Remote Browser Isolation Logs
Focus
Focus
Remote Browser Isolation

Remote Browser Isolation Logs

Table of Contents

Remote Browser Isolation Logs

You can view Remote Browser Isolation logs to help analyze and troubleshoot RBI issues.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
You can view automatically generated Remote Browser Isolation (RBI) logs in the Prisma Access log viewer. RBI captures security logs and events such as system, configuration, and network events to help you perform threat analysis, troubleshooting, and auditing the trail of RBI events.
The Strata Logging Service system collects and makes them available to the log viewer.
For RBI, a new attribute is available in the Firewall/Traffic and Firewall/Threat logs to indicate that the logs originated from RBI. A new RBI log type is also available to log session and policy events.
To learn how to use the log viewer, you can explore logs in detail.
To view RBI logs, select Incidents & AlertsLog ViewerFirewallRemote Browser Isolation.
You can perform the following actions in the log viewer:
  • Set the time range—You can use the time range filter to specify a time range for displaying log entries in the log table. For example, if no data appears in the table, you can increase the time range to show more entries. Or, if you want to show only the logs that were generated within the last 24 hours, decrease the time range to Past 24 hours.
  • Create log queries—To narrow the scope of the logs shown in the table, you can create queries based on the column headings or RBI fields in the log viewer, and save the queries as filters for use later.
    Enter a log query in the search field. Click the field to display a list of RBI fields and select an item from the list. You can also start entering the name of a field and select from the list of matching items.
    You can create a query using the information in the RBI log schema.
  • Use query operators—Select an operator, such as =, !=, < >, or LIKE and a value for the query field. You can build on the query by adding AND or OR operators. For example, to query macOS endpoints that have an event severity of WARN, you can create a query such as:
    OS Type = 'MacOS' AND Event Severity = 'WARN'
    You can use the LIKE operator to filter on values that match a pattern you enter. For example, to see what versions of Chrome browsers the Windows endpoints are running, you can create a query such as:
    OS Type = "Windows" AND Browser Type LIKE 'Chrome%'
    You can click the right arrow to begin the query.
  • Save the query—You can Save the query as a filter for future use.
  • View log details—To view the details in a log, open the LOG DETAILS window by clicking the log details icon next to a log entry in the table.
    Select Log Details to show more details in the log. Select Minimize to show fewer details.