Autonomous DEM
Analyze Security Policy Blocking the User Access
Table of Contents
Analyze Security Policy Blocking the User Access
Access Analyzer enables you to query evidence-based verdicts and security policy
configuration of rules that denied user access.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Access Analyzer enables you to view past evidences of the user access
attempts and the security policy configuration of the policy rules that denied user
access to an application.
To get insight into past evidences (logs) and the security policy
configuration:
- Start a query for users whose access you’re interested in. For example, the following query allows admins to determine whether a user has hindered or blocked access for a particular application.Can mobile user <name> access <application> from prisma access location <location-name> using device <device name>Click Analyze to view query results.Analyze the access issue and take appropriate action.
- Your query result shows a historical sequence of events related to the user's access over time. Click the query name from Query Log to view the results.Under Results, click Security Policy (Based on Logs) to view logs that matched the rule. Access Analyzer displays traffic logs for the past seven days, and threat and URL logs for the past three hours.
![]()
Expand the traffic log entry to view the user session details for the past 3 hours.![]()
To view details of the security policy that indicates current status of user access, click the link in the banner above the Logs table to run the Check Security Policy Only query.![]()
This automatically runs the Check Security Policy Only query. View the progress of the query in the Query Log.![]()
Once the query is complete, click the query link to see the query result with security policy configuration.![]()
To view more details on the logs related to the query, click Log Viewer.
