In cases where the attacks avoid domain resolution, the traces of adversarial contact can lie in the Web access logs of proxies. This option is also available to accommodate networks where DNS configuration is not possible. In this scenario, the proxy forwards the logs to Lumu’s VA for processing traffic. As the proxy filters URL access, all the IT assets using it would be monitored. This approach ensures compromise visibility without having to make major changes.
In this guide, we provide instructions and resources on configuring a Skyhigh Secure Web Gateway (SWG) Cloud instance to forward all Proxy logs to Lumu through Virtual Appliance.
These are the general steps you should follow to deploy and configure the Skyhigh Logging Client to send all metadata to Lumu:
All the detailed steps and guidance to create, download, and install a virtual appliance on your preferred hypervisor or Cloud solution are available in our documentation:
Go to the Lumu Virtual Appliance and refresh the VA Collectors settings by running the command lumu-appliance collectors refresh . If the appliance is running, it should be stopped for setting up collectors.
Select the option that refers to Skyhigh Secure Web Gateway (Cloud) and the format that better suits your needs, then inform the following data:
The Skyhigh Logging Client is a Windows app that collects Debug and Error log files. You can use these files to investigate or to perform analysis with Skyhigh SSE and SWG.
The Logging Client retrieves and stores the log at configured intervals. You can save the logs to a folder on your local computer or send them to a Syslog server. To install an instance of the Skyhigh Logging Client, follow the instructions depicted in Skyhigh Security | Install and Configure the Logging Client .
When configuring the Skyhigh Logging Client, have in mind the following considerations:
Finish the installation process according to the installation guide. More details of the configuration settings can be found there.