TRITON - Web Security Help, Version 7.7 - Websense

More documents

Recommendations

Info

The Web Security DashboardA specific severity level, selected by clicking the TRITON - Web Security link ina suspicious activity alert email notification (see Configuring suspicious activityalerts, page 395).At the top of the page, a table lists each incident associated with the selected user, IPaddress, hostname, or severity level. The table shows 10 rows of data per page.Use the Search field to narrow results to a specific incident or group of relatedincidents. Click Clear to remove the search filter.Refer to the information on the top, right portion of the page to see the time periodcovered in the table, and when the table was last updated.Click Customize in the toolbar at the top of the content pane to change thecolumns shown in the table. The detail table has the same column options as thesummary table on the Threats dashboard.Click a row in the table to update the bottom portion of the page with additionaldetails about the selected incident, its associated threats, and the detectionmethods used (see Reviewing threat incident details, page 39).The incident details section includes a link to Websense ACEInsight. Use this linkto view current information about the URL and threats associated with theincident.If there are more than 10 incidents, use the paging controls at the bottom of thetable to navigate through the data.In Web Security Gateway and Gateway Anywhere environments, files associated withattempts to either infect your network or send sensitive data out of your network maybe captured. File-related data is referred to collectively as forensic data, and it isstored in a special database, called the forensics repository.Forensics capture and storage is enabled by default.Configure forensics capture and storage on the Settings > Reporting > Dashboardpage (see Configuring Dashboard reporting data, page 430).When forensics capture is enabled and there are files (like spreadsheets, documents, orcompressed files) associated with an incident, an icon appears in the Forensics columnof the Event Details table. When you select an incident that includes forensics data,information about the file or files associated with the incident is displayed in theForensic Data section of the page (see Reviewing threat-related forensic data, page41).WarningUse caution when opening a file associated with a threatincident. If the file is infected with malware, it could infectthe machine you use to investigate the incident.Note also that captured files could contain highly sensitivedata.To export event information to a CSV file, click Export in the toolbar at the top of thecontent pane. All threat-related events logged in the selected time period are38 Websense Web Security Solutions
The Web Security Dashboardexported; not just those for the user, IP address, hostname, or severity level currentlydisplayed on the page.How severity is assigned to suspicious activityTRITON - Web Security Help | Web Security Solutions | Version 7.7.xThe Websense Master Database assigns a severity level to threat-related events basedon the category assigned to the request.Severity levels are mapped to categories in the Websense Master Database, andmay change when the Master Database is updated.Websense Web Filter and Websense Web Security subscriptions do not includesome or all categories with High and Critical severity levels. These categoriesmay appear on the Threats dashboard, but not be available for filtering.Click the Severity Mapping link near the top of the Threats dashboard for a currentlist of the categories that have an associated severity ranking. The list indicates anycategories that are not available for filtering with your subscription.Reviewing threat incident detailsTRITON - Web Security Help | Web Security Solutions | Version 7.7.xWhen an administrator selects an incident in the table at the top of the Threats > EventDetails page, the area below the table is populated with all available details about theincident. The available details may vary based on:What type of incident occurred. For example:• A outbound request for a URL that is assigned to a blocked category by theMaster Database is unlikely to include a threat name, intent, or type, becausethe request is blocked before Content Gateway analysis occurs.• A request that does not include an attempted file transfer does not includeforensic data.The integration providing Internet request information to Filtering Service. Forexample:• Only Content Gateway passes hostname, threat name, threat intent, threattype, and scanning category information.• Not all integrations pass protocol, method, or content type information.Whether any file transfer attempts were associated with the incident. (OnlyContent Gateway provides this type of forensic data.) See Reviewing threatrelatedforensic data, page 41.TRITON - Web Security Help 39
Page 1 and 2: TRITON - Web Security HelpWebsense
Page 3 and 4: ContentsTopic 1 Getting Started . .
Page 5 and 6: ContentsException shortcuts . . . .
Page 7 and 8: ContentsEditing filtered locations
Page 9 and 10: ContentsTransparent identification.
Page 11 and 12: ContentsManaging Content Gateway co
Page 13 and 14: ContentsHigh CPU usage on the Netwo
Page 15 and 16: ContentsContent Gateway non-critica
Page 17 and 18: 1Getting StartedTRITON - Web Securi
Page 19 and 20: Getting Startedfiltering behavior,
Page 21 and 22: Getting Started1. Banner2. TRITON t
Page 23 and 24: Getting StartedBoth the left and ri
Page 25 and 26: Getting StartedConfiguring your acc
Page 27 and 28: Getting Started• Enter the Countr
Page 29 and 30: Getting StartedConfiguring database
Page 31 and 32: Getting StartedThe IP address in th
Page 33 and 34: 2The Web SecurityDashboardTRITON -
Page 35 and 36: The Web Security DashboardThreats d
Page 37: The Web Security DashboardThe Suspi
Page 41 and 42: The Web Security DashboardFieldActi
Page 43 and 44: The Web Security DashboardUsage das
Page 45 and 46: The Web Security DashboardTo start,
Page 47 and 48: The Web Security DashboardWeb Secur
Page 49 and 50: 3Internet Usage FiltersTRITON - Web
Page 51 and 52: Internet Usage Filtersor the person
Page 53 and 54: Internet Usage Filters• Online Br
Page 55 and 56: Internet Usage FiltersLegal Liabili
Page 57 and 58: Internet Usage FiltersProductivity
Page 59 and 60: Internet Usage FiltersUsing quota t
Page 61 and 62: Internet Usage FiltersTo create a n
Page 63 and 64: Internet Usage Filters• To list r
Page 65 and 66: Internet Usage FiltersUse the Polic
Page 67 and 68: Internet Usage FiltersPermit AllThe
Page 69 and 70: Internet Usage FiltersURL and CGIDi
Page 71 and 72: Internet Usage Filters• When a us
Page 73 and 74: 4ClientsTRITON - Web Security Help
Page 75 and 76: ClientsWhether the client has a cus
Page 77 and 78: Clientsrecommends installing User S
Page 79 and 80: ClientsIn order for Websense softwa
Page 81 and 82: ClientsAdvanced directory settingsT
Page 83 and 84: ClientsAdding or editing a custom L
Page 85 and 86: Clients• Select Entries containin
Page 87 and 88: ClientsIf, for example, users acces
Page 89 and 90:
ClientsUsers, groups, and domains (
Page 91 and 92:
5Internet Filtering PoliciesTRITON
Page 93 and 94:
Internet Filtering PoliciesWorking
Page 95 and 96:
Internet Filtering PoliciesEditing
Page 97 and 98:
Internet Filtering PoliciesWhen you
Page 99 and 100:
Internet Filtering PoliciesPrioriti
Page 101 and 102:
Internet Filtering Policies2. Deter
Page 103 and 104:
Internet Filtering Policies• If a
Page 105 and 106:
6Exceptions to FilteringPoliciesTRI
Page 107 and 108:
Exceptions to Filtering PoliciesFil
Page 109 and 110:
Exceptions to Filtering PoliciesTo
Page 111 and 112:
Exceptions to Filtering PoliciesThe
Page 113 and 114:
Exceptions to Filtering PoliciesFor
Page 115 and 116:
Exceptions to Filtering Policies1.
