Cisco Cisco ScanSafe Web Security Data Sheet
Page 1 of 2
Cisco Cloud Web Security Log Extraction
Cisco Cloud Web Security (CWS) Log Extraction allows CWS customers to
automatically pull web usage data quickly and securely for analysis using an S3
compatible HTTPS API.
automatically pull web usage data quickly and securely for analysis using an S3
compatible HTTPS API.
Overview
CWS reporting in ScanCenter allows customers to report on all aspects of employ ee browsing activ ity. It also
prov ides v iews on blocked threats, top sites v isited, social media usage, bandwidth usage and many other aspects
of online activ ity .
With the explosion of Big Data in organizations today , customers want a way to integrate and correlate the data
f rom CWS with other data in the customer organization. The primary use case f or integrating CWS browsing log
data with customer on-premises sy stems is integration with
‘Security Inf ormation and Ev ent Management’ (SIEM)
sy stems. Howev er, Log Extraction can be used with a v ariety of reporting and analy sis tools.
With Log Extraction on CWS reporting and analy sis tools will be able to automatically pull web usage data quickly
and securely f or analy sis using an HTTPS programmable interf ace.
The log data is compiled in W3C text f ormat and log inf ormation consisting of 28 attributes. Ty pically , the log
inf ormation is av ailable within 15 minutes of the ev ent occurring.
Tabl e 1.
28 Accessible Attributes Provided by Log Extraction
28 Accessible Attributes Prov ided by Log Extraction
1
datetime
15
sc-status
2
c-ip
16
sc(Content-T ype)
3
cs(X-Forwarded-For)
17
s-ip
4
Cs-username
18
x-ss-category
5
cs-method
19
x-ss-last-rule-name
6
cs-uri-scheme
20
x-ss-last-rule-action
7
cs-host
21
x-ss-block-type
8
cs-uri-port
22
x-ss-block-value