What Does Cloud Connector Collect?
Skyhigh Cloud Connector ingests logs from your security appliances and passes them along to detect and analyze cloud services used by your enterprise.
The following table details the data collected from your logs and the features that are impacted if the data is missing.
Property | Description | Functionality Impact |
---|---|---|
Timestamp | Timestamp of when a cloud service was accessed. | Timestamp required to process log. |
Date or (date + time) | Date and time when a cloud service was accessed. | Date required to process log. |
Timetaken | Total time spent for the current network operation. | Optional. |
Source IP | Client IP address, usually internal IP address. | Source IP required to process logs. |
User Name | User name for the current log action. | User Name required to process logs. |
Destination IP | Cloud service IP address, usually outside network. | Destination IP required to discover IaaS feature. |
Destination Host | Cloud service Hostname. | Destination Host required to discover IaaS feature. |
Http Status | Security protocol of accessed service. | Required to label authentication related activity. |
Egress Action | Action taken by the proxy. | Required by Allow/Block report. |
Service To Client Bytes | In-bound bytes information for cloud service. | Required by any reports that display uploaded or downloaded bytes. |
Client To Service Bytes | Out-bound bytes information for cloud service. | Required by any reports that display uploaded or downloaded bytes. |
Total bytes | Total bytes sent/received information for cloud service. | Used to generate volumetric anomalies. |
HTTP Method | Lists whether the activity an upload or a download. | Used to distinguish uploads from downloads in anomaly reports. |
Destination Port | Used for inferring the protocol, if the protocol information is absent in log file. | Used to generate protocol filters. |
URL | The web address accessed. | Used for filtering. |
URI Path | Used to detect file names involved in data transfer. | Used to generate the file movement report. |
URI Query | Currently not used, but is reserved for future use. | N/A |
AuthGroup |
Currently not used, but is reserved for future use. | N/A |
Content Type or Mime Type | The type of document or file uploaded. | Used for event filtering. |
User Agent | Device type used to access the service. | Used for event filtering. |
Web Category | Type of service accessed. | Used for event filtering. |
Protocol | Protocol used for communication. | Creates facets for dashboard searches. |
Protocol-AddOn | Additional combinations of protocols. | Creates facets for dashboard searches |