App Discovery Reference
Learn about the fields that are required in uploaded log files and the processing that occurs in the different stages upload stages.
Required Log Fields
Review the general and firewall-specific requirements for log files you plan to upload to Oracle CASB Cloud Service – Discovery.
Any log file you want to upload into Oracle CASB Cloud Service - Discovery must contain the following fields in order to upload and process correctly. It may still be possible to process a log file with some of these fields missing, but that information will be missing in the resulting list of discovered applications and plug-ins.
Description of Basic Fields Required
Generic Field Name | Generic Field Description | Result If Field Is Missing |
---|---|---|
Time stamp |
Date and time when the event was logged |
"Unknown" appears in Dashboard, App Discovery tab. |
Source IP |
IP address from which the logged event originated |
"Unknown" appears in Dashboard, App Discovery tab. |
Source user name |
User name that originated the logged event |
"Anonymous" appears in Dashboard, App Discovery tab. |
Action |
Action taken on the logged event |
Oracle CASB Cloud Service - Discovery assumes the record is an ALLOWED action. The entry is logged in the Oracle CASB Cloud Service Audit trail to record this. |
Destination FQDN |
Fully qualified domain name of the destination of the logged event |
If both the Destination FQDN and Destination IP are missing, then INGESTION FAILS with "Domain mapping not present for given log file" error. If only the Destination FQDN is missing, the Destination IP is used to do reverse DNS lookup. If the reverse DNS lookup fails, then IP address is displayed in the Oracle CASB Cloud Service console. |
Destination IP |
IP address of the destination of the logged event |
If both the Destination FQDN and Destination IP are missing, then INGESTION FAILS with "Domain mapping not present for given log file" error. If only the Destination FQDN is missing, the Destination IP is used to do reverse DNS lookup. If the reverse DNS lookup fails, then IP address is displayed in the Oracle CASB Cloud Service console. Destination IP is NOT used if the Destination FQDN is in the record. |
Protocol |
The internet protocol associated with the logged event |
Oracle CASB Cloud Service - Discovery assumes all records are HTTP/HTTPS protocol. The entry is logged in the system audit trail to record this. Only HTTP/HTTPS records are used; others are discarded. |
Data sent |
Number of bytes of data sent from Source IP in the logged event. |
A zero value displays in Dashboard, App Discovery tab. |
Data received |
Number of bytes of data received by the Destination IP in the logged event. |
A zero value displays in Dashboard, App Discovery tab. |
Log File Processing Stages
Understand the processing that occurs in stages when a firewall log file is uploaded.
The table below shows the System Audit Trail report entries for an upload of a firewall log file.
Auto-Upload Stage | Keyword in DETAILS Column |
---|---|
File Upload Started |
PROCESSING_STARTED |
File Upload Completed, Analytics Started |
PROCESSING_COMPLETED |
Analytics Completed |
ANALYTICS_COMPLETED |