Web Proxy
A web proxy is a server that acts as a buffer between a user and their destination on the web. Adding a web proxy allows InsightIDR to track visits to potentially malicious domains and track cloud service usage. In combination with firewall data, a web proxy can track visited URLs and pinpoint exactly which user is doing the visiting.
Configure Web Proxy
To collect web proxy events, configure the device to send syslog to the collector on a unique TCP or UDP port (above 1024).
Web Proxy Logging
Rapid7 can integrate with the following web proxy tools to generate alerts in InsightIDR and the Insight Platform:
- Barracuda Web Security Gateway
- Blue Coat Proxy
- Cisco IronPort
- Livigent Content Filter
- McAfee Web Gateway
- Sophos Secure Web Gateway
- Squid
- WebSense Web Security Gateway
- Zscaler NSS
InsightIDR also supports:
- Fortinet FortiGate
- Intel Security (formerly McAfee) Web Reporter
- TrendMicro Control Manager
- Watchguard XTM
- Versa Networks
Check Point Web Proxy
Traditionally Check Point is a firewall event source. However, you can now collect web proxy documents based on Checkpoints URL filtering events.
Did this page help you?