Self-service search for access data
Use self-service search to get insight into access details of the Citrix Cloud users in your enterprise. Access data is collected for the users who have access to the Citrix Access Control service.
To use self-service search, from the Security tab, click Event Search.
You see the following self-service search page.
Access data and its timeline details are shown on the page. You can search and filter the data using the facets and search queries.
Use the following features on the self-service search page:
Facets to filter your data
Search box to enter your query and filter data
Time selector to select the time period
Timeline details to view the event graphs
Event data to view the events
Use facets to filter your data
Facets are the summary of data points based on the data set. Use the facets to search and filter the users’ events. For example, you want to view the users who have accessed to dangerous URLs. Click Dangerous Access in the Reputation facet to get the users’ events corresponding to dangerous URLs.
Use the following facets that are associated to Access data set.
Reputation- Search events based on URL reputations such as clean, malicious, dangerous, or unknown websites.
Responder Action Type- Search events based on actions taken on users’ applications such as allow, block, and redirect.
Location- Search events based on users’ access locations.
URL Category Group- Search events based on categories of URL accessed such as adult, business, industry, computing.
Content Category- Search events based on categories of contents accessed such as application, image, and text.
Request- Search events based on HTTP methods such as GET, POST, PUT, DELETE.
Response- Search events based on HTTP response.
Use search to enter your query and filter your data
Use the search box to specify your search criteria and drill down to your data. The search box gives you a list of search suggestions. You can also use operators in your search queries.
The table describes the valid operators that you can use in your search query.
|Operator||Use||Search syntax example||Output|
|:||Assigns a value to the search query||User-Name : John||Displays events for the user John|
|=||Assigns a value to the search query||User-Name = John||Displays events for the user John|
|~||Searches similar terms||User-Name ~ test||Displays events having similar user names|
|<, >||Searches for relational value||Data Volume > 100||Displays events where data volume is greater than 100 GB|
|AND||Searches events where both conditions are true||User-Name : John AND Data Volume > 100||Displays events of user John where data volume is greater than 100 GB|
For example, you want to view the test domains where data download is more than 2,000 GB. To view the events, you can specify your search query as follows:
Place your cursor in the search box to get the list of search suggestions.
Or specify the required word in the search box to get the related suggestions.
Click Domain, the equal sign, and then specify the value. The value specified is test.
Use the AND and > operators in your search query and click Search to get the result.
Select time to view event
Select a preset time or specify a custom time range to view the events and time line details. Click Search to view the events for the selected time period. By default, the selected time period is the last one hour.
View the timeline details
The timeline details give a graphical representation of the access events for the selected time period. Move either of the selector bars to select the time period and view the events corresponding to the selected time period.
For example, you want to view the events that have occurred from 09:25 IST to 09:55 IST. Use the selector bars to select the time period. After you have selected the time period, the events corresponding to the selected time period is displayed.
View the event
You can view the detailed information about the user’s event. Click a user to get insight into the user’s data.
Add columns in the event list
You can also add columns and select the data points that you want to view in the event list. Do the following:
Click + to add columns for the data points that you want to view on the event list.
In the Add Column window, select the data that you want to view and click then Add Columns.