Unknown users reported in Audit
Article ID: 377058
Updated On:
Products
CASB Advanced Threat Protection
CASB Audit
CASB Gateway
CASB Gateway Advanced
CASB Security Advanced
CASB Security Advanced IAAS
CASB Security Premium
CASB Security Premium IAAS
CASB Security Standard
CASB Securlet IAAS
CASB Securlet SAAS
CASB Securlet SAAS With DLP-CDS
Issue/Introduction
Audit datasource listed the users as unknown.
Resolution
Check that the Audit data sent to CASB has the correct data fields.
In one case the timezone and user field was combined because the delimiting comma was missing.
Expected log format sample
source="%s{cip}", datetime="%s{time}", tz="%s{tz}", user="%s{login}", dst="%s{sip}", sent="%d{reqsize}", totalsize="%d{totalsize}", ua="%s{ua}", duration="%d{ctime}", url="%s{url}", referer="%s{referer}", action="%s{action}", proto="%s{proto}", rcvd="%d{respsize}", op="%s{reqmethod}"\nFeedback
Yes
No
Powered by
