Monitor and Report Change Logs, Workflows, and Jobs

Security Cloud Control effectively monitors configuration change logs, bulk device operations, and the process that runs when communicating with devices. This helps you understand how your network's existing policies influence its security posture.

Manage Change Logs in Security Cloud Control

A Change Log captures the configuration changes made in Security Cloud Control, providing a single view that includes changes in all the supported devices and services. These are some of the features of the change log:

  • Provides a side-by-side comparison of changes made to device configuration.

  • Provides labels for all change log entries.

  • Records onboarding and removal of devices.

  • Detects policy change conflicts occurring outside Security Cloud Control.

  • Provides answers about who, what, and when during an incident investigation or troubleshooting.

  • Enables downloading of the complete change log, or only a portion of it, as a CSV file.


Note

Changes made in Cloud-Delivered Firewall Management Center are not reflected in the change log.

Manage Change Log Capacity

Security Cloud Control retains the change log information for one year and deletes data older than a year.

There is a difference between the change log information stored in Security Cloud Control's database and what you see in an exported change log. See Export the Change Log for more information.

Change Log Entries

A change log entry reflects the changes to a single device configuration, an action performed on a device, or the change made to a device outside Security Cloud Control:

  • For change log entries that contain configuration changes, you can view details about the change by clicking anywhere in the corresponding row.

  • For out-of-band changes made outside Security Cloud Control and are detected as conflicts, the System User is reported as the Last User.

  • Security Cloud Control closes a change log entry after a device's configuration on Security Cloud Control is synced with the configuration on the device, or when a device is removed from Security Cloud Control. Configurations are considered to be in sync after they read the configuration from the device to Security Cloud Control or after deploying the configuration from Security Cloud Control to the device.

  • Security Cloud Control creates a new change log entry immediately after completing an existing entry, irrespective of whether the change was a success or failure. Additional configuration changes are added to the new change log entry that opens.

  • Events are displayed for read, deploy, and delete actions for a device. These actions close a device's change log.

  • A change log is closed after Security Cloud Control is in sync with the configuration on the device (either by reading or deploying), or when Security Cloud Control no longer manages the device.

  • If a change is made to the device outside of Security Cloud Control, a Conflict detected entry is included in the change log.

Pending and Completed Change Log Entries

Change logs have a status of either Pending or Completed. As you make changes to a device's configuration using Security Cloud Control, these changes are recorded in a Pending change log entry. The following activities complete a Pending change log, and after this a new change log is created for recording future changes.

  • Reading a configuration from a device to Security Cloud Control

  • Deploying changes from Security Cloud Control to a device

  • Deleting a device from Security Cloud Control

  • Running a CLI command that updates the running configuration file

Search and Filter Change Log Entries

You can search and filter change log entries. Use the search field to find events. Use the filter () to find the entries that meet the criteria you specify. You can also combine the two tasks by filtering the change log and adding a keyword to the search field to find an entry within the filtered results.

Change Request Management

Change Request Management enables the linking of a Change Request and its business justification to a Change Log event. The Change Request is opened in a third-party ticketing system.

Use Change Request Management to create a Change Request in Security Cloud Control and associate it with change log events. You can search for this change request by Name within the change log.


Note

In Security Cloud Control, Change Request Tracking and Change Request Management refer to the same functionality.

Enable Change Request Management

Enabling change request tracking affects all users of your organization.

Procedure

Step 1

In the left pane, click Administration > General Settings.

Step 2

Enable the Change Request Tracking toggle button.

When enabled, the Change Request menu appears at the bottom-left corner and the Change Request drop-down list is available in the Change Log page.

Create a Change Request

Procedure

Step 1

In Security Cloud Control, click the Create Change Request (+) icon in the Change Request menu at the bottom-left corner.

Step 2

Enter a Name and Description.

Ensure that the Name corresponds to a Change Request name that your organization intends to use, and that the Description describes the purpose of the change.

Note

 

You cannot modify the name of a Change Request after you create it.

Step 3

Click Save.

Note

 

When a Change Request is saved, Security Cloud Control associates all the new changes with the corresponding Change Request name. This association continues until you either disable change requests or clear the change request details from the menu.

Associate a Change Request with a Change Log Event

Procedure

Step 1

In the left pane, click Monitor > Events & Logs > Logs > Change Log.

Step 2

Expand the change log to view the events you want to associate with a Change Request.

Step 3

Click the drop-down list adjacent to the corresponding change log entry.

Note

 

The latest change requests are displayed at the top of the change request list.

Step 4

Select a change request and click Select.

Search for Change Log Events with Change Requests

Procedure

Step 1

In the left pane, click Monitor > Events & Logs > Logs > Change Log.

Step 2

In the change log search field, enter the name of a change request to find the associated change log events.

Security Cloud Control highlights the change log events that are exact matches.

Search for a Change Request

Procedure

Step 1

In Security Cloud Control, click the Create Change Request (+) icon in the Change Request menu at the bottom-left corner.

Step 2

Enter the name of the Change Request or a relevant keyword in the search field. As you enter a value, the results that partially match your input, appear in both the Name and Description fields.