Page 117 and 118:
7Block PagesTRITON - Web Security H
Page 119 and 120:
Block PagesBlocking graphical adver
Page 121 and 122:
Block PagesTo display protocol bloc
Page 123 and 124:
Block PagesFile NameWebsenseCopyrig
Page 125 and 126:
Block Pages6. Restart Filtering Ser
Page 127 and 128:
Block PagesVariable NameWS_BLOCKMES
Page 129 and 130:
Block PagesWhen the services have s
Page 131 and 132:
Block PagesHere, the request is fil
Page 133 and 134:
8Use Reports to EvaluateFilteringTR
Page 135 and 136:
Use Reports to Evaluate FilteringA
Page 137 and 138:
Use Reports to Evaluate FilteringCl
Page 139 and 140:
Use Reports to Evaluate FilteringDe
Page 141 and 142:
Use Reports to Evaluate FilteringSe
Page 143 and 144:
Use Reports to Evaluate FilteringUs
Page 145 and 146:
Use Reports to Evaluate FilteringTh
Page 147 and 148:
Use Reports to Evaluate Filtering
Page 149 and 150:
Use Reports to Evaluate Filteringth
Page 151 and 152:
Use Reports to Evaluate FilteringSe
Page 153 and 154:
Use Reports to Evaluate Filtering3.
Page 155 and 156:
Use Reports to Evaluate FilteringCo
Page 157 and 158:
Use Reports to Evaluate FilteringIn
Page 159 and 160:
Use Reports to Evaluate FilteringSu
Page 161 and 162:
Page 163 and 164:
Use Reports to Evaluate FilteringMu
Page 165 and 166:
Use Reports to Evaluate FilteringWh
Page 167 and 168:
Page 169 and 170:
Use Reports to Evaluate FilteringUs
Page 171 and 172:
Use Reports to Evaluate FilteringCa
Page 173 and 174:
Page 175 and 176:
Use Reports to Evaluate FilteringYo
Page 177 and 178:
Use Reports to Evaluate FilteringSc
Page 179 and 180:
Use Reports to Evaluate FilteringFi
Page 181 and 182:
Use Reports to Evaluate FilteringOu
Page 183 and 184:
Use Reports to Evaluate FilteringRe
Page 185 and 186:
Page 187 and 188:
9Scanning and SSLDecryption Bypass
Page 189 and 190:
Scanning and SSL Decryption Bypass
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
10Configure Hybrid FilteringTRITON
Page 211 and 212:
Configure Hybrid FilteringDefine fi
Page 213 and 214:
Configure Hybrid Filtering5. Enter
Page 215 and 216:
Configure Hybrid Filtering6. Verify
Page 217 and 218:
Configure Hybrid Filtering3. If you
Page 219 and 220:
Configure Hybrid FilteringIf you ha
Page 221 and 222:
Configure Hybrid Filteringor transp
Page 223 and 224:
Page 225 and 226:
Configure Hybrid FilteringTo ensure
Page 227 and 228:
Configure Hybrid FilteringSend user
Page 229 and 230:
Configure Hybrid FilteringConfigure
Page 231 and 232:
Configure Hybrid FilteringNovell eD
Page 233 and 234:
Page 235 and 236:
Configure Hybrid FilteringSelect Se
Page 237 and 238:
Configure Hybrid FilteringIn this e
Page 239 and 240:
Configure Hybrid Filtering5. Option
Page 241 and 242:
Configure Hybrid FilteringMonitor c
Page 243 and 244:
Configure Hybrid FilteringEach repo
Page 245 and 246:
11Filter Users Off SiteTRITON - Web
Page 247 and 248:
Filter Users Off Site2. If the mach
Page 249 and 250:
Filter Users Off SiteIf the Remote
Page 251 and 252:
Filter Users Off SiteIn Websense We
Page 253 and 254:
12Protect Vital InformationTRITON -
Page 255 and 256:
13Refine Filtering PoliciesTRITON -
Page 257 and 258:
Refine Filtering PoliciesThe table
Page 259 and 260:
Refine Filtering Policies• For FT
Page 261 and 262:
Refine Filtering PoliciesWeb Securi
Page 263 and 264:
Refine Filtering Policiesthe page.
