search cancel

No Upload Activities From GitHub Gatelet

book

Article ID: 213736

calendar_today

Updated On:

Products

CASB Gateway

Issue/Introduction

The customer is using the proxy forwarding method but only gets partial GitHub activities in CloudSOC

There are login/logout, download events, but missing upload events.

Cause

The s3.amazonaws.com is not listed in the CPL initially.

After added the URL additional issue was discovered:

    • The client PCAP shows the local proxy is intercepting the s3.amazonaws.com traffic from the end-user.
    • SG PCAP does NOT show that the request to s3.amazonaws.com is being sent to WSS. It shows that it is going direct to AWS.
    • On-Premise SG policy trace shows that the forwarding rules for the s3.amazonaws.com traffic being missed
    • Discovered the Proxy has a conflicting rule in different layers so the URL for amazonaws.com was bypassed by the proxy in the authentication layer
    • This resulted in the forwarding rule in the CPL not functioning properly

Resolution

  1. Added the s3.amazonaws.com to the CPL as it is needed by Github Gatelet uploads.
  2. Removed the amazonaws.com from the authentication bypass list