User can view the results of the configured Security policies for an Enterprise from the Monitor tab in the Cloud Web Security page in the VMware Cloud Orchestrator UI portal.

To monitor Cloud Web Security, perform the following steps:
  1. In the VMware Cloud Orchestrator UI portal, from the SD-WAN drop-down menu, select Cloud Web Security. The Cloud Web Security page appears.
  2. Click the Monitor tab.
  3. Under the Monitor section of Cloud Web Security page, Users can view the following monitoring options:
    • Overview
    • Threat Analysis
    • Traffic Analysis
    • CASB Analysis
    • DLP
    • Logs (Web and DLP)
    • Log Export
    • Events

Overview

The Overview dashboard presents a cleaner, more accessible presentation of critical information on a single page, while also pointing the user to more detailed information for each data category. The top graphs provide a user with the Cloud Web Security Actions Summary (actions taken over the configured time period), and the current Rules Distribution for that customer.

In addition, a user can scroll further and see at-a-glance graphs for Top Websites Visited, Top SaaS Applications, Threat Breakdown, and User Breakdown.

Threat Analysis

The Threat Analysis dashboard provides a detailed visibility into threats. The dashboard displays:
  • Threat Types
  • Threat Origins
  • Vulnerable Services
  • Threats By Users
Users can choose a specific time period from the drop-down list, to view the threats for the selected duration (for example, Past 31 Days).

Traffic Analysis

The Traffic Analysis dashboard provides a detailed visibility into user traffic. The dashboard displays:
  • Top Sites being visited by users
  • Top Categories for traffic
  • Actions Summary, the percentage of traffic being allowed/blocked
  • Top Users
Users can choose a specific time period from the drop-down list, to view the user traffic data for the selected duration (for example, Past 31 Days).

CASB Analysis

The CASB Analysis dashboard provides a detailed visibility into user and application traffic. The dashboard displays:
  • Top Categories for traffic
  • Top Applications
  • Top Users
  • Top Uploads by Applications
Users can choose a specific time period from the drop-down list, to view the CASB data for the selected duration (for example, Past 31 Days).

DLP

The DLP dashboard provides a detailed visibility into threat origins and blocked traffic. The dashboard displays:
  • Threat Origins
  • Block Count by User
  • Block Count by Date
Users can choose a specific time period from the drop-down list, to view the DLP data for the selected duration (for example, Past 31 Days).

Web Logs

The Web Logs page logs every Web session and threat. Users can view a list of Web logs, scrolling through the full list. Users can choose a specific time period from the drop-down list, to view the logs for the selected duration (for example, Past 31 Days).
Click on a Web log entry to view granular details about the selected entry. A Log Entry Details screen displays detailed information about the entry.

DLP Logs

The DLP Logs page logs every DLP session and threat. Users can view a list of DLP logs, scrolling through the full list. Users can choose a specific time period from the drop-down list, to view the logs for the selected duration (for example, Past 31 Days).
Click on a DLP log entry to view granular details about the selected entry. A Log Entry Details screen displays detailed information about the entry.

Log Export

The Log Export feature enables a customer to forward near-realtime logs about Cloud Web Security activities to a customer-controlled SIEM (Security information and event management) endpoint for storage and analysis.

The Log Export page allows users to export the logs to a configured Log Server. Optionally, you can also select the type of logs (Web or DLP) to be exported. For more information, see Log Export.

Events

The Events page displays all the events generated by the VMware Cloud Orchestrator. Click the link to an event name to view more details about the specific event.

Users can choose a specific time period from the drop-down list, to view the events for the selected duration (for example, Past 31 Days).

To view details related to specific events, use the Filter optiona. Click the Filter button to filter the list of events based on the following options: Event, User, Severity, Event Detail, and Message.

Click the CSV button to download a report of the events in CSV format.

The Events page displays the following details:
Option Description
Event Name of the event.
User Name of the user who performed the event action.
Severity Severity of the event. The available options are Alert, Critical, Debug, Emergency, Error, Info, Notice, and Warning.
Time Date and time of the event.
Message A brief description of the event.