Investigate

Prisma Access Browser

Events

From
Strata Cloud Manager
, select
Manage
Configuration
Prisma Access Browser
Analytics
Events
.
You can see the total number of events displayed at the top of the page. By default, the Events screen displays the 50 most recent events. Click
Load 50 More
to move to the next page of events.
Investigate events using search and filters.
An important part of your role with the
Prisma Access Browser
is analyzing events, and looking for patterns and anomalies in user behavior. Whenever you notice unexpected or unusual activity, you need to see if you need to tune the rules to meet the needs and requirements of the end users. The
Prisma Access Browser
allows you to search and filter the events to discover and analyze user behavior patterns. At the top of the screen, you can search for specific events using specific data to help find a particular event. You can also narrow the list of events by filtering on any of the following Events screen columns:
Time
—Select a predefined time period for which to display events, or create a
Custom
time period.
Category
—Narrow down the type of events displayed by selecting one or more categories. Available event categories include:
Access—Events involving access to websites and apps.
DLP—Events involving file upload, file download, and clipboard controls (copy/paste)
Extensions—Events involving installation, removal, enabling, and disabling extensions.
PIN Code—Events involving access to apps and features that require a PIN code or authorization.
Malware—Incidents involving attempted access to malicious websites.
Tampering—Incidents involving unauthorized file tampering.
Type
—The type of action that triggered the event log. The event types vary by category.
URL
—The URL associated with the event.
Application
—The application associated with the event.
User
—The user associated with the event.
MITRE
—The MITRE ATT&CK technique related to the event.
Policy rule
—The policy rule that generated the event.
You can also add additional filters to narrow down the events to display:
Event recordings
—Show only events that have screen recordings.
Web classifications
—Filter by types of web applications controlled by the policy rule that triggered the event.
Device
—Filter events based on the device where the event originated.
Browser brand
—Filter the events by the browser brand.
Browser version
—Filter the events based on the version of the browser where the event originated.
Browser type
—Filter the events based on the browser where the event originated.
Device groups
—Filter the events by the device group.
OS platform
—Filter the event based on the operating system on the device where the event originated.
User group
—Filter the events based on the user group to which the users belong.
MITRE
—Filter the events based on the MITRE ATT&CK Mitigation resource.
Compliance
—Compliance Filter the events based on compliance issues (for example HIPAA, SOC 2, PCI DSS).
Mode
—The behavior of the policy rule as applied to end users.
Is incident
—Filter whether or not the event is an incident.
Click into an event to view details about the event.
From here you can also drill down into the raw data for the event.
Export events for offline investigation.
Click the Export icon.
In the Export window, select one of the following options:
Export all available events
—Export all the events in the database (up to a maximum of the 10,000 most recent events).
Export filtered or searched events
—Export events based on the current filters.