Gatelet events related to "Google Login" activities - including Login and Logout activities - are not appearing in the Investigate App.

As a result, policies dependent on these events are not triggering or being enforced, potentially reducing visibility into user authentication behavior.

Gatelet Deployment either using the WSS Agent or the Proxy chaining via a web proxy (SWG)

In some environments, CloudSWG SSL Policies are misconfigured -specifically by including broad categories such as "Technology/Internet" in the SSL bypass rule.

Since "accounts.google.com" domain falls under this category, the SSL traffic is not intercepted, which prevents the Gatelet from analyzing and forwarding the relevant events to CloudSOC for processing and civisiblity.

• Audit CloudSWG policies for any rules that bypass SSL inspection for the "Technology/Internet" or any similar categories.
• Ensure that the domain "accounts.google.com" is not being bypassed either explicitly or through category-based rules.
• If necessary, create an explicit rule for "accounts.google.com" at the top of the SSL interception policy list to ensure it takes precedence over any other interfering rule.

In general, to ensure proper tracking of the Gatelet traffic, the following deployment prerequisites must be in place:

1. Gatelet Status: Gatelet is being activated on Cloudsoc (and given the time to Sync with CloudSWG)
2. Define the interesting traffic: The Full Gatelets documentation lists the required domains
3. Traffic routing: The related traffic must be routed through CloudSWG and CloudSOC (WSS Agent and/or Proxy forwarding)
4. SSL Interception: SSL Interception must be enabled on this traffic at the CloudSWG/WSS level

Note:

WebPulse is the domain categorization service which can be accessed publicly to review any domain, and also a feedback can be shared with us via the same platform.