search cancel

Details for WSS integration with CASB Audit

book

Article ID: 203342

calendar_today

Updated On:

Products

CASB Audit CASB Gateway Advanced

Issue/Introduction

Details regarding the WSS integration process that sends WSS logs to CASB Audit.

Resolution

  • Q: How does WSS Sync logs from WSS to CASB?
  • A: Rest API, implemented internally, similarly to the externally implemented sync guide Sync API

 

  • Q: IS WSS or CASB the REST client?
  • A: CloudSOC

 

  • Q: What port is used to establish connection?
  • A: 8443

 

  • Q: What version of TLS and hash algorithm is used?
  • A: TLS v1.2
  • A: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher
 
  • Q: How often are logs transferred to CloudSOC?
  • A: Varied based on load (Usually hourly)
 
  • Q: Are logs pulled or pushed to CloudSOC?
  • A: Pulled
 
  • Q: What format are the logs delivered in and what is their size?
  • A: Compressed GZ file
  • A: Size depends on the amount of data
  • A: Files are not encrypted

 

  • Q: What field names are used for the data contained in the logs?
  • A: Bellow is a the header from a logs WSS log
 
#Fields: x-bluecoat-request-tenant-id date time x-bluecoat-appliance-name time-taken c-ip cs-userdn cs-auth-groups x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-icap-reqmod-header(X-ICAP-Metadata) x-icap-respmod-header(X-ICAP-Metadata) x-data-leak-detected x-virus-id x-bluecoat-location-id x-bluecoat-location-name x-bluecoat-access-type x-bluecoat-application-name x-bluecoat-application-operation r-ip r-supplier-country x-rs-certificate-validate-status x-rs-certificate-observed-errors x-cs-ocsp-error x-rs-ocsp-error x-rs-connection-negotiated-ssl-version x-rs-connection-negotiated-cipher x-rs-connection-negotiated-cipher-size x-rs-certificate-hostname x-rs-certificate-hostname-categories x-cs-connection-negotiated-ssl-version x-cs-connection-negotiated-cipher x-cs-connection-negotiated-cipher-size x-cs-certificate-subject cs-icap-status cs-icap-error-details rs-icap-status rs-icap-error-details s-supplier-ip s-supplier-country s-supplier-failures x-cs-client-ip-country cs-threat-risk x-rs-certificate-hostname-threat-risk x-client-agent-type x-client-os x-client-agent-sw x-client-device-id x-client-device-name x-client-device-type x-client-security-posture-details x-client-security-posture-risk-score x-bluecoat-reference-id x-sc-connection-issuer-keyring x-sc-connection-issuer-keyring-alias x-cloud-rs x-bluecoat-placeholder cs(X-Requested-With) x-random-ipv6 x-bluecoat-transaction-uuid