Security Events

The Security Events provides an integrated view of security events directly within the SASE platform. It allows easy monitoring, searching, and filtering of SASE related security events.

To view the Security Events page, access SASE and go to Monitor & Logs > Security Events.

Notes:

Security Events limit the number of events to 300 per search.
You can also search for additional parameters that do not appear as quick filters.

For example:
- The URL resource using resource:"https://go.microsoft.com/fwlink/"
- The Destination Port by using dst_port: 443
- The Source Port by using src_port:55321
- The Device name using device_name: "DESKTOP-123"

Supported Events

The Security Events supports these event types:

URL Filtering and Application Control
Threat Emulation
Malware Protection
Anti-Bot
Firewall Events

Statistics

The Statistics panel provides a visual summary including these:

Event distribution by Blade Type
Breakdown by Actions:
- Accept
- Block
- Detect
- Skip
Source IP distribution

Events

Column	Description
Time	Timestamp when the event occurred.
Blade/Practice Type	Specific security module responsible for the event, for example, URL Filtering and Malware Protection.
Action	Security action taken: Accept - Accepts the event Block - Blocks the event Detect - Detects the event Skip - Bypasses the event
Severity	Severity level of the event.
Source/Destination IP	Network endpoints involved.
Resource	URL or resource accessed.
User	User name.

Card

You can click on a specific event entry to open a detailed event card, which provides:

Complete event description.
Session details, such as ports, URLs, downloaded data and so on.

The card offers an in-depth view for thorough analysis.