Data Collections

Data Collections are the data sources available in Insights.

You can select a data collection name to view the log record details in the Transaction Viewer page.

Predefined Views

Admins can access predefined views in the Transaction Viewer for CASB Inline, SWG, and CASB API logs. Also, provide consistent and familiar experience while leveraging the performance and usability of the new platform.

  • Health API:

    Logs of any CASBAPI related errors received from the cloud application are collected under the Health API predefined view.

  • Web Access:

    Web Access is predefined view for SWG collection. All web browsing event logs generated by users using the SmartEdge Agent and Cloud SWG while accessing websites

  • Health System:

    Captures errors during user provisioning via API, including failures in creation, updates, deletions, or data retrieval via API are collected under the Health System predefined view.

SSE

Available Data Collections for SSE:

  • Admin:

    This set of data applies to events where Forcepoint SSE suspects an unauthorized attempt to use an account. Example events include a series of failed login attempts on a specific user’s account, or a user attempting to login from diverse geographic locations within a short time window.

  • CASBAPI:

    This set of data applies to actions/activity taking place with data-at-rest via DLP scans (actions such as quarantine, or API policy matches).

  • CASBInline:

    This set of data includes suspicious activities involving sensitive data. For example, if a user sends an email containing matched keywords to a personal email account or if a file with sensitive data is accessed from several different locations in short succession.

  • DLP:

    This set of data applies to actions/activity taking place with data-at-rest via DLP scans (actions such as quarantine, or API policy matches) along with the information like Proxy Type and DLP Source IP.

  • Health:

    This set of data includes All Activities, Event Time, Application Name, HTTP request Method and others.

  • Proxy:

    Logs of all user activities (events, logs, etc.) in all protected applications associated with inline access control and DLP policies are collected under CASBInline and DLP collections.

  • SWG:

    All web browsing event logs generated by users using the SmartEdge Agent and Cloud SWG while accessing websites.

  • SWGDLP:

    Logs of data related to DLP policies configured for SWG traffic.

  • ZTNA:

    Logs of all agent-based (TCP) ZTNA events.

RBI

Available Data Collections for RBI:

  • FileTransfer:

    This set of data includes File name, File MIME, File URL, File Size, Processed Filesize, cdr performed, and AVscan performed details.

  • Incidents:

    This set of data includes Even Time, User information, Ads blocked, Scripts Isolated, and images sanitized details.

  • SiteVisit:

    This set of data includes Even Time, User information, Rendering Action, URL Categories, RBI Policy Rule Name,OS, Threat Score, and Browser Type details.