Searching for Transactions Processed by Web Proxy Services

Use the Proxy Services tab on the Web > Reporting > Web Tracking page to search web tracking data aggregated from individual security components and acceptable use enforcement components. This data does not include L4 Traffic Monitoring data or transactions processed by the SOCKS Proxy.

You might want to use it to assist the following roles:

  • HR or Legal manager. Run an investigative report for an employee during a specific time period.

For example, you can use the Proxy Services tab to retrieve information about a specific URL that a user is accessing, what time the user visited that URL, whether that URL is allowed, etc.

  • Network security administrator. Examine whether the company network is being exposed to malware threats through employees’ smartphones.

You can view search results for the transactions recorded (including blocked, monitored, warned, and completed) during a particular time period. You can also filter the data results using several criteria, such as URL category, malware threat, and application.

Note
The Web Proxy only reports on transactions that include an ACL decision tag other than “OTHER-NONE.

For an example of Web Tracking usage, see the Example 1: Investigating a User.

For an example of how the Proxy Services tab can be used with other web reporting pages, see the Using The URL Categories Page in Conjunction with Other Reporting Pages.

Procedure

Step 1

On the Security Management appliance, choose Web > Reporting > Web Tracking.

Step 2

Click the Proxy Services tab.

Step 3

To see all search and filtering options, click Advanced.

Step 4

Enter search criteria:

Web Tracking Search Criteria on the Proxy Services Tab

Option

Description

Default Search Criteria

Time Range

Choose the time range on which to report. For information on time ranges available on the Security Management appliance, see the Choosing a Time Range for Reports.

User/Client IPv4 or IPv6

Optionally, enter an authentication username as it appears in reports or a client IP address that you want to track. You can also enter an IP range in CIDR format, such as 172.16.0.0/16.

When you leave this field empty, the search returns results for all users.

Website

Optionally, enter a website that you want to track. When you leave this field empty, the search returns results for all websites.

Transaction Type

Choose the type of transactions that you want to track, either All Transactions, Completed, Blocked, Monitored, or Warned.

Advanced Search Criteria

URL Category

To filter by a URL category, select Filter by URL Category and type the first letter of a custom or predefined URL category by which to filter. Choose the category from the list that appears . .

If the set of URL categories has been updated, some categories may be labeled “Deprecated.” Deprecated categories are no longer being used for new transactions. However, you can still search for recent transactions that occurred while the category was active. For more information about URL category set updates, see URL Category Set Updates and Reports.

All recent transactions that match the category name are included, regardless of the engine name noted in the drop-down list.

Application

To filter by an application, select Filter by Application and choose an application by which to filter.

To filter by an application type, select Filter by Application Type and choose an application type by which to filter.

Policy

To filter by a policy group, select Filter by Policy and enter a policy group name by which to filter.

Make sure that you have declared the policy on the Web Security appliance.

Malware Threat

To filter by a particular malware threat, select Filter by Malware Threat and enter a malware threat name by which to filter.

To filter by a malware category, select Filter by Malware Category and choose a malware category by which to filter. For descriptions, see Malware Category Descriptions.

WBRS

In the WBRS section, you can filter by Web-Based Reputation Score and by a particular web reputation threat.

  • To filter by web reputation score, select Score Rangeand select the upper and lower values by which to filter. Or, you can filter for websites that have no score by selecting No Score.
  • To filter by web reputation threat, select Filter by Reputation Threat and enter a web reputation threat by which to filter.

For more information on WBRS scores, see the IronPort AsyncOS for Web User Guide.

AnyConnect Secure Mobility

To filter by remote or local access, select Filter by User Location and choose an access type. To include all access types, select Disable Filter.

(In previous releases, this option was labeled Mobile User Security.)

Web Appliance

To filter by a specific Web appliance, click on the radio button next to Filter by Web Applianceand enter the Web appliance name in the text field.

If you select Disable Filter, the search includes all Web Security appliances associated with the Security Management appliance.

User Request

To filter by transactions that were actually initiated by the user, select Filter by Web User-Requested Transactions.

Note: When you enable this filter, the search results include “best guess” transactions.

Step 5

Click Search.

What to do next

Related Topics