Mirror Gateway (MiG) traffic seen as Unmanaged Devices in CloudSOC contains field values that are not related to customer's WSS tenant

When using MiG, traffic redirected to MiG and seen in CloudSOC Investigate contains field values in that are very confusing.

Current flow documentation does not indicate that traffic directed to MiG from IdP of approved IdP vendors traverses WSS before reaching CloudSOC.

Investigate shows a WSS transaction ID, but why when there is no WSS tenant in the environment.

The above leads to the following questions:

• Is MiG traffic directed to a customer's own WSS tenant if they own a full WSS environment?
• Is MiG traffic directed to a global WSS tenant owned by Broadcom if customer does not own a full WSS environment?
• How can customer receive WSS logs from their MiG traffic through the WSS tenant, assuming there is one in this picture customer does not control and it is not their WSS tenant?

• Is MiG traffic directed to a customer's own WSS tenant if they own a full WSS environment?
  For UN-MANAGED devices traffic goes through shared MiG WSS tenant , and NOT through customer's WSS tenant.
• Is MiG traffic directed to a global WSS tenant owned by Broadcom if customer does not own a full WSS environment?
  Yes
• Can a customer receive WSS logs from their MiG traffic through the Global WSS tenant?
  They cannot