Skip to content

McAfee Skyhigh Cloud Access Security Broker

Skyhigh CASB


Skyhigh CASB provides unmatched data protection, device-based controls, and inline threat protection for all cloud applications using multi-mode cloud solution— all from a single platform. Skyhigh Security was purchased by McAfree in 2017.

Product Details

Vendor URL: Skyhigh CASB

Product Type: Monitoring

Product Tier: Tier III

Integration Method: Custom

Integration URL: N/A

Parser Details

Log Format: Syslog

Expected Normalization Rate: near 90%


UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Event Classification
column2 principal.user.userid
column3 target.asset.ip
column7 target.url
column8 target.url
column12 metadata.collected_timestamp
column13 network.application_protocol
column14 security_result.category_details
column19 network.http.response_code
column20 target.asset.ip
column26 principal.application
column27 principal.ip
column28 principal.port
column29 security_result.associations.country_code
column38 target.asset.ip
column39 target.asset.ip

Product Event Types

Event UDM Event Classification
all events NETWORK_HTTP

Log Sample

<190>Jun 13 13:08:44 Logging-Client "-1","domain1\\userone","","CONNECT","4997","2000","","/","OBSERVED","","1686657900","2023-06-13 12:05:00","https","Business, Software/Hardware","","","Minimal Risk","","200","","","","Other","","","svchost.exe","","443","GB","","f","f","f","f","f","","","","","8080"

Sample Parsing

metadata.event_type = "NETWORK_HTTP"
principal.user.userid = "domain1\\\\userone"
principal.ip = ""
principal.port = 443
principal.application = "svchost.exe"
target.asset.ip = ""
target.asset.ip = ""
target.asset.ip = ""
target.asset.ip = ""
target.url = ""
security_result.category_details = "Business"
security_result.category_details = " Software/Hardware"
security_result.associations.country_code = "GB"
network.ip_protocol = TCP
network.application_protocol = HTTPS
network.http.method = "GET"
network.http.response_code = 200


Coming Soon