG

Captures all web browsing event logs generated by users using the SmartEdge Agent and Cloud SWG during website access.

You can access the SWG logs by navigating to Transaction Viewer > Data Collections > SWG (under SSE) as shown below.

Clicking an event log line will take you to a details page providing further information about the event.

Note: If logs for the expected time range are missing, verify that the system time on the machine is correct. Maintaining accurate system time is essential for proper log generation and display.

SWGDLP

Captures logs of data related to DLP policies configured for SWG traffic.

You can access the SWGDLP logs by navigating to Transaction Viewer > Data Collections > SWGDLP (under SSE) as shown below.

Clicking an event log line will take you to a details page providing further information about the event.

Note: If logs for the expected time range are missing, verify that the system time on the machine is correct. Maintaining accurate system time is essential for proper log generation and display.

ZTNA

Captures logs of all agent-based (TCP) ZTNA events.

You can access the ZTNA logs by navigating to Transaction Viewer > Data Collections > ZTNA (under SSE) as shown below.

Clicking an event log line will take you to a details page providing further information about the event.

RBI

FileTransfer

You can access the FileTransfer logs by navigating to Transaction Viewer > Data Collections > FileTransfer (under RBI) as shown below.

FileTransfer refers to the ability (or restriction) to download/upload files between the user's local device and the remotely hosted, isolated browser session.

Incidents

You can access the Incidents logs by navigating to Transaction Viewer > Data Collections > Incidents (under RBI) as shown below.

Incidents Refer to any potentially malicious or policy-violating activities that occur within the isolated browser session. These incidents are crucial from a security monitoring and response perspective, as RBI serves as a protective layer between users and web-based threats.

SiteVisit

You can access the SiteVisit logs by navigating to Transaction Viewer > Data Collections > SiteVisit (under RBI) as shown below.

Each site visit is logged for auditing and security incident analysis. Admins can view URL's accessed, Time of access, User identity,Threat Score, Client Type, Client Version, Action taken etc.