Citrix Analytics for Security

Self-service search for Access Control

Use the self-service search to get insights into the access events of the Citrix Cloud users in your organization. Examples of access events are url category, content category, browsers, and devices. Citrix Analytics for Security receives these events from the Access Control service and displays them on the self-service search. You can track the users and their access details.

For more information on the search functionalities, see Self-service search.

Select the Access Control data source

To view the access control events, select Access Control from the list. By default, the self-service page displays the events for the last one day. You can also select the time period for which you want to view the events.

Select access data

Select the facets to filter events

Use the following facets that are associated to the Access Control events.

Access facets

  • Reputation- Search events based on the URL reputations such as clean, malicious, dangerous, or unknown websites.

  • Action- Search events based on the actions taken on users’ applications such as allow, block, and redirect.

  • Location- Search events based on the users’ access locations.

  • Category Group- Search events based on the categories of URL accessed such as adult, business, industry, computing.

  • Content Category- Search events based on the categories of contents accessed such as application, image, and text.

  • Request- Search events based on the HTTP methods such as GET, POST, PUT, DELETE.

  • Response- Search events based on the HTTP response.

  • Browser- Search events based on the browsers used by the users.

  • Device- Search events based on the devices used such as Android phones, iPhones, MacBook.

  • Operating System- Search events based on the operating systems installed on the devices.

Specify search query to filter events

Place your cursor in the search box to view the list of dimensions for the Access Control events. Use the dimensions and the operators to specify your query and search for the required events.

Access dimension list

For example, you want to view the test domains where the data download volume is more than 2,000 Bytes. Specify your search query as the following:

  1. Enter “do” in the search box to get the related suggestions.

    Access search query 2

  2. Click Domain and then specify the value “test” using the equal operator.

    Access search query 3

    Access search query 4

  3. Use the AND operator and then select the Download dimension. Select the > operator and enter the download volume in bytes.

    Access search query 5

  4. Select the time period and click Search to view the events on the DATA table.

Self-service search for Access Control