Filter Change Requests

Procedure

Step 1

In the left pane, click Monitor > Events & Logs > Logs > Change Log.

Step 2

Click the filter icon to view all the options.

Step 3

In the search field, enter the name of a Change Request.

As you enter a value, the results that partially match your entry appear.

Step 4

Select a change request by checking the corresponding check box.

The matches appear in the Change Log table. Security Cloud Control highlights the change log events that are exact matches.

Clear the Change Request Toolbar

To avoid automatic association of change log events with an existing change request, clear the information in the change request toolbar.

Procedure

Step 1

Click the Create Change Request (+) icon in the Change Request menu at the bottom-left corner.

Step 2

Click Clear.

The Change Request menu now displays None.

Clear a Change Request Associated with a Change Log Event

Procedure

Step 1

In the left pane, click Monitor > Events & Logs > Logs > Change Log.

Step 2

Expand the Change Log to view the events that you want to disassociate from Change Requests.

Step 3

Click the drop-down list adjacent to the corresponding change log entry.

Step 4

Click Clear.

Delete a Change Request

Deleting a Change Request removes it from the change request list, but not from the Change Log.

Procedure

Step 1

Click the Create Change Request (+) icon in the Change Request menu at the bottom-left corner.

Step 2

Select the change request and click the bin icon to delete it.

Step 3

Click the check mark to confirm.

Disable Change Request Management

Disabling Change Request Management or Change Request Tracking affects all users of your account.

Procedure

Step 1

In the left pane, click Administration > General Settings.

Step 2

Disable the Change Request Tracking toggle button.

Change Request Management Use Cases

These use cases assume that you have enabled Change Request Management.

Track Changes Made to the Firewall Device to Resolve a Ticket Maintained in an External System

This use case describes a scenario where you want to make changes to a firewall device to resolve a ticket maintained in an external system and want to associate the change log events resulting from these firewall changes to a change request. Follow this procedure to create a change request and associate change log events to it:

  1. Create a Change Request.

  2. Use the ticket name or number from the external system as the name of the change request and add the justification for the change and other relevant information in the Description field.

  3. Ensure that the new change request is visible in the change request toolbar.

  4. Make the changes to the firewall device.

  5. In the navigation pane, click Change Log and find the change log events that are associated with your new change request.

  6. Clear the Change Request Toolbar to avoid automatic association of change log events with an existing change request.

Manually Update Individual Change Log Events After Changes are Made to the Firewall Device

This use case describes a scenario where you have made changes to a firewall device to resolve a ticket that is maintained in an external system, but forgot to use the Change Request Management feature to associate change requests with the change log events. You want to update the change log events with the ticket number. Follow this procedure to associate change requests with change log events:

  1. Create a Change Request. Use the ticket name or number from the external system as the name of the change request. Use the Description field to add the justification for the change and other relevant information.

  2. In the navigation pane, click Change Log and search for the change log events that are associated with the changes.

  3. Associate a Change Request with a Change Log Event.

  4. Clear the Change Request Toolbar to avoid automatic association of change log events with an existing change request.

Search for Change Log Events Associated with a Change Request

This use case describes a scenario where, you want to find out what change log events were recorded in the change log because of the work done to resolve a ticket maintained in an external system. Follow this procedure to search for change log events that are associated with a change request:

  1. In the navigation pane, click Change Log.

  2. Search for change log events that are associated with change requests using one of the following methods below:

    • In the Change Log search field, enter the exact name of the change request to find change log events associated with that change request. Security Cloud Control highlights change log events that are exact matches.

    • Filter Change Requests to find the change log events.

  3. View each change log to find the highlighted change log events showing the associated change request.

Export the Change Log

You can export all or a subset of the Security Cloud Control change log to a comma-separated value (.csv) file so that you can filter and sort the information, as required.

To export the change log to a .csv file, follow this procedure:

Procedure

Step 1

In the left pane, click Monitor > Events & Logs > Logs > Change Log.

Step 2

Find the changes you want to export by doing one of the following tasks:

  • Use the filter () and the search field to find what you want to export. For example, filter by device to see only the changes for your selected device or devices.

  • Clear all the filters and search criteria in the change log. This allows you to export the entire change log.

Note

 

Security Cloud Control retains 1 year of change log data. It is recommended to filter the change log contents and download the results to a .csv file rather than downloading the entire change log history for a year.

Step 3

Click the export icon at the top right corner of the page.

Step 4

Save the .csv file to your local file system, with a descriptive name.

Differences Between Change Log Capacity in Security Cloud Control and Size of an Exported Change Log

The information that you export from Security Cloud Control's Change Log page is different from the change log information that Security Cloud Control stores in its database.

For every change log, Security Cloud Control stores two copies of the device's configuration–the starting configuration and either the ending configuration in the case of a closed change log or the current configuration in the case of an open change log. This allows Security Cloud Control to display configuration differences side by side. In addition, Security Cloud Control tracks and stores every step (change event) with the username that made the change, the time the change was made, and other details.

However, when you export the change log, the export does not include the two complete copies of the configuration. It only includes the change events, which makes the export file much smaller than the change log that Security Cloud Control stores.

Security Cloud Control stores change log information for a year. This includes two copies of the configuration.