Self-service search for Access Control

Use the self-service search to get insights into the access events of the Citrix Cloud users in your organization. Examples of access events are url category, content category, browsers, and devices. Citrix Analytics for Security receives these events from the Access Control service and displays them on the self-service search. You can track the users and their access details.

For more information on the search functionalities, see Self-service search.

Select the Access Control data source

To view the events, in the search box, select Access Control from the list. Select the time period for which you want to view the events and then click Search.

Select access data

By default, the self-service page displays the events for the last one month. The page also provides you with several facets and a search box to filter and focus on the required events.

Access overview page

Select the facets to filter events

Use the following facets that are associated to the Access Control events.

Access facets

  • Reputation- Search events based on the URL reputations such as clean, malicious, dangerous, or unknown websites.

  • Action- Search events based on the actions taken on users’ applications such as allow, block, and redirect.

  • Location- Search events based on the users’ access locations.

  • Category Group- Search events based on the categories of URL accessed such as adult, business, industry, computing.

  • Content Category- Search events based on the categories of contents accessed such as application, image, and text.

  • Request- Search events based on the HTTP methods such as GET, POST, PUT, DELETE.

  • Response- Search events based on the HTTP response.

  • Browser- Search events based on the browsers used by the users.

  • Device- Search events based on the devices used such as Android phones, iPhones, MacBook.

  • Operating System- Search events based on the operating systems installed on the devices.

For example, you want to view the users whose access are blocked in the last one month. Select BLOCK in the Action facet. Select the time period and click Search. The search page displays the corresponding events.

Access facet selects

Specify search query to filter events

Place your cursor in the search box to view the list of dimensions for the Access Control events. Use the dimensions to specify your query and search for the required events.

Access dimension list

You can also use the operators in your search query to expand your search criteria and get the required result.

For example, you want to view the test domains where the data download volume is more than 2,000 Bytes. Specify your search query as the following:

  1. Enter “do” in the search box to get the related suggestions.

    Access search query 2

  2. Click Domain and then specify the value “test” using the equal operator.

    Access search query 3

    Access search query 4

  3. Use the AND operator and then select the Download dimension. Select the > operator and enter the download volume in bytes.

    Access search query 5

  4. Select the time period and click Search to view the events on the DATA table.

Self-service search for Access Control