Skip to main content

Customize the streamed log events

Abstract

Select and customize the log events of interest to receive logs in your AWS S3 bucket.

Log streaming provides an option to funnel only log events of interest to your AWS S3 bucket. For log events generated from Access Visibility, Cyber Shield, and DNS Log, you can configure filters to only stream log events of interest. This filtering at source allows you to reduce the noise and focus on log events that deserve your attention instead of overloading your downstream tools with log events and then filtering them out at your SIEM or other log collection and presentation tools.

Figure 27. Screenshot showing the customization options for Access Visibility, Cyber Shield, and DNS Log
Screenshot showing the customization options for Access Visibility, Cyber Shield, and DNS Log


Customize the Log Streaming events sent for Access Visibility

You can configure conditions that match or do not match specific Networks, Network Applications, Network IP Services, Hosts, Host Applications, Host IP Services, or Primary User Groups of interest for Access Visibility log events. Only the events that meet the conditions will be streamed.

To customize the Log Streaming events sent for Access Visibility, follow the steps below:

  2. Navigate to API & Logs > Log Streaming.

  3. Check that Access Visibility type of events is toggled ON.

  4. Click Customize found below the brief description of Access Visibility.

  5. Select Network, Network Application, Network IP Service, Host, Host Application, Host IP Service, or Primary User Group from the drop-down list.

  6. Select whether the customization rule should use the 'is' or 'is not' clause from the drop-down list.

  7. Select one or more values that you want to use in the customization rule from the drop-down list.

  8. Click Apply.

    You will see the customization rule displayed, along with a notification stating that the rule will take effect in approximately 5 minutes.

  9. Continue to add more customization rules.

    Note

    You can add only one rule per Network, Network Application, Network IP Service, Host, Host Application, Host IP Service, or Primary User Group, but you can select multiple values for each rule.

Customize the Log Streaming events sent for Cyber Shield - Blocked Domains

You can configure conditions that match or do not match specific Networks, Hosts, or Primary User Groups of interest for Cyber Shield Blocked Domains. Only the events that meet the conditions will be streamed.

To customize the Log Streaming events sent for Cyber Shield - Blocked Domains, follow the steps below:

  2. Navigate to API & Logs > Log Streaming.

  3. Check that Cyber Shield - Blocked Domains type of events is toggled ON.

  4. Click Customize found below the brief description of Cyber Shield - Blocked Domains

  5. Select Primary User Group, Network, or Host from the drop-down list.

  6. Select whether the customization rule should use the 'is' or 'is not' clause from the drop-down list.

  7. Select one or more values that you want to use in the customization rule from the drop-down list.

  8. Click Apply.

    You will see the customization rule displayed, along with a notification stating that the rule will take effect in approximately 5 minutes.

  9. Continue to add more customization rules.

    Note

    You can add only one rule per Network, Host, or Primary User Group, but you can select multiple values for each rule.

Figure 28. Screenshot showing the customization of Cyber Shield - Blocked Domains log events using rules.
Screenshot showing the customization of Cyber Shield - Blocked Domains log events using rules.


Customize the Log Streaming events sent for Cyber Shield - Blocked Traffic

You can configure conditions that match or do not match specific Networks, Hosts, or Primary User Groups of interest for Cyber Shield Blocked Traffic. Only the events that meet the conditions will be streamed.

To customize the Log Streaming events sent for Cyber Shield - Blocked Traffic, follow the steps below:

  2. Navigate to API & Logs > Log Streaming.

  3. Check that Cyber Shield - Blocked Traffic type of events is toggled ON.

  4. Click Customize found below the brief description of Cyber Shield - Blocked Traffic

  5. Select Primary User Group, Network, or Host from the drop-down list.

  6. Select whether the customization rule should use the 'is' or 'is not' clause from the drop-down list.

  7. Select one or more values that you want to use in the customization rule from the drop-down list.

  8. Click Apply.

    You will see the customization rule displayed, along with a notification stating that the rule will take effect in approximately 5 minutes.

  9. Continue to add more customization rules.

    Note

    You can add only one rule per Network, Host, or Primary User Group, but you can select multiple values for each rule.

Customize the Log Streaming events sent for DNS Log

You can configure conditions that match or do not match specific Networks, Hosts, or Primary User Groups of interest for DNS Log. Only the events that meet the conditions will be streamed.

To customize the Log Streaming events sent for DNS Log, follow the steps below:

  2. Navigate to API & Logs > Log Streaming.

  3. Check that DNS Log type of events is toggled ON.

  4. Click Customize found below the brief description of DNS Log

  5. Select Primary User Group, Network, or Host from the drop-down list.

  6. Select whether the customization rule should use the 'is' or 'is not' clause from the drop-down list.

  7. Select one or more values that you want to use in the customization rule from the drop-down list.

  8. Click Apply.

    You will see the customization rule displayed, along with a notification stating that the rule will take effect in approximately 5 minutes.

  9. Continue to add more customization rules.

    Note

    You can add only one rule per Network, Host, or Primary User Group, but you can select multiple values for each rule.

In this section:
See also: