Log ALL traffic, not just successful connections

December 8, 2014, 4:03 pm

≫ Next: Websense Hybrid Web Security blackspider pop-ups

≪ Previous: Add Referer field to SIEM Multiplexer log

$

0

0

We use a variety of protection systems including IPS on the perimeter firewalls. What we've noticed is that when the firewall blocks an outbound request from the proxy due to geo protection or whatever, we cannot track it back to the user. There's nothing in the Investigative Report, absolutely nothing.

It's as if the system will not log traffic unless a TCP connection is established, which the firewall prevents. This lack of logging makes it about impossible to know who generated the IPS traffic and back-track why they did it.

---

Websense Hybrid Web Security blackspider pop-ups

September 4, 2014, 2:58 pm

≫ Next: Thousands of XML files in bin: urllist_20141210042452_6240.xml

≪ Previous: Log ALL traffic, not just successful connections

$

0

0

I just want to start a thread here on an issue that happened several weeks ago where our users are being prompted for authentication credentials with a pop-up, when things have been fine for over two years for us. I've opened a case, #01783640, and they are working on this issue. If you have a similar issue, open a case and be vocal about them working on a solution. So far they have not identified the issue.

 

The case has been escalated to the back line without word as to whats causing this. I heard that it could be part of the server farm upgrade they are doing, I've also heard it could have been a Microsoft update from several weeks ago. Regardless, they need to help us!

Thousands of XML files in bin: urllist_20141210042452_6240.xml

December 9, 2014, 3:06 pm

≫ Next: Enable block/confirmation by Windows Folders

≪ Previous: Websense Hybrid Web Security blackspider pop-ups

$

0

0

Hello,

The disk volume which my Websense directory is on keeps reaching capacity every few days due to thousands of XML files in the bin directory, format: urllist_20141210042452_6240.xml.

At one point the total size of these was ~40GB.

 

Can someone reveal what these are for and how to stop them being generated? 

Thanks.

Enable block/confirmation by Windows Folders

December 9, 2014, 11:46 pm

≫ Next: Provide Custom File Type Analysis Wizard/Tool like Symantec DLP

≪ Previous: Thousands of XML files in bin: urllist_20141210042452_6240.xml

$

0

0

Speaking of Endpoint, Existing feature is mainly block/confirmation by Fingerprinted data or File Extensions.

But due to too much false alarms fingerprinting caused, we are not able to enable this functions at all.

So i'm thinking what if admin can control the data by windows folders. (no fingerprinting required)

From that feature, admin can configure who can copy from selected folders depends on their decided privileges.

Then admin just ask staffs storing all sensitive/confidential data into a certain folder by departments

and apply protection that folder with providing data copy logs by previlege users

I think this feature plus fingerprinting should be much benefit to us. Please consider it. Thank you.

Provide Custom File Type Analysis Wizard/Tool like Symantec DLP

December 10, 2014, 5:55 pm

≫ Next: Worth upgrading from 7.8.1 to 7.8.4?

≪ Previous: Enable block/confirmation by Windows Folders

$

0

0

Thought current DSS provide near 400 file type support, but many cases customer exist special file type that current product didn't supported. So I want to add a feature request is:
[Provide Custom File Type Analysis Wizard/Tool like Symantec DLP ]

Symantec had provide a tool named [File Type Analyzer utility], to help customer add the custom filetype by them self.

ref: http://www.symantec.com/business/support/index?page=content&id=TECH218595

Hope Websense also can provide the similar tool to fulfill requirements.

 

Worth upgrading from 7.8.1 to 7.8.4?

September 4, 2014, 7:16 am

≫ Next: Threshold on Fingerprint matching

≪ Previous: Provide Custom File Type Analysis Wizard/Tool like Symantec DLP

$

0

0

Both of my websense servers are currently running version 7.8.1 - is it worth upgrading to 7.8.4?  There are no performance/filtering issues that I know of, but I always like to stay up to date with our security components.  Also we only utilize Websense web security at this time.  

Threshold on Fingerprint matching

December 11, 2014, 3:31 am

≫ Next: Enable Hybrid/Cloud logs - multiplexer/SYSLOG - SIEM integration

≪ Previous: Worth upgrading from 7.8.1 to 7.8.4?

$

0

0

At the moment, one can set the fingerprinting task to either match exactly or similar content. It would be beneficial to be able to set the threshold to a particular value in the rules. So if you set the fingerprint task to match similar content, then create a rule that sets the threshold to 80%, so the content must be at least 80% similar to the fingerprinted content before it is triggered as an incident.

Enable Hybrid/Cloud logs - multiplexer/SYSLOG - SIEM integration

December 10, 2014, 6:31 am

≫ Next: Google Drive

≪ Previous: Threshold on Fingerprint matching

$

0

0

For Web Security Gateway Anywhere, Hybrid/Cloud activity logs shall be reported via SYSLOG via the SIEM integration service, as for any internal traffic (using on-premise appliances).

This is not working today (as only logs from internal appliances are sent to the multiplexer), and I personally think this is a bug (cf: "Topic 65010 | SIEM | Web Security Solutions | Updated 22-Jul-2014" document). However I've been informed by the support team that this has not been designed to work like this, and this should be translated into a feature request.

 

---

Google Drive

December 11, 2014, 11:11 am

≫ Next: Presentation Reports - Consolidated URL Hostname Reporting Option

≪ Previous: Enable Hybrid/Cloud logs - multiplexer/SYSLOG - SIEM integration

$

0

0

This request is to add a Google Drive category similar to the Social Web - YouTube category. I need to permit users to download, but I want to block their ability to upload.

Presentation Reports - Consolidated URL Hostname Reporting Option

December 11, 2014, 9:10 pm

≫ Next: Investigative Reports - Loading Bar

≪ Previous: Google Drive

$

0

0

Rather than having multiple Facebook, Google, YouTube domains listed in the top URL hostname reports, it would be useful if for these large sites the tool could consolidate the data for each of these domains and be able to provide these results in a combined method.

Investigative Reports - Loading Bar

December 11, 2014, 9:14 pm

≫ Next: websense 7.1 install error

≪ Previous: Presentation Reports - Consolidated URL Hostname Reporting Option

$

0

0

When an administrator of a large organization is trying to drill down through the investigative reports, for example (Clicking on a Productivity Loss Risk Class to select Users/Categories etc, or changing the dates to something custom) then there is no indication as to whether or not the Investigative Report is actioning the change to the reporting parameters. Obviously on smaller databases this isn’t a problem but on large enterprise sized databases this can be very frustrating and it would be useful to have a loading bar indicating this change.

websense 7.1 install error

December 12, 2014, 8:04 am

≫ Next: 7.6 - Recategorized URL still blocked as "security override blocked"

≪ Previous: Investigative Reports - Loading Bar

$

0

0

hello,

i am trying to reinstall websense but during the reinstall i receive the following error "Could not configure Websense Manager (Code: 7)" i did see another post with the same issue where a moderator provided the user a removal tool over e-mail. i would like to know where i can find this tool.

 

Thank You

7.6 - Recategorized URL still blocked as "security override blocked"

July 27, 2011, 11:55 am

≫ Next: What does Blocked vs Refused mean?

≪ Previous: websense 7.1 install error

$

0

0

I just upgraded to 7.6.  I have a custom URL category called iTunes that is allowed for a few users.  I had one of them tell me that they are being blocked trying to download iTunes.  The URL of the download is "http://www.apple.com/itunes/download/".  If I run the URL Category check, it tells me it is in the iTunes category I created.  However, if I run the Test Filtering, it tells me that the result is "Security Override Blocked" and that the URL is actually in the category "Freeware and Software Download" (which is blocked for all users).

Why didn't the recategorization fix this issue?  What can I do to allow this for my users?

What does Blocked vs Refused mean?

December 12, 2014, 11:05 am

≫ Next: Add REQMOD and RESPMOD ICAP server to RiskVision product

≪ Previous: 7.6 - Recategorized URL still blocked as "security override blocked"

$

0

0

Hello,

When I view our hosted Websense dashboard, and I click on some of the activity, sometimes it will say Blocked, and sometimes it will say refused?  I was wondering if this made any difference?

Thanks,

David

 

Add REQMOD and RESPMOD ICAP server to RiskVision product

December 12, 2014, 11:11 am

≫ Next: V-series: allow E1 and E2 to be assigned as eth2 and eth3 in Content Gateway

≪ Previous: What does Blocked vs Refused mean?

$

0

0

For Blue Coat shops it would be great if Websense added an ICAP server to the RiskVision product.  This could be the killer use case for a solution desperately in need of a problem and there's probably no better time to do it. Right now, Blue Coat customers will be under pressure to replace all their legacy ProxyAV appliances with new Content Analysis System appliances and Malware Analysis appliances.  An ICAP-capable RiskVision appliance from Websense would make a great alternative.

---

V-series: allow E1 and E2 to be assigned as eth2 and eth3 in Content Gateway

December 12, 2014, 3:46 pm

≫ Next: Delete multiple log files on WCG

≪ Previous: Add REQMOD and RESPMOD ICAP server to RiskVision product

$

0

0

For some customers it would be desirable to isolate the ICAP traffic for 3rd party DLP on a dedicated vlan. If P1 and P2 are already in use (ingress and egress) and C is on a management vlan, then this isn't possible without compromising the customer's security / network flow design philosophies.

It would be great if E1 and E2 could be assigned as eth2 and eth3 in Content Gateway.

Delete multiple log files on WCG

December 15, 2014, 12:23 am

≫ Next: Enhance number of Incidents in the view pane

≪ Previous: V-series: allow E1 and E2 to be assigned as eth2 and eth3 in Content Gateway

$

0

0

Dear Websense

I would like to request a feature request in relation of the case:01894138

Issue was during patching the appliance. Delete option is there for log files however only one by one. We would like to have the control over the log files so we wont get over flooded with small log files. This would reduce calling Websense support.

Product Name: Web Security Gateway

Platform: V10000 G3

 

 

Enhance number of Incidents in the view pane

December 15, 2014, 12:34 am

≫ Next: Service Management

≪ Previous: Delete multiple log files on WCG

$

0

0

In order to ease up the Management of incidents it would be good to be more flecible in selecting the number of incidents than just have the Option of 100 & 200 per page.

with higher amounts of incidents this would Speed up the daily work with incidents (see

FR201204-4496)

Service Management

December 15, 2014, 12:40 am

≫ Next: Change Crawler of existing classifier / Discovery Tasks

≪ Previous: Enhance number of Incidents in the view pane

$

0

0

In order to enhance the sdervice Management capabilities it would be good to have the following Features : DSS Manager: Dashboard with health and Connection Status to all connected modules Protector - SNMP Configuration Option within/via DSSDSS Manager - ntp configuration Option within/via DSSManager - syslog configuration Option within/via DSSManager - centralized Audit and security log within/via DSS Manager

Change Crawler of existing classifier / Discovery Tasks

December 15, 2014, 12:44 am

≫ Next: copy, Move Rules & Policies

≪ Previous: Service Management

$

0

0

once a Fingerprint classifier or a discovery Task is been configured with a defined crawler, the crawler could not be changed later on. this is not good practice in growing Environments introducing dedicated Server later on. furthermore it os not flexible for infrastructure changes or movements (e.g. data Location changes for discovery and a new crawler Need to be introduced).

It would ease up System Management while beeing able to Change the crawler of a configured item