Documentation
|
Support
Investigative Reporting Quick Start
: What information can I see in a report?
What information can I see in a report?
Investigative Reporting Quick Start | Web Protection Solutions |v8.4.x, v8.5.x | 29-Apr-2022
When you customize an investigative report (see
Customize summary reports
or
Customize detail reports
), the information that you can select for display depends on what elements are already selected. If you are looking at requests by user, for example, you cannot add group information. Likewise, if you are looking at a report by category, you cannot simultaneously view risk class data.
Some of the available information depends on how your web protection software is deployed. If your environment does not include User Service, for example, the user, group, domain, and directory object options will not appear in any selection list. Likewise, if your environment does not include Content Gateway or Network Agent, bandwidth information cannot be displayed.
In addition, the reporting permissions granted to your account can determine what information is available. User-identifying information may not be available to all reporting administrators.
The table below lists all types of data that can be displayed in an investigative report. If you have drilled down into the data to create a detail report, these are the columns that you can add to the report to create a custom view of the data.
Column Name
Description
User
Name of the user who made the request. User information must be available in the Log Database to include it on reports. Group information is not available in user-based reports.
Day
Date the Internet request was made.
URL Hostname
Domain (host) name of the requested site.
Domain
Directory service domain for the directory-based client (user or group, domain, or organizational unit) that made the request.
Group
Name of the group to which the requestor belongs. Individual user names are not given on group-based reports. If the user who requested the site belongs to more than one group in the directory service, the report lists multiple groups in this column.
Risk Class
Risk class associated with the category to which the requested site belongs. If the category is in multiple risk classes, all relevant risk classes are listed.
Directory Object
Directory path for the user who made the request, excluding the user name. Typically, this results in multiple rows for the same traffic, because each user belongs in multiple paths.
If you are using a non-LDAP directory service, this column is not available.
Disposition
Action the software took as a result of the request (for example, category permitted or category blocked).
Source Server
IP address of the machine sending requests to Filtering Service. This may be the Content Gateway IP address, Network Agent IP address, or third-party integration (gateway, firewall, or cache) IP address.
With the Web Hybrid module, use this option to identify requests managed by the hybrid service from both on-site (filtered location) and off-site users.
Protocol
Protocol of the request (for example, HTTP or FTP).
Protocol Group
URL Database group in which the requested protocol falls (for example, Remote Access or Streaming Media).
Source IP
IP address of the machine from which the request was made.
With the Web Hybrid module, you can use this option to review requests coming from a specific hybrid filtered location.
Destination IP
IP address of the requested site.
Full URL
Domain name and path for the requested site (for example, http://www.mydomain.com/products/itemone/). If you are not logging full URLs, this column is blank.
Month
Calendar month the request was made.
Port
TCP/IP port over which the user communicated with the site.
Bandwidth
The amount of data, in kilobytes, contained in both the initial request from the user and the response from the website. This is the combined total of the Sent and Received values.
Bytes Sent
Number of bytes sent as the Internet request. This represents the amount of data transmitted, which may be a simple request for a URL, or may be a more significant submission if the user is registering for a website, for example.
Bytes Received
Number of bytes received from the Internet in response to the request. This includes all text, graphics, and scripts that make up the site.
For sites that are blocked, the number of bytes varies according to the software creating the log record.
If the log record is created by Content Gateway, as a result of analysis, the bytes received represents the size of the page analyzed.
If the log record is created by Network Agent, the number of bytes received for a blocked site represents the size of the block page.
If a third-party integration product creates the log records, the bytes received for a blocked site may be zero (0), may represent the size of the block page, or may be a value obtained from the requested site.
Time
Time of day the site was requested, shown in the HH:MM:SS format, using a 24-hour clock.
Category
Category to which the request was assigned. This may be a category from the URL Database or a custom category.
Investigative Reporting Quick Start
: What information can I see in a report?
Copyright 2022 Forcepoint. All rights reserved.