Censornet Cloud Application Security¶
About¶
Censornet Cloud Application Security (CASB) enables your business to discover, analyse, secure and manage user interaction with cloud applications. CASB enables discovery and visibility of sanctioned and unsanctioned cloud application use with an extensive catalogue of business apps. Integrated with Web Security for end-to-end attack visibility and protection. Automatically defend against new multi-channel attack techniques.
Product Details¶
Vendor URL: Censornet Cloud Application Security
Product Type: CASB
Product Tier: Tier II
Integration Method: Custom
Log Guide: Censornet Cloud Application Security
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 100%
Data Label: CENSORNET_CASB
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| app_name | additional.fields |
| changed.filters.hostname | target.hostname |
| changed.filters.samaccountname | target.user.userid |
| city | target.location.city |
| country | target.location.country_or_region |
| dst_ip_address | target.ip |
| filter_rule | security_result.rule_name |
| final_action | security_result.action_details |
| ip_address | principal.ip |
| latitude | target.location.region_latitude |
| log_level | security_result.severity_details |
| longitude | target.location.region_longitude |
| mac_address | principal.mac |
| matched_url_categories | security_result.rule_labels |
| matched_web_categories | security_result.rule_labels |
| method | network.http.method |
| netbios_domain | principal.administrative_domain |
| operating_system.icap_agent.browser.device_type | network.http.user_agent |
| samaccountname | principal.user.userid |
| stage | security_result.summary |
| url | target.url |
| url_categories | security_result.category_details |
| url_scheme | network.application_protocol |
| username | principal.hostname |
| web_categories | security_result.category_details |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| HTTP | NETWORK_HTTP |
| Generic | GENERIC_EVENT |
| Login | USER_LOGIN |
Log Sample¶
{"ip_address":"10.0.0.0","event":{"original":"{\"utc_timestamp\": \"2023-12-20 12:42:25.000000\", \"username\": \"example@email.com\", \"ip_address\": \"10.0.0.0\", \"model\": \"Login\", \"url\": \"http://example.com/auth\", \"method\": \"POST\", \"payload\": {\"original\": {}, \"changed\": {\"mfa\": false, \"success\": true, \"stage\": \"credentials\"}}, \"account_id\": 12345, \"country\": \"spain\", \"country_code\": \"es\", \"city\": \"barcelona\"}"},"@version":"1","utc_timestamp":"2023-12-20 12:42:25.000000","url":"http://example.com/auth","username":"example@email.com","country":"spain","city":"barcelona","model":"Login","@timestamp":"2023-12-20T12:42:42.475875398Z","method":"POST","payload":{"original":{},"changed":{"stage":"credentials","mfa":false,"success":true}},"country_code":"es"}
Sample Parsing¶
extensions.auth.auth_details = "no mfa"
metadata.event_type = "USER_LOGIN"
metadata.log_type = "CENSORNET_CASB"
metadata.product_event_type = "Login"
metadata.product_name = "CASB"
metadata.vendor_name = "Censornet"
network.http.method = "POST"
principal.ip = "10.0.0.0"
security_result.action_details = "success"
security_result.action = "ALLOW"
security_result.summary = "credentials"
target.location.city = "barcelona"
target.location.country_or_region = "spain"
target.url = "http://example.com/auth"
target.user.userid = "example@email.com"
Rules¶
Coming Soon