Example 1: Investigating a User

This example demonstrates how a system administrator would investigate a particular user at a company.

In this scenario, a manager has gotten a complaint that an employee is visiting inappropriate web sites at work. To investigate this, the system administrator now needs to track the details of their web activity.

Once the web activity is tracked, a web report is generated with information about the employee’s browsing history.

Procedure

Step 1

On the Security Management appliance, choose Web > Reporting > Users.

Step 2

In the Users table, click on the User ID or Client IP address you want to investigate.

If you do not know the User ID or the Client IP address, type what you can remember of the User ID or Client IP address in text field, and click on Find User ID or Client IP address. The IP address does not need to be an exact match to return results. The Users table is populated with the User ID and Client IP addresses that you have specified. In this example, we are looking for information on Client IP address 10.251.60.24.

Step 3

Click on IP address 10.251.60.24.

The User Details page appears for 10.251.60.24.

From the User Details page you can determine the URL Categories by Total Transactions, Trend by Total Transaction, URL Categories Matched, Domains Matched, Applications Matched, Malware Threats Detected, and Policies Matched.

These categories allow you to find out if, for example, user 10.251.60.24 was trying to access blocked URLs, which could be viewed in the Transactions Blocked column under the Domains section on the page.

Step 4

Click Export under the Domains Matched table to view the entire list of Domains and URLs that the user tried to access.

From here you can use the Web Tracking feature to track and view this specific user’s web usage.

Note

It is important to remember that web reporting allows you to retrieve all the domain information that a user goes to, not necessarily the specific URL that is accessed. For information on a specific URL that the user is accessing, what time they went to that URL, whether that URL is allowed, etc., use the Proxy Services tab on the Web Tracking page.

Step 5

Choose Web > Reporting > Web Tracking.

Step 6

Click the Proxy Services tab.

Step 7

In the User/Client IP Address text field type in the user name or IP address.

In this example we are searching for web tracking information for user 10.251.60.24.

The search results appear.

From this page you can view a full list of transactions and URLs visited by the user of the computer that is assigned to the IP Address 10.251.60.24.