CloudSOC uses only secure SFTP or SCP connections as a datasource

book

Article ID: 171208

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced Data Loss Prevention Cloud Package

Issue/Introduction

User is attempting to FTP their log files into Audit in CloudSOC but can't connect or is receiving errors.

Cause

The CASB product does not support direct FTP from another server due to the inherent unsecure nature of FTP.

Resolution

You can, however, push logs to CloudSOC using SCP of SFTP using a SCP/SFTP Connection, since these protocols are secure.

If your firewalls cannot stream to SCP or SFTP servers, a SpanVA instance on your internal network will allow you to FTP to the SpanVA, which will then securely transfer the logs to CloudSOC. 

 

Reference tech note Managing Data Sources for the CloudSOC Audit App in knowledge base under audit.