The CPU Monitor is reporting high CPU utilization in the HTTP process group on Edge SWG (formerly ProxySG).
High CPU usage in HTTP typically results from a surge in incoming requests, which can stem from various factors, such as:
Look at your traffic patterns to see if the user base has increased. Using the management console, check the bandwidth utilization using the Statistics > Traffic Mix section. Confirm if the bandwidth utilization for the Edge SWG corresponds to the CPU spikes.
If you suspect malware or request looping, like an application which doesn't work with Proxy Authentication, then check the Edge SWG Event Logs. Enabling attack detection in monitor mode which will report clients who are sending a high number of requests to the ProxySG. See How do I configure the ProxySG appliance to detect DoS and or DDoS traffic from a client without enforcing actions on the client(s)?
Other reasons for high CPU utilization in the HTTP process group:
If you go through these steps and still have issues with high CPU utilization in the HTTP or FTP process group, open a ticket with Broadcom Support.
In addition to the details from the CPU Monitor, you may also be asked to provide the following:
While the CPU utilization is high, copy the output from the URL https://<proxy_ip>:8082/TCP/Users
Configure snapshots on the Edge SWG to occur every five minutes (default is 60), and run for at least 20 minutes during the CPU spike.
Depending on the nature and symptoms of the high utilization issue, you may be asked to provide a full core dump of the Edge SWG (ProxySG).