Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
1050 views

Bluecoat Reports and Dashboards

Hi,

We have integrated Bluecoat proxy with Arcsight using 'Blue Coat Proxy SG File' connector. We are now working on some elaborate dashboards, reports and rules. It would be helpful if anyone share the packages for doing the same.

Thanks in advance,

Labels (2)
Tags (1)
0 Likes
6 Replies
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Hi zarysh,

I don't have access to the packages that I worked on since I switched clients, but I can give you some ideas:

Dashboards:

  • Incoming/Outgoing traffic (don't forget that the the traffic is counted by bytes, you'll wat to turn it to MB)
  • Top accessed websites
  • Top active clients
  • Access to Push mail and other mail accounts
  • Top blocked machines

Reports:

  • Top blocked websites
  • Top viruses
  • Traffic summary by machines (Top 10 or something of the kind)

Rules:

You can combine the rules with the DShield package

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Thanks Tivin for the suggestions
0 Likes
Captain Captain
Captain

Hello Ilia Tivin,

Could you plese elaborate more on how to create top viruses report with BlueCoat?

Thanks in advance.

0 Likes
Absent Member.. Absent Member..
Absent Member..

For general trending you can do things like:

  • Top Websites
  • Top BC Categories (CS-Categories)
  • Top Target Countries
  • Etc.

AV events

  • Last X viruses found
  • Top viruses found

Malware

Bring in various open source lists of known malware sources and

trigger rules against accesses to them

Some DLP type monitoring

watch Online Storage and Proxy Avoidance categories

If you have a policy against things like "LogMeIn, GoToMyPc, etc.)

you can watch for things in the Remote Access Tools category

I created some generic reports using parameters, one for searching by user ID, one for searching by user IP, and one to identify all traffic to a specific domain. These cover the majority of the general lookup needs.

Dean

0 Likes
Absent Member.
Absent Member.

Dear zarysh,

What a great idea opening this thread. I'm also at working with bluecoat proxy and have a special usecase which could be interessting for somebody:

  • "Surf-Time" time / quantity of users webbrowsing
    • Count by Time
    • Count by Clicks
    • Count by Requests
    • Count by Traffic
    • or a different combination of the point above

Has someone any experience with this usecase and could hand some further informations?

Thanks a lot in advance for every answer

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

I think you need Blue Coat Proxy AV product (on top of Proxy SG)  to get anti-virus information. If you link them both, you can get a single message from SG telling you the detected viruses as well as categorization of the websites (proxy/porn/webmail/...).

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.