This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
zarysh
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
‎2010-07-22 17:27
1014 views

Bluecoat Reports and Dashboards

Hi,

We have integrated Bluecoat proxy with Arcsight using 'Blue Coat Proxy SG File' connector. We are now working on some elaborate dashboards, reports and rules. It would be helpful if anyone share the packages for doing the same.

Thanks in advance,

Labels (2)
Labels
Tags (1)
0 Likes
Report Inappropriate Content
6 Replies
ilia.tivin@hpe.
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
‎2010-07-22 19:39

Hi zarysh,

I don't have access to the packages that I worked on since I switched clients, but I can give you some ideas:

Dashboards:

  • Incoming/Outgoing traffic (don't forget that the the traffic is counted by bytes, you'll wat to turn it to MB)
  • Top accessed websites
  • Top active clients
  • Access to Push mail and other mail accounts
  • Top blocked machines

Reports:

  • Top blocked websites
  • Top viruses
  • Traffic summary by machines (Top 10 or something of the kind)

Rules:

You can combine the rules with the DShield package

0 Likes
Report Inappropriate Content
zarysh
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
‎2010-07-25 23:58

Thanks Tivin for the suggestions
0 Likes
Report Inappropriate Content
Pratik
Captain Captain
Captain
‎2010-07-26 10:08

Hello Ilia Tivin,

Could you plese elaborate more on how to create top viruses report with BlueCoat?

Thanks in advance.

0 Likes
Report Inappropriate Content
Dean Farrington
Absent Member.. Absent Member..
Absent Member..
‎2010-07-27 00:44

For general trending you can do things like:

  • Top Websites
  • Top BC Categories (CS-Categories)
  • Top Target Countries
  • Etc.

AV events

  • Last X viruses found
  • Top viruses found

Malware

Bring in various open source lists of known malware sources and

trigger rules against accesses to them

Some DLP type monitoring

watch Online Storage and Proxy Avoidance categories

If you have a policy against things like "LogMeIn, GoToMyPc, etc.)

you can watch for things in the Remote Access Tools category

I created some generic reports using parameters, one for searching by user ID, one for searching by user IP, and one to identify all traffic to a specific domain. These cover the majority of the general lookup needs.

Dean

0 Likes
Report Inappropriate Content
tifoso
Absent Member.
Absent Member.
‎2010-07-28 13:08

Dear zarysh,

What a great idea opening this thread. I'm also at working with bluecoat proxy and have a special usecase which could be interessting for somebody:

  • "Surf-Time" time / quantity of users webbrowsing
    • Count by Time
    • Count by Clicks
    • Count by Requests
    • Count by Traffic
    • or a different combination of the point above

Has someone any experience with this usecase and could hand some further informations?

Thanks a lot in advance for every answer

0 Likes
Report Inappropriate Content
vip
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
‎2010-08-06 16:49

I think you need Blue Coat Proxy AV product (on top of Proxy SG)  to get anti-virus information. If you link them both, you can get a single message from SG telling you the detected viruses as well as categorization of the websites (proxy/porn/webmail/...).

0 Likes
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.