ProxySG & Advanced Secure Gateway

  • 1.  How do i see the decision on the access logs

    Posted 10-16-2021 06:50 AM
    Hello everyone,

    We want to create a rule on siem. If a user gets allow from the file sharing category, we will generate an alarm for it.

    When we examined the logs sent to the siem device, we could not see the results of the requests made to the sites.




  • 2.  RE: How do i see the decision on the access logs

    Broadcom Employee
    Posted 17 days ago
    Hi,
    You should use sc-filter-result field.

    Here is the possible values;

    OBSERVED

    Indicates that at some point, policy invoked a category lookup, ie, a "category=" trigger was evaluated.

     

    DENIED

    Indicates that the request was not served. Typically this means the user received some form of an exception.

     

    PROXIED

    The category was not a factor in the policy decision. Examples of this: The policy used to process the request did not include a category definition, such as source:any, destination:any, action:allow.