New Feature for proxy

Unanswered Question
Jan 30th, 2009
User Badges:

Hi all!

I'm not found this feature in current Async OS documentation for web products.

So propose new feature - extended user logging mode.
In this mode all POST requests with posted data from some user group are grabbed and inserted into database for latest analysis by security operator.

Is it possible?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jowolfer Mon, 02/02/2009 - 15:36
User Badges:

Roman,

If I understand correctly, you're looking for the ability to setup a special log that only records POSTs for a specific group of people?

Example: Log posts for all users in the "Internet Users" Active Directory group.

Is this correct?

jowolfer Thu, 04/09/2009 - 15:35
User Badges:

The 6.0 release has the ability to use Vontu DLP. The WSA will not save the POST content in a log, but the Vontu reporting will indicate which rules were broken and why.

jowolfer Fri, 04/10/2009 - 16:46
User Badges:

Correct, The ICAP protocol is being used for DLP with Vontu.

Please be aware that this is not full ICAP support. The WSA only supports ICAP with the Vontu server.

jdohrman Fri, 04/10/2009 - 16:47
User Badges:
  • Cisco Employee,

Hi,

Vontu will be the only qualified external DLP solution for now.

In addition to the external DLP functionality, Aurora (AsyncOS for Web 6.0) will also offer basic DLP functionality on-box in the IronPort Data Security Policies.
The corresponding idsdataloss logs would capture only the scanned outbound requests so I assume that this feature would be exactly what you are looking for...

Best Regards,
Jakob

Actions

This Discussion