Does Web Security Service (WSS) support websockets? If so how does the information show in the WSS access logs?
Web Security Service
Web-sockets are supported in Proxy SG and WSS.
You can find the websocket data on the WSS access log via the s-action field as illustrated in Image 1. Another tell-tale of Web-socket usage is the http 101 return code, as the proxy receives an upgrade request to websocket from the client, and this request is fulfilled with sc-status = 101 switching protocol.
Image 1: Websocket SIEM report for nperf speed test destination servers
The Proxy SG Administration Guide contains more details on how Websockets are handled by the Secure Gateway. This applies to WSS as well.
Here is a link to the SGOS Administration Guide 7.2.x.