Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
Omprakash Absent Member.
Absent Member.
3331 views

Is application logs can be audited through Web inspect 10.30 ?

I want to track and block the customer related details printed in application log. Is this possible through Web Inspect v10.30

0 Likes
3 Replies
Micro Focus Expert
Micro Focus Expert

Re: Is application logs can be audited through Web inspect 10.30 ?

No, WebInspect is used to scan and interrogate the web front-end (HTTP) of the site.  From that perspective, it cannot (normally) access any log files on that remote server's hard drive.

This might be something you would do with a SIEM, such as HP ArcSight's ESM or Logger solution.  Those offer Connectors which can lift files from a system or appliance and review for risks or unwanted activity.

Another solution you might review if HP Fortify's Runtime product.  This wraps the web server's framework and captures all user activity within and through the application, whether is is Java-base don run son IIS .NET.  This user activity can be logged, blocked, or both, and it can share the monitored activity with ArcSight ESM.  Besides the core Runtime product, HP AppView is a version of Fortify Runtime which is specifically tailored to be used with ArcSight ESM and it has a slightly different focus in the events that it monitors.  The same Runtime on-site capability can be leveraged and managed from a Cloud perspective with HP AppDefender.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
jnatt Absent Member.
Absent Member.

Re: Is application logs can be audited through Web inspect 10.30 ?

I have to agree with in general, but do desire to know if you have a specific example you could point too.  This would assist in getting a better answer that you might be seeking.

Are you actually referring to a specific report or the application log on the server that is conducting the scan?

Or are you actually referencing the Log View (Tools --> Log Viewer) of the application and the various components it offers?

So any more details will help if it is specific to the HP WebInpsect product.

Thanks,

 

Joel E. Natt CISSP, CRISC
Hewlett-Packard Enterprise Software Education

Exam Development Lead – Hewlett-Packard Enterprise Software

Trainer – HP Software Education – Fortify, TippingPoint

Get Training: http://www.hpenterprisesecurity.com/university

Get Certified: http://h10120.www1.hp.com/ExpertOne/certification_program_overview.html

 

Joel E. Natt, CISSP CRISC
Global Exam/Certification Development Manager – Hewlett Packard Enterprise Software Education
0 Likes
Omprakash Absent Member.
Absent Member.

Re: Is application logs can be audited through Web inspect 10.30 ?

Hi,

I am referring to application log on the server( back end)  where logs are printing.

Thanks

Omprakash B

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.