Hi Wasfi,
What you are asking is not something that is supported at this time. Management Center was not built to be a SEIM. It is good for seeing the health status of your connected appliances, and for administering policies and scripts to those appliances, as well as being able to take backups. Reporter was built to specifically handle ProxySG or WSS Access Logs. Management Center can tie into some of that functionality.
Neither Reporter nor Management Center currently integrate with CloudSoc for log offload. CloudSoc, however, does have the ability to take ProxySG and WSS logs (and I believe 3rd party as well, but verify by asking in their forum). That would be something that I would recommend exploring.
Another option to look at, if all traffic is traversing your ProxySG, and you are simply want the CloudSoc application information, is to make sure you have the CASB database downloaded on your ProxySG. That application info then is written to the Access Logs and Reporter can use it in the reports.
Hope this helps!
Original Message:
Sent: 10-30-2020 06:04 AM
From: Wasfi Bounni
Subject: Can the management centre receive logs from CloudSoc or 3rd party CASB devices?
Hi;
Can the CloudSoc logs be gathered and displayed by the management centre. Either directly or via a reporter appliane?
I am guessing if CloudSoc or any 3rd party solution can send its logs using ELFF then the reporter should be able to receive these logs and render them into useful reports, but can it then feed them to the management centre? In the same manner it feeds Proxy SG access logs to the management centre?
The idea here is to have a central point of monitoring and reporting for Proxy SG logs, CAS logs, SSL Visibility logs, CloudSoc logs and 3rd party logs as well, which is the Management Centre.
Kindly
Wasfi