ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

No Upload Activities From GitHub Gatelet

book

Article ID: 213736

calendar_today

Updated On:

Products

CASB Gateway

Issue/Introduction

  • The customer is using the proxy forwarding method but only gets partial GitHub activities in CloudSOC
    • There are login/logout, download events, but is missing uploading events.

Cause

  • The s3.amazonaws.com is not listed in the CPL initially.
  • After added the URL additional issue was discovered:
    • The client PCAP shows the local proxy is intercepting the s3.amazonaws.com traffic from the end-user.
    • SG PCAP does NOT show that the request to s3.amazonaws.com is being sent to WSS. It shows that it is going direct to AWS.
    • On-Premise SG policy trace shows that the forwarding rules for the s3.amazonaws.com traffic being missed
    • Discovered the Proxy has a conflicting rule in different layers so the URL for amazonaws.com was bypassed by the proxy in the authentication layer
    • This resulted in the forwarding rule in the CPL not functioning properly

Environment

Release : 1.0

Component :

Resolution

  1. Added the s3.amazonaws.com to the CPL as it is needed by Github Gatelet uploads.
  2. Removed the amazonaws.com from the authentication bypass list