3 Replies Latest reply on Apr 21, 2017 8:38 PM by andy777

    Proxy logs from browser

    biswabhusan

      Hi experts,

      We have just observed that people in the organization are able to access some blocked websites by changing the proxy settings. we want to check the details, like the users, when it started, what are the usual websites etc.Is there anyways we can detect the logs in the ESM.We have blucoat and checkpoint on the perimeter.Iam no sure how the use case should.Can anyone please help me in this.

      Thanks

      Biswa

        • 1. Re: Proxy logs from browser
          andy777

          If I understand correctly, they are removing the manual proxy settings and bypassing the Bluecoat leaving only the Checkpoint the opportunity to create logs. The logs to see would be the clients talking directly to hosts on port 80 and 443. In most cases, a firewall rule would be added to prevent this from happening and force the users through the Bluecoat.

          1 of 1 people found this helpful
          • 2. Re: Proxy logs from browser
            biswabhusan

            Thank you so much Andy for your response.I am new to Mcafee SIEM and not very familiar with the query part.What kind of a search can I do in ESM to find the details.

            • 3. Re: Proxy logs from browser
              andy777

              Sorry, missed your reply. Specifically you would use the Global Filter fields on the right side of any view and filter for internal IP subnets connecting to Destination Port 80 and 443 on any external host (e.g. not your proxy).