Learn about SIA

Learn about the main features and components of ‚ÄčSIA‚Äč.

Locations

A location is a public IP address or a named collection of public IP addresses that belong to a region or geographic area in your network, such as a CIDR block for an office branch or your company headquarters. For more on locations, see About locations.

Policies

A policy is a group of settings that define how ‚ÄčSIA‚Äč handles known or suspected threat events and access control events. It‚Äôs also where you enable or configure other important features of ‚ÄčSIA‚Äč. For more on policies, see About policies.

Lists

‚ÄčSIA‚Äč allows you to create two broad categories of lists: block lists and exception lists. For more on lists, see About lists.

Identity providers

An identity provider (IdP) is a service that creates, manages, and saves user identity information. With an IdP, you can enable authentication, and configure the users and groups who can access websites, web applications, specific file types, and sensitive data. For more on IdP, see About identity providers.

‚ÄčSIA‚Äč Client

‚ÄčSIA‚Äč Client is a client agent that directs DNS and web traffic to ‚ÄčSIA‚Äč for analysis. For more on ‚ÄčSIA‚Äč client, see About ‚ÄčSIA‚Äč Client.

Enterprise Security Connector

Enterprise Security Connector is a virtual machine (VM) you deploy in your network to act as one of the following:

  • an internal DNS resolver that forwards traffic to ‚ÄčSIA‚Äč.
  • a DNS sinkhole that receives malicious or suspicious traffic.
  • an HTTP forwarder that forwards web traffic to ‚ÄčSIA‚Äč Proxy.

For more on Security Connector, see About Security Connector.

‚ÄčSIA‚Äč Secure Web Gateway

The Secure Web Gateway (SWG) is the full web proxy configuration of ‚ÄčSIA‚Äč Proxy. SWG performs URL filtering, anti-malware scanning, and applies acceptable use policies to each user. For more on SWG, see Full web proxy.

Access Control

You can define the websites, web applications, file types, and sensitive data that your users are allowed to access. For more on access control, see Configure access control.

Dashboard

Use the Dashboard to apply interactive widgets that allow you to view and track network traffic, events, and other activity across your organization. For details, see Dashboard.

Reports

View data on events and network activity. You can also schedule a daily or weekly report to show alerts, events, or other data. For more information, see Events, Activity, and Scheduled reports.

Roles

Roles include permissions that let you act on objects in ‚ÄčControl Center‚Äč. These roles are available for ‚ÄčSIA‚Äč. Contact your ‚ÄčControl Center‚Äč administrator to assign one of these roles:

RolePermissionDescription
‚ÄčSIA‚Äč AdministratoretpAdminCan perform all operations, view all reports, and see all reporting data in ‚ÄčSIA‚Äč.
Delegated AdministratoretpDelegatedAdminA delegated administrator can:

  • Create locations, sub-locations, policies, and custom lists.
  • Manage assigned locations, sub-locations, policies, and custom lists.
  • View locations, sub-locations, policies, and custom lists created by other administrators.
  • Deploy assigned locations, sub-locations, policies, and custom lists, as well as locations, sub-locations, policies, and custom lists they created.
For more information, see Delegated access.

If the delegated access feature is enabled, an ‚ÄčSIA‚Äč administrator can assign the delegated administrator role to a user.

A delegated administrator cannot change the IP addresses or CIDR blocks that are configured to an assigned sub-location.

For more information, see Assign a delegated administrator role.
Strict Delegated AdministratoretpStrictDelegatedAdminA strict delegated administrator can:

  • Create locations, sub-locations, policies, and custom lists.
  • Manage assigned locations, sub-locations, policies, and custom lists.

    A strict delegated administrator cannot change the IP addresses or CIDR blocks that are configured to an assigned sub-location.

  • Deploy assigned locations, sub-locations, policies, and custom lists, as well as locations, sub-locations, policies, and custom lists they created.
For more information, see Tenant access.

If the tenant access feature is enabled, an ‚ÄčSIA‚Äč administrator can assign this role to a user. For more information, see Assign a strict delegated administrator role.
Tenant Administrator (for Multi-tenancy feature)etpTenantAdminCan perform all operations, view all reports, and data associated with their tenant.

A user must have this role to manage a tenant. When you assign a user to a tenant, they are automatically assigned this role. For more information, see Multi-tenancy.
Tenant Viewer (for Multi-tenancy feature)etpTenantViewerCan view specific reports and filter data in those reports. A tenant viewer can also view settings for most configuration items in the tenant. To learn what’s available to a tenant viewer, see Tenant viewer.
Report VieweretpReportViewerCan view reports and reporting data in ‚ÄčSIA‚Äč. A report viewer cannot view configuration settings.

By default, a report viewer cannot see the DNS Activity, Summary of Proxy Activity, Proxy Activity, and Identity Provider Activity reports. The etpRestrictedPageViewRole permission is required to view these reports.
VieweretpViewerHas read-only privileges. A viewer can view report data and configuration settings.

By default, a viewer cannot see the DNS Activity, Summary of Proxy Activity, Proxy Activity, and Identity Provider Activity reports. The etpRestrictedPageViewRole permission is required to view these reports.
N/AetpRestrictedPageViewRoleGrants access to the DNS Activity, Proxy Activity, Summary of Proxy Activity, and Identity Provider Activity reports. This is a permission that your Control Center administrator can assign to any ‚ÄčSIA‚Äč role. Unlike other permissions in ‚ÄčSIA‚Äč, this permission cannot be the only one assigned to an ‚ÄčSIA‚Äč user. For example, your Control Center administrator cannot create a role that only has this permission assigned. If you want a Report Viewer to also see these reports, make sure your administrator assigns this additional permission to the user.