Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

New Feature for proxy

Hi all!

I'm not found this feature in current Async OS documentation for web products.

So propose new feature - extended user logging mode.
In this mode all POST requests with posted data from some user group are grabbed and inserted into database for latest analysis by security operator.

Is it possible?

6 REPLIES
New Member

Re: New Feature for proxy

Roman,

If I understand correctly, you're looking for the ability to setup a special log that only records POSTs for a specific group of people?

Example: Log posts for all users in the "Internet Users" Active Directory group.

Is this correct?

Re: New Feature for proxy

Yes, it's correct.

Need for basic DLP in organization.

New Member

Re: New Feature for proxy

The 6.0 release has the ability to use Vontu DLP. The WSA will not save the POST content in a log, but the Vontu reporting will indicate which rules were broken and why.

Re: New Feature for proxy

ICAP compability for use other DLP ?

New Member

Re: New Feature for proxy

Correct, The ICAP protocol is being used for DLP with Vontu.

Please be aware that this is not full ICAP support. The WSA only supports ICAP with the Vontu server.

Cisco Employee

Re: New Feature for proxy

Hi,

Vontu will be the only qualified external DLP solution for now.

In addition to the external DLP functionality, Aurora (AsyncOS for Web 6.0) will also offer basic DLP functionality on-box in the IronPort Data Security Policies.
The corresponding idsdataloss logs would capture only the scanned outbound requests so I assume that this feature would be exactly what you are looking for...

Best Regards,
Jakob

350
Views
0
Helpful
6
Replies
CreatePlease to create content