Troubleshooting Guide for Skyhigh Security CASB Issues
Comprehensive troubleshooting guide for addressing various challenges related to Skyhigh Security Cloud Access Security Broker (CASB) like debugging Cloud Connector issues, validating DLP rules, addressing dashboard performance issues, and managing subscription center services efficiently.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Skyhigh Security CASB Troubleshooting Madhukar DC - Sr. Technical Support Engineer Date 05-July-2023
Agenda Shadow IT Debugging Cloud Connector issues Troubleshooting Dashboard issues Sanctioned IT Validating DLP rules Email DLP mail flow Reverse Proxy IaaS CSPM Configuration Audit 2
Skyhigh Security S ArchitectureNS Subscription Center Cloud Connector Architecture SKYHIGH Skyhigh Cloud Connector 3
Skyhigh Security SNS Subscription Center Cloud Connector Services and Troubleshooting Services Description Logs Log processor Parses raw event logs from Edge devices and other operations <installDir>/shnlp/logs/shnlogprocessor-debug.log and shnlogprocessor- error.log Syslog Receives logs from Edge devices <installDir>/shnlp/logs/syslog-debug.log and syslog-error.log Log processing Syslog Detokenization Email SMTP Active Directory SIEM CLR Service status Service status CC not active Connectivity to SMTP server Connectivity to Active Directory Connectivity to Cloud Connectivity to Skyhigh Cloud & Edge device Connectivity to Cloud Connectivity to source (FW/Proxy) CC not reachable CC not fetching emails from Skyhigh Cloud Incorrect LDAP query Connectivity to SIEM server DNS resolution for SSN Disk space Check SSN resolution Log rotation frequency No data received from Skyhigh Cloud SMTP server rejecting emails from CC Check CLR URL reachablity User credentials User has tokenization role assigned Log file size Log format and parser CC not forwarding data to SIEM 4
Skyhigh Security SNS Subscription Center Dashboard Dashboard performance issue Recent Shadow data is not available in dashboard (Analytics:Users/Services) Dashboard Skyhigh Cloud Cloud Connector Edge Device 6
Skyhigh Security SNS Subscription Center DLP rule workflow Event (File upload, collaboration) Get event logs File download Get collaborators Global Scan Settings Content extraction DLP Policy User inclusion or exclusion Policy evaluation DLP Rule group exception Incident remediation Incident creation Rule evaluation 8
Skyhigh Security SNS Subscription Center DLP Common issues DLP policy not working Quarantine restore False Positive incidents Incident not triggering Delay in receiving events File download failed Rate-limit Permission issue No match in file content File deleted from Quarantine folder Check respective rules Issue with Quarantine/Delete File locked Rate-limit Data retention Permission issue Error from service provider Add exceptions Revoke collaboration failed Incorrect response action Error from service provider Rate-limit Finetune DLP policy 9
Email DLP 10
Skyhigh Security SNS Subscription Center Email DLP with Skyhigh Email Gateway DLP not working Bounce back email Email are not routed via Skyhigh Domain whitelist on Skyhigh Incorrect DLP policy IP whitelist on CSP 11
Skyhigh Security SNS Subscription Center Reverse Proxy Performance issue Files/images not loading through proxy Managed device is treated as unmanaged SAML Authentication 13
Skyhigh Security SNS Subscription Center IaaS ConfigAudit Authentication Issue CE not working NRT not working IAM role CloudTrail logs SQS queue Permissions policies 15
Thank you 16