Mirror Gateway (MiG) traffic seen as Unmanaged Devices in CloudSOC contains field values that are not related to customer's WSS tenant
When using MiG, traffic redirected to MiG and seen in CloudSOC Investigate contains field values in that are very confusing.
Current flow documentation does not indicate that traffic directed to MiG from IdP of approved IdP vendors traverses WSS before reaching CloudSOC.
Investigate shows a WSS transaction ID, but why when there is no WSS tenant in the environment.
The above leads to the following questions: