Events Viewer

Filter and review security events associated with end-user activity in your Cloud Secure Edge organization

  • Updated on Sep 09, 2024

Overview

Events lets you filter and explore lists of events associated with end-user activity in your Cloud Secure Edge (CSE) organization.

To access the Events Log Viewer, navigate to Events on the homepage of the console.

By default, the events table displays all events from the Last Day. Use the date picker to display events in a specific time range.

To view the full event object details, click the dropdown arrow of a specific event.

Filter Events

Learn more about the Event data structures in the Event Spec - Syntax and the Get Events API endpoint.

Use the Filter by… to sift through your CSE organization system log according to:

  • Event Type - Registration, Identity, Access, Trust Scoring, Audit
  • Actions - Unauthorized
  • Event Severity - Error, Warn, Info, Debug
  • User Email - User’s email address
  • Device Serial Number - Device serial number
  • Service Name - Name of the service (if applicable)
  • Service Tunnels - Name of each Service Tunnel
  • Event ID - Unique ID for the event
  • External ID - A tracing identifier that was generated external to Banyan Command Center (for example, state value in OpenID Connect authentication requests)

Example: Show denied access attempts for a user

To show access events that were denied for a certain user within the last week, set the date range to Last Week and then filter events in the following order:

  • Event Type: Access
  • Event Severity: ERROR
  • User Email: (user email address)

Example: Show device registrations and unregistrations for a user

To show successful registrations and unregistrations for a single within the last week, set the date range to Last Week and then filter events in the following order:

  • Event Type: Registration
  • Event Severity: INFO
  • User Email: (user email address)

Event Logging Retention

  • In the Cloud Secure Edge Command Center, the previous 2 weeks or the last 10 thousand events are stored (whichever comes first); In the backend, 30 days of events are stored.
  • For Connector or Access Tier, the log files rotate: the default is to retain 5 log files; the rotation occurs when the log file reaches 50 Mb.

Can’t find what you’re looking for?

We’re happy to help. Contact our team.