Page 265 and 266:
Refine Filtering PoliciesUse the Fi
Page 267 and 268:
Refine Filtering PoliciesWhen keywo
Page 269 and 270:
Refine Filtering PoliciesYou can us
Page 271 and 272:
Refine Filtering Policies1. Navigat
Page 273 and 274:
Refine Filtering Policiesmessaging
Page 275 and 276:
Refine Filtering PoliciesTo edit a
Page 277 and 278:
Refine Filtering PoliciesCreating a
Page 279 and 280:
Refine Filtering PoliciesUsing Band
Page 281 and 282:
Refine Filtering Policies• When a
Page 283 and 284:
Refine Filtering Policies4. The use
Page 285 and 286:
Refine Filtering PoliciesFile type
Page 287 and 288:
Refine Filtering PoliciesWhen a use
Page 289 and 290:
Refine Filtering PoliciesUse the Fi
Page 291 and 292:
Refine Filtering PoliciesUsing the
Page 293 and 294:
Refine Filtering PoliciesTo review
Page 295 and 296:
14User IdentificationTRITON - Web S
Page 297 and 298:
User IdentificationIf you are using
Page 299 and 300:
User IdentificationUnder User Ident
Page 301 and 302:
User Identification• Select Apply
Page 303 and 304:
User IdentificationGenerating keys
Page 305 and 306:
User IdentificationAccepting the ce
Page 307 and 308:
User IdentificationUse the User Ide
Page 309 and 310:
User IdentificationIncreasing this
Page 311 and 312:
User Identification6. If there are
Page 313 and 314:
User IdentificationNonpersistent mo
Page 315 and 316:
User Identification2. If your netwo
Page 317 and 318:
User Identification3. To establish
Page 319 and 320:
User IdentificationEnabling full eD
Page 321 and 322:
User Identification5. Restart the a
Page 323 and 324:
User IdentificationMark Always auth
Page 325 and 326:
User IdentificationThe a= parameter
Page 327 and 328:
User Identification• Click Deploy
Page 329 and 330:
User IdentificationOff-site users m
Page 331 and 332:
User Identificationdirectory server
Page 333 and 334:
15Delegated Administrationand Repor
Page 335 and 336:
Delegated Administration and Report
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 347 and 348:
Page 349 and 350:
Page 351 and 352:
Page 353 and 354:
Page 355 and 356:
Page 357 and 358:
Page 359 and 360:
Page 361 and 362:
Page 363 and 364:
16Web Security ServerAdministration
Page 365 and 366:
Web Security Server AdministrationC
Page 367 and 368:
Web Security Server AdministrationF
Page 369 and 370:
Page 371 and 372:
Web Security Server AdministrationP
Page 373 and 374:
Web Security Server Administration6
Page 375 and 376:
Web Security Server AdministrationS
Page 377 and 378:
Web Security Server AdministrationT
Page 379 and 380:
Web Security Server AdministrationR
Page 381 and 382:
Web Security Server AdministrationI
Page 383 and 384:
Page 385 and 386:
Page 387 and 388:
Web Security Server AdministrationT
Page 389 and 390:
Web Security Server AdministrationU
Page 391 and 392:
Page 393 and 394:
Web Security Server AdministrationA
Page 395 and 396:
Web Security Server Administration2
Page 397 and 398:
Web Security Server AdministrationI
Page 399 and 400:
Web Security Server AdministrationS
Page 401 and 402:
Page 403 and 404:
Page 405 and 406:
Web Security Server Administration-
Page 407 and 408:
17Reporting AdministrationTRITON -
Page 409 and 410:
Reporting Administration5. Click OK
Page 411 and 412:
Reporting AdministrationInformation
Page 413 and 414:
Reporting AdministrationConfigure t
Page 415 and 416:
Reporting AdministrationIf you sele
Page 417 and 418:
Reporting Administration3. Under Hi
Page 419 and 420:
Reporting Administrationdefinitions
Page 421 and 422:
Reporting AdministrationConfiguring
