Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Activity Settings


Skyhigh Security no longer supports the SSL Terminated Logs feature. However, you can still monitor the activities of the shadow cloud services by using the Skyhigh Secure Web Gateway solution. Skyhigh Secure Web Gateway controls user activities for all shadow cloud services that are listed in the Skyhigh Cloud Registry and blocks the selected user activities based on the web policy settings.

To know details about the user activity control and monitoring of shadow cloud services using the Skyhigh Secure Web Gateway, see About Activity Control and Monitor User Activities for Shadow Cloud Services.







SSL Terminated Logs

This section allows you to enable Activity Monitoring for Shadow Services (using SSL Terminated Logs).

PREREQUISITE: You must set up SSL termination on your firewall/proxy before you can leverage this feature.

Skyhigh CASB allows customers to monitor activities on several shadow services. Skyhigh CASB tracks over 21,000 activity signatures of shadow services. So, when customers access shadow cloud services, Skyhigh CASB is able to provide administrators with a log of the activities performed on these services.

The activity signatures tracked by Skyhigh CASB can be mapped to 14 canonical activity categories. Customers can also add their own activity categories based on their requirements. 

Canonical activity categories include: 

  • Administration
  • Data Access
  • Data Delete
  • Data Download
  • Data Sharing
  • Data Updates
  • Data Upload
  • External Data Sharing
  • Login Failure
  • Login Success
  • Report Execution
  • Service Usage
  • User Account Creation
  • User Account Deletion

After the feature is enabled, it may take up to 36 hours before activity becomes available on the Activity Monitoring page.

Examples of some supported CSPs include: 

  • Salesforce
  • Box
  • Office365
  • Dropbox for Business
  • Slack
  • Google Drive
  • Service Now - Beta
  • Atlassian Jira - Beta
  • Github - Beta
  • Jive Hosted - Beta

Enable Activity Settings for SSL Terminated Logs

To enable activity settings for SSL terminated logs:

  1. Go to Incidents > User Activity > Activity Settings.
  2. For SSL Terminated Logs, click ON.

Activity Monitoring

It may take up to 36 hours before data becomes available in Incidents > User Activity > Activity Monitoring. Once it does, you can switch between services on the Activity Monitoring page by using the drop-down menu in the Activity from <Service> title. 


Available Activities

To see available activities, go to Incident> User Activity > Available Activities, and from the All Sources menu, select Proxy/SSL Logs

API & Proxy

Create an API connection or set up the Skyhigh CASB proxy to monitor activity on services supported by Skyhigh Security.

Click Setup to go to the Settings > Service Management page. 


  • Was this article helpful?