Troubleshooting SpanVA Connectivity

book

calendar_today

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced Data Loss Prevention Cloud Package

SpanVA is Disconnected or Degraded

SpanVA to CloudSOC

Does the SpanVA Console show the status as alive and Green?
Check Status of SpanVA within CloudSOC Settings | Status Monitor.
Verify the Proxy settings if required.
- Test without the use of a proxy.
Port 443 outbound is a requirement for several DNS entry's
- *.elastica.net
  elastica-oregon-audit.s3.amazonaws.com
  cep-dub-audit.s3.amazonaws.com
  elastica-artifacts.s3.amazonaws.com
  el-public-repo.s3.amazonaws.com
SpanVA Monitor logs will display helpful information:
- Data has been sent to CloudSOC via SpanVA
*Search Splunk: keywords: tenantid, datasource ID.
- Received log files upload notification from SpanVA running for tenant tenantname, datasource id : ***f83***330***044***5c1**

Logs Sent to Spanva

SpanVA Monitor logs will display helpful information:
- Data has been received by SpanVA.
Test FTP/SCP to SpanVA manually.
- scp bluecoat.log1.gz [email protected]:
  /ds_elastica/datasources/531eeadfca78c264ae87e317
- Repeat sending a empty file called UPLOAD_COMPLETED.

thumb_up Yes

thumb_down No