Page 423 and 424:
Reporting Administration• SQL Ser
Page 425 and 426:
Reporting Administration4. Select P
Page 427 and 428:
Reporting Administrationthe databas
Page 429 and 430:
Reporting AdministrationThe nightly
Page 431 and 432:
Reporting AdministrationTo change t
Page 433 and 434:
Reporting AdministrationConfiguring
Page 435 and 436:
Reporting Administration3. Click Sa
Page 437 and 438:
Reporting AdministrationSelf-report
Page 439 and 440:
18Network ConfigurationTRITON - Web
Page 441 and 442:
Network ConfigurationUse the Settin
Page 443 and 444:
Network ConfigurationBy default the
Page 445 and 446:
Network ConfigurationUse the Local
Page 447 and 448:
19TroubleshootingTRITON - Web Secur
Page 449 and 450:
Troubleshootingoccurs when user nam
Page 451 and 452:
TroubleshootingLook for any applica
Page 453 and 454:
Troubleshootingthe download, and ch
Page 455 and 456:
TroubleshootingSee the appliance or
Page 457 and 458:
TroubleshootingWait 1 minute before
Page 459 and 460:
TroubleshootingIf a site uses post
Page 461 and 462:
TroubleshootingNetwork Agent is req
Page 463 and 464:
TroubleshootingIn either case, filt
Page 465 and 466:
Troubleshooting• Windows: Use the
Page 467 and 468:
Troubleshooting• If User Service
Page 469 and 470:
Troubleshooting If you are running
Page 471 and 472:
Troubleshooting• Websense DC Agen
Page 473 and 474:
TroubleshootingThis usually occurs
Page 475 and 476:
TroubleshootingProtocol block messa
Page 477 and 478:
Troubleshooting• Low memory on th
Page 479 and 480:
Troubleshooting Policy Server on po
Page 481 and 482:
TroubleshootingManually restart Pol
Page 483 and 484:
TroubleshootingLog Server is not ru
Page 485 and 486:
TroubleshootingUse the following st
Page 487 and 488:
TroubleshootingYou may see this mes
Page 489 and 490:
Troubleshooting• If the existing
Page 491 and 492:
TroubleshootingThe ETL job has stop
Page 493 and 494:
TroubleshootingTo display all repor
Page 495 and 496:
Troubleshooting7. Click OK to save
Page 497 and 498:
TroubleshootingC:\Program Files (x8
Page 499 and 500:
TroubleshootingIf the trend reports
Page 501 and 502:
Troubleshooting1. Log on to TRITON
Page 503 and 504:
TroubleshootingIf you are using Moz
Page 505 and 506:
TroubleshootingIf Real-Time Monitor
Page 507 and 508:
TroubleshootingIf the size limit ha
Page 509 and 510:
TroubleshootingIf Web Security comp
Page 511 and 512:
TroubleshootingAlertHost database d
Page 513 and 514:
Troubleshooting• The IP address a
Page 515 and 516:
TroubleshootingIf Sync Service is u
Page 517 and 518:
TroubleshootingDirectory Agent cann
Page 519 and 520:
TroubleshootingUse the das.ini file
Page 521 and 522:
TroubleshootingDirectory Agent acce
Page 523 and 524:
Troubleshooting5. Scroll down to th
Page 525 and 526:
Troubleshooting3. In the Event View
Page 527 and 528:
IndexNumerics30-Day RiskTrends, 42A
Page 529 and 530:
Indexbased on bandwidth, 58File Typ
Page 531 and 532:
IndexLog Server, 412configuring DC
Page 533 and 534:
Indexusing, 345deleting entries fro
Page 535 and 536:
Indexremote or roaming users, 245se
Page 537 and 538:
Indexsetting schedule for, 178stand
Page 539 and 540:
IndexMultiplexer, 367MyWebsense por
Page 541 and 542:
Indexoverview, 133PDF format, 146,
Page 543 and 544:
Indexmissing hybrid filtering data,
Page 545 and 546:
IndexFiltering, 68Hybrid User Ident
Page 547 and 548:
IndexUunable toadd user and groups,
show all

TRITON - Web Security Help, Version 7.7 - Websense

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?