User can view the results of the configured Security policies for an Enterprise from the Monitor tab in the Cloud Web Security page in the VMware Cloud Orchestrator UI portal.
To monitor
Cloud Web Security, perform the following steps:
In the VMware Cloud Orchestrator UI portal, from the SD-WAN drop-down menu, select Cloud Web Security. The Cloud Web Security page appears.
Click the Monitor tab.
Under the Monitor section of Cloud Web Security page, Users can view the following monitoring options:
Overview
Threat Analysis
Traffic Analysis
CASB Analysis
DLP
Logs (Web and DLP)
Log Export
Events
Overview
The Overview dashboard presents a cleaner, more accessible presentation of critical information on a single page, while also pointing the user to more detailed information for each data category. The top graphs provide a user with the Cloud Web SecurityActions Summary (actions taken over the configured time period), and the current Rules Distribution for that customer.
In addition, a user can scroll further and see at-a-glance graphs for
Top Websites Visited,
Top SaaS Applications,
Threat Breakdown, and
User Breakdown.
Threat Analysis
The
Threat Analysis dashboard provides a detailed visibility into threats. The dashboard displays:
Threat Types
Threat Origins
Vulnerable Services
Threats By Users
Users can choose a specific time period from the drop-down list, to view the threats for the selected duration (for example, Past 31 Days).
Traffic Analysis
The
Traffic Analysis dashboard provides a detailed visibility into user traffic. The dashboard displays:
Top Sites being visited by users
Top Categories for traffic
Actions Summary, the percentage of traffic being allowed/blocked
Top Users
Users can choose a specific time period from the drop-down list, to view the user traffic data for the selected duration (for example, Past 31 Days).
CASB Analysis
The
CASB Analysis dashboard provides a detailed visibility into user and application traffic. The dashboard displays:
Top Categories for traffic
Top Applications
Top Users
Top Uploads by Applications
Users can choose a specific time period from the drop-down list, to view the CASB data for the selected duration (for example, Past 31 Days).
DLP
The
DLP dashboard provides a detailed visibility into threat origins and blocked traffic. The dashboard displays:
Threat Origins
Block Count by User
Block Count by Date
Users can choose a specific time period from the drop-down list, to view the DLP data for the selected duration (for example, Past 31 Days).
Web Logs
The
Web Logs page logs every Web session and threat. Users can view a list of Web logs, scrolling through the full list. Users can choose a specific time period from the drop-down list, to view the logs for the selected duration (for example, Past 31 Days).
Click on a Web log entry to view granular details about the selected entry. A
Log Entry Details screen displays detailed information about the entry.
DLP Logs
The
DLP Logs page logs every DLP session and threat. Users can view a list of DLP logs, scrolling through the full list. Users can choose a specific time period from the drop-down list, to view the logs for the selected duration (for example, Past 31 Days).
Click on a DLP log entry to view granular details about the selected entry. A
Log Entry Details screen displays detailed information about the entry.
Log Export
The Log Export feature enables a customer to forward near-realtime logs about Cloud Web Security activities to a customer-controlled SIEM (Security information and event management) endpoint for storage and analysis.
The
Log Export page allows users to export the logs to a configured Log Server. Optionally, you can also select the type of logs (Web or DLP) to be exported. For more information, see
Log Export.
Events
The
Events page displays all the events generated by the
VMware Cloud Orchestrator. Click the link to an event name to view more details about the specific event.
Users can choose a specific time period from the drop-down list, to view the events for the selected duration (for example, Past 31 Days).
To view details related to specific events, use the Filter optiona. Click the Filter button to filter the list of events based on the following options: Event, User, Severity, Event Detail, and Message.
Click the CSV button to download a report of the events in CSV format.
The
Events page displays the following details:
Option
Description
Event
Name of the event.
User
Name of the user who performed the event action.
Severity
Severity of the event. The available options are Alert, Critical, Debug, Emergency, Error, Info, Notice, and Warning.