CASB Audit feature shows anon-users on a fresh tenant
Article ID: 376261
Updated On:
Products
Issue/Introduction
CASB Audit Feature shows users with names anon-user.X, where X is a number, on a fresh tenant where no data sources have been configured yet. The users show activity such as downloads or uploads.
Cause
Fresh CASB tenants come with a dummy data source as a place holder in the Audit feature. The data source is named SAMPLE_DATASOURCE and can be seen in the CASB Console by going to Audit -> Device Logs. The source will have "Setup by System" information right below it.
Any information coming from this source can be ignored.
Resolution
Data sources are sources of information for the feature coming from network devices such proxy or firewall logs provided directly to the CASB console via Web Uploads, SpanVA integration or others.
All the entries related to the SAMPLE_DATASOURCE will be removed from the system as soon as a valid data source is successfully processed on the tenant. A successful processing of a data source is indicated by the green icon in the Status column.
To learn more about data sources and how to provide valid information to the Audit feature refer to the link below:
Feedback
