Data about web traffic is logged on Secure Web Gateway and stored in locations that you configure for log data residency. You can also configure these locations as log sources for users, data jurisdictions, and dashboard cards.
For example, you configure Europe as log data residency for data that is logged about web traffic originating in Europe. You also configure a data jurisdiction for a user on Secure Web Gateway, where you select Europe as the log source. When this user reviews the default dashboard cards, which are created by system functions, they will only show log data that is stored in Europe.
When this user creates a dashboard card, a different log source, for example, India, can be configured for the Saved View that is used to create this card. Only log data stored in India will then be shown on this card, whereas the default dashboard cards will still show log data from Europe to this user.
The data that is logged about web traffic and stored in particular locations includes data about the users who caused this traffic, malware found within it, and browser isolation applied to it.
The following sections provide more information about configuring these locations as log sources. For information about how to configure log data residency, see Configure Log Data Residency and Privacy.
Configuring a Log Source and a Data Jurisdiction for a User
When you work as admin with Secure Web Gateway, you can create other users and grant them permissions, which are usually restricted. For example, you can create a user who is only allowed to configure a web policy, but not a firewall policy.
For each user that you create, you configure a role and a data jurisdiction.
The role restricts the user to completing particular activities, for example, configuring a web policy.
- The data jurisdiction restricts the user to accessing only particular data, for example, data related to web services.
A data jurisdiction can only be configured for a user who is not an admin. This means that when you work as admin, you have access to all data.
Together with the data jurisdiction, you can also configure a log source. A log source can be configured for admin and non-admin users. As log source, you can select one of the locations that are also available for configuring log data residency, for example, Europe.
When a user creates a dashboard card to display particular data that was generated over a given time range, this data is only fetched from the log source that you have configured for this user.
To create or edit a user on the user interface for Secure Web Gateway, you place your mouse pointer over the settings icon in the top right corner and navigate to User Management > Users.
On the Users page, you select Create New User from the Actions menu or click Edit to edit the settings for an existing user.
Configuring a Log Source for a Data Jurisdiction
When configuring a data jurisdiction for a user on Secure Web Gateway, you can select it from a list that is provided among the options for configuring a user. This list includes the data jurisdictions that you have created.
To create a data jurisdiction, you place your mouse pointer over the settings icon in the top right corner of the user interface for Secure Web Gateway and navigate to User Management > Data Jurisdictions.
On the Data Jurisdictions page, you select, for example, Web Jurisdictions to create a jurisdiction for web data and click New Jurisdiction.
After selecting Web as the data type, the New Web Data Jurisdiction page appears, where you can configure a name and a log source for this data jurisdiction.
Using a Log Source for a Dashboard Card
Dashboard cards are shown on the user interface for Secure Web Gateway to provide you with an overview of particular data that has been generated over a given time range.
For example, there is a dashboard card showing the requests for web access that were submitted by users of your organization and were blocked because the requested websites were malware-infected.
The requests are shown sorted by the names of the malware that was involved when the requests were blocked. The dashboard card only shows the requests for the malware that was most often involved.
There are the following types of dashboard cards.
Default dashboard cards — These cards are available by default after you have initially set up Secure Web Gateway as part of the Security Service Edge (SSE) solution. They are also known as system dashboard cards, as they are created by system functions.
The data that is shown on a default dashboard card is fetched from the log source for the user who is currently logged on to Secure Web Gateway. It is the log source that you have configured together with a data jurisdiction for this user.
The log source is not indicated on a default dashboard card. If you have not configured a log source for a user, the location that will serve as log source is North America.
- User-defined dashboard cards — These are cards that you create on your own. They can also be created by users on Secure Web Gateway who are not admins.
To create a dashboard card, you select what is known as Saved View from one of the pages that are provided under Analytics on the user interface and configure settings for it as needed.
Among these settings, you can configure a log source. This log source is one of the locations that are also available when you configure log data residency, for example, Europe. Only data fetched from this log source is shown in the Saved View.
When you create a dashboard card of your own, the log source is indicated in a shortened manner after the card header. For example, when the log source is Europe, it is indicated as EU.