I've often been looking at that view and seen the WEB_API sessions pop up and disappear within a few seconds.

I just thought it must be a schedules job running in the background and did not look into it any further.

The SK is a bit vague.

I guess that with ATP and things like Cloud (CME and CloudGuard Controller) there is a need to have them visit the postgres database or the logs from time to time.

I see CloudGuard IaaS 'blade' logs in the audit logs, and I guess it's related. (Description: Mapping of Data Center)

But it looks like the SmartConsole is sending API calls (polling) in the background as long as it is connected.

I just started looking in api.elg and I see this:

My SmartConsole is connected from 10.1.1.201 and I am not using the API but in the log below you can see a show-cloud-services call.

The SmartConsole API tool API commands show as 127.0.0.1 and not localhost, showing a difference between the scheduled call and an admin's manual API call:

When I click on INFINTY SERVICES while doing a tail -F of api.elg I see a bit more activity and commands like show-cloud-services.

The command show-notifications shows up a lot and when I close SmartConsole it runs unsubscribe-notifications.

Then it generates some errors because the session doesn't exist and the the elg goes very quiet.

No new entries are added to the api.elg file until the SmartConsole is used agian (login) and then it gets new entries.

The WEB_API session appears in the View Sessions window regularly and corresponds with the show-cloud-services call but not all of them. It seems like it runs two or three show-cloud-services calls and then the session pops up for the next one and the log shows a logout command, but the next two or three commands still run alright.

I am using R82 JHFA T33 on a VM in the lab with no CloudGuard or Infinity Services connections. Isolated from that perspective.

Internet connected.

ATP is running on the two managed gateways (Cluster and single SG), as well as APPI, URLF, CA and IDA.