Analyze Security Policy Blocking the User Access
Focus
Focus
Autonomous DEM

Analyze Security Policy Blocking the User Access

Table of Contents

Analyze Security Policy Blocking the User Access

Access Analyzer enables you to query evidence-based verdicts and security policy configuration of rules that denied user access.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • ADEM license
Access Analyzer enables you to view past evidences of the user access attempts and the security policy configuration of the policy rules that denied user access to an application.
To get insight into past evidences (logs) and the security policy configuration:
  1. Start a query for users whose access you’re interested in. For example, the following query allows admins to determine whether a user has hindered or blocked access for a particular application.
    Can mobile user <name> access <application> from prisma access location <location-name> using device <device name>
    Click Analyze to view query results.
  2. Analyze the access issue and take appropriate action.
    1. Your query result shows a historical sequence of events related to the user's access over time. Click the query name from Query Log to view the results.
    2. Under Results, click Security Policy (Based on Logs) to view logs that matched the rule. Access Analyzer displays traffic logs for the past seven days, and threat and URL logs for the past three hours.
    3. Expand the traffic log entry to view the user session details for the past 3 hours.
    4. To view details of the security policy that indicates current status of user access, click the link in the banner above the Logs table to run the Check Security Policy Only query.
      This automatically runs the Check Security Policy Only query. View the progress of the query in the Query Log.
      Once the query is complete, click the query link to see the query result with security policy configuration.
    5. To view more details on the logs related to the query, click Log Viewer.