Audit shows blocked activity as data transfer
search cancel

Audit shows blocked activity as data transfer

book

Article ID: 184547

calendar_today

Updated On:

Products

CASB Audit CASB Gateway Advanced CASB Security Advanced CASB Security Premium CASB Security Standard

Issue/Introduction

Audit shows a 403 forbidden blocked activity as data transfer.  

Environment

CloudSOC Audit with a WSS integration data source

Cause

WSS logs a 200 success on the TCP traffic initiating the handshake with Audit, but receives a 403 forbidden on the http/https traffic giving you a blocked page. 

Resolution

Open a support ticket to request "Ignore CONNECT Traffic" on your WSS data source. 

Powered by Wolken Software