Citrix Analytics for Security

Self-service search for Secure Private Access

Use the self-service search to get insights into the access events of the Citrix Cloud users in your organization. Examples of access events are url category, content category, browsers, and devices. Citrix Analytics for Security receives these events from the Secure Private Access service and displays them on the self-service search. You can track the users and their access details.

For more information on the search functionalities, see Self-service search.

Note

The following capabilities on Citrix Analytics for Security are impacted due to the deprecation of Category-based web filtering by Secure Private Access:

  1. Data fields such as Category-Group, Category and Reputation of URLs are not available anymore on the Citrix Analytics for security dashboard.
  2. The Risky website access indicator which relies on the same data is also deprecated and is not triggered for customers.
  3. Any existing custom risk indicators using the data fields (Category-Group, Category and Reputation of URLs) and its associated policies are not triggered anymore.

For details on the deprecation from Secure Private Access, refer to Feature deprecations.

Select the Secure Private Access data source

To view the Secure Private Access events, select Secure Private Access from the list. By default, the self-service page displays the events for the last one day. You can also select the time period for which you want to view the events.

Select access data

Select the facets to filter events

Use the following facets that are associated to the Secure Private Access events.

Access facets

  • Action- Search events based on the actions taken on users’ applications such as allow, block, and redirect.

  • Country- Search events based on the users’ access locations.

  • Content Category- Search events based on the categories of contents accessed such as application, image, and text.

  • Request- Search events based on the HTTP methods such as GET, POST, PUT, DELETE.

  • Response- Search events based on the HTTP response.

  • Browser- Search events based on the browsers used by the users.

  • Device- Search events based on the devices used such as Android phones, iPhones, MacBook.

  • Operating System- Search events based on the operating systems installed on the devices.

Specify search query to filter events

Place your cursor in the search box to view the list of dimensions for the Secure Private Access events. Use the dimensions and the operators to specify your query and search for the required events.

Access dimension list

For example, you want to view the test domains where the data download volume is more than 2,000 Bytes. Specify your search query as the following:

  1. Enter “do” in the search box to get the related suggestions.

    Access search query 2

  2. Click Domain and then specify the value “test” using the equal operator.

    Access search query 3

    Access search query 4

  3. Use the AND operator and then select the Download dimension. Select the > operator and enter the download volume in bytes.

    Access search query 5

  4. Select the time period and click Search to view the events on the DATA table.

Self-service search for Secure Private Access