What's new ?

Understanding Product Usage

Master Services Agreement

Service IP addresses and ports

End of Life

Administrators

Active Directory

AD Connect software

Roles

Keyword Lists

Devices & Groups

Collecting debug information - USS Agent for Mac OS X

Configuration options for the Gateway agent type

Configuration options for the Windows agent type

Bypassing Office 365

Disable QUIC in Chrome Browser

Prevent Law features for UK organisations

Unclassified / Uncategorised Site Processing

CensorNet Web Filtering Policy and Approach for Education

List of domains to bypass apps for SSL Interception

Bypass GoToMeeting & LogMeIn

Bypassing the Apple Store

Using Web Security with Sophos

Deployment Overview

Installing SSL Certificates On IOS 10.3/IOS 11 Devices

Importing an SSL Certificate into the Cloud Gateway

ESET issues identified

Active Directory Login Service

SSL/TLS Strict Mode blocked ciphers

Installing an SSL Certificate on iOS 13

Overview

Rules Engine Concepts

Filter Rules

Feature Control Rules

Custom URLs

Bypass Categories

Deployment

Agent Configuration Profiles

Unblock Requests

Web Security: Product Configuration

Global Web Filtering Coverage

Web Categories List

Fair Usage Policy for Web & CASB (Inline)

Getting Started

Requirements

Changelog

Download the USS Agent for Windows

Deploying via Wizard

Deploying via Startup/Shutdown script

Deploying the Windows agent via a custom MSI

Deployment via GPO

Deploying via Microsoft Intune

Command-line parameters

Collecting debug information - USS Agent for Windows

Processes used by USS Agent for Windows

How to disable Device Guard or Credential Guard

Upgrading the USS agent from the v3.x release to the v4.x release

Installing the USS Agent SSL certificate in Firefox

Tray icon status codes

Getting Started

Requirements

Changelog

Download

Install - Deploying via Wizard

Command-line parameters

Overview

Authentication & Identification

Deployment

Network

Settings

System

Advanced configuration

Configuring USS Gateway to work with LoadBalancer.org software load balancer

Getting Started

Requirements

Download

Changelog

Installation

First time Configuration

Upgrading USS Gateway

Accessing the Command Line

Take Packet Capture From Command Line

Reset Linux Password To Log Into Gateway Command Line

Captive Portal on Samsung Devices

SSL Certificate installation for iOS 10.3

'The Requested Content Was Blocked' Error Message

URL Bypass List for iOS Apps

Resizing a Partition in ESX Server Virtual Machine

Export SSL Certificate From One Gateway To Import To Another

Interception of apps on iOS 10.x+ and Android 7+

Deploying Web Browser proxy settings

Migrating the SSL intercept certificate to a new gateway

Using an intermediate CA signed by Windows DC root CA

Installing on Hyper-V

Upgrading USS Gateway software packages

Overview

App Catalog

API Integrations

DLP Scanning

Malware Scanning

Digest generation and Quarantines

Executive Tracking

Blocking emails from hacked Gmail accounts

Stop specific users from receiving Word documents

Detect credit card numbers in an email

Disable spam filtering for specific mailboxes

Nearby Domain Rule

IP Geolocation connection Rule

Reject oversized emails

Configure Office 365 for EMS

Safelisting Email Security IP addresses in Office 365

Configure GMail using G Suite for EMS

MX records and IP addresses for EU customers

Reporting spam or false positives

Configure outbound email for Exchange 2007/2010

Configuring TLS encryption

MX records and IP addresses for non-EU customers

LinkScan: on-demand URL protection

Bulk email terms and conditions

Queue retention and retry times

Personal Safe Lists and Personal Deny Lists

Configure outbound DMARC

Configure outbound DKIM

Configure outbound email for Exchange 2016

CEA - Data storage explained

Reject message due to message “550 5.1.8 sender denied”

Insufficient system resources message on inbound email delivery

Email Sandbox - Level 1 supported file types

Outbound Delivery error: 550 Unable to relay

[Marketing Medium] or [High Medium] prefixed to the subject of mails

DMARC Failure Reporting

Image Analysis for Email supported image types

Powershell Script to list Office 365 Shared Mailboxes

Example Spam Digest or Quarantine Report

Upgrading to LinkScan version 2

Email Sandbox Level 2 - Supported File Types

Overview

Email Security: Quick start

Message Rules

Connection Rules

Default Rules

Custom rule Data

Global Quarantine

Personal Quarantine

Global Deny List

Global Safe List

Mailboxes

Product Configuration

Group Management

Overview

Quick Start

Rules Engine Concepts

Authentication Client (server)

Authentication App (enduser)

Product Configuration

Third Party Guides

Activity Reports

Charts

Schedules

Log Streaming Overview

Updated 2 months ago by admin

The Log Streaming product is an add-on to the Unified Security Service platform that allows you to extract enriched log data for each of the core security products that are licensed. The typical use case is to stream log data to an external log analysis/SIEM tool.

Plugins for Third Party tools

There are many third party tools available that can be integrated with the Log Streaming product to provide enhanced analytics. If the tool does not directly support one of the Configuration Options out-of-the-box, it is usually possible for a developer to use the Configuration Options below to create a custom plugin or add-on. Recommended plugins will be listed here when they are available. If you require a specific plugin, please contact your Service Provider to discuss further.

Splunk Enterprise - coming soon (please contact your Service Provider for early access)
Rapid7 InsightIDR - no plugin required, use a Collector configured with the Amazon SQS option (see below)
AlienVault USM Anywhere - contact AlienVault to request an AlienApp to be developed

Configuration Options

The Log Streaming product provides two output options:

Webhook - provides a standard HTTP endpoint to call from a script/plugin to download the latest log data for a given core product. This is a generic interface for accessing the log data.
Amazon SQS - the log data will be published to the Amazon SQS queue specified in the configuration. This method is supported by a variety of third party SIEM tools.

To configure Log Streaming for a product, navigate to Products and then click Log Streaming. If you require a license, please contact your Service Provider.

The products that are licensed and support Log Streaming will be listed on the left. Click a product to access the configuration options.

Webhook

Enabling the Webhook option will generate a unique secret key which can then be used to call the HTTP endpoint to retrieve the log data. Some plugin's will simply require you to provide the secret key as part of their configuration.

Currently a webhook can only be used by one external service. Using the same webhook with multiple external services will overwrite the cursor position and lead to inaccurate log streaming.

The HTTP endpoint is available here:

https://stream.clouduss.com/{product}/{key}

product = web, email, app (inline mode CASB), casb(API mode CASB), mfa
key = the Key displayed in the configuration screen. Ensure you keep the key safe and secure.

The first time you call the endpoint it will return the previous 10 minutes worth of data (approximately) and it will store the UTC timestamp of the call as a cursor. Subsequent calls will retrieve the data since the last cursor in 5 minute intervals. It is recommended that you call the endpoint every 5 minutes.

Amazon SQS

Enabling the Amazon SQS option will instruct the Log Streaming product to send log data to the designated SQS queue every 5 minutes.

To use this option you will need to sign up to Amazon Web Services and create an SQS queue. This may incur additional costs.

Log Streaming Overview

Plugins for Third Party tools

Configuration Options

Webhook

Amazon SQS

How did we do?

Feedback