A web proxy is a server that acts as a buffer between a user and their destination on the web. Adding a web proxy allows InsightIDR to track visits to potentially malicious domains and track cloud service usage. In combination with firewall data, a web proxy can track visited URLs and pinpoint exactly which user is doing the visiting.
Configure Web Proxy
To collect web proxy events, configure the device to send syslog to the collector on a unique TCP or UDP port (above 1024).
Web Proxy Logging
The Insight Platform can ingest logs from these web proxies:
- Barracuda Web Filter
- Cisco IronPort
- McAfee Web Reporter
- Sophos Secure Web Gateway
- Squid Web Proxy
- WebSense Web Security Gateway
- Blue Coat ProxySG (ELFF format only)
- zScaler NSS (QRader LEEF Format only)
- McAfee Web Gateway
- WatchGuard XTM
- TrendMicro Control Manager
- Livigent Content Filter
Check Point Web Proxy
Traditionally Check Point is a firewall event source. However, you can now collect web proxy documents based on Checkpoints URL filtering events.