Académique Documents
Professionnel Documents
Culture Documents
(Version 8.8)
Table of Contents
Objectives ............................................................................................................................................... 1
Lab Choices and Dependencies .............................................................................................................. 2
Lab Topology .......................................................................................................................................... 3
Lab Access, Login and Password Information ....................................................................................... 4
Lab 1 Basic WSA Configuration and Testing ..................................................................................... 6
Lab 2 Proxy Authentication ............................................................................................................... 10
Lab 3 Basic Policy Configuration ...................................................................................................... 12
Lab 4 Enforcing Acceptable Use ....................................................................................................... 15
Lab 5 Protecting Against Malware .................................................................................................... 18
Lab 6 Reporting and Web Tracking................................................................................................... 25
Lab 7 Adaptive Scanning ................................................................................................................... 27
Lab 8 Advanced Malware Protection (AMP) .................................................................................... 29
Lab 9 Time and Volume Based Quotas ............................................................................................. 31
Lab 10: Custom Headers ....................................................................................................................... 33
Lab 11: High Availability ..................................................................................................................... 35
Lab 12: Cisco Advanced Web Reporting (Web Security Appliance and Cloud Web Security) .......... 41
Objectives
This hands-on lab will focus on the creation, administration and reporting of policies that control the
various aspect of the Cisco Ironport Web Security Appliance. Exercises will simulate the most common
configuration, troubleshooting and reporting tasks that are typical in customer installations. Features
such as Acceptable Use, Web Security, Application Visibility and On-Box reporting will be covered.
At the completion of this lab, you will be able to
Use the System Setup Wizard to perform initial WSA configuration
Utilize Proxy Authentication
Utilize the WSA policy framework
Enforce acceptable use
Protect against malware
Create meaningful reports
Utilize web tracking & Troubleshoot WSA Configuration
Configure WSA for High Availability
Create Meaningful reports from WSA Advance Reporting Application
Lab Topology
Win7-1
Login: Administrator. Password: cisco123
You will connect to this endpoint using Remote Desktop from your laptop. All of the lab exercises can
be run from the desktop of the Win 7 image. The reason TUI (and Single Sign-On) will not work from
this endpoint is that it belongs to the wrong (GOLD) domain.
WSA
Login: admin. Password: ironport
The WSA can be accessed from the XP desktop:
SSH access to CLI using PuTTY
WSA GUI using Firefox to access the WSA GUI use the link on the favorites toolbar
outside.wsa.train
Browser access to the lab exercise pages is available via links on the Firefox browsers:
Active Directory
Login: Administrator. Password: cisco
You will connect to this server via remote desktop from XP you cannot connect to it directly. The IP
address is 172.20.11.210. You will need to connect to this server during Lab 8 when you configure the
AD Agent for Transparent User Identification.
In order to complete the lab exercises, you will need to know the following three Active Directory
groups:
engineering
it
hr
You also need to know the following five users:
nina (a member of neither group remember nina none)
angie (a member of the engineering group remember angie engineering)
eyetea (a member of it group remember eyetea IT)
harry (a member of the hr group remember harry HR)
operator (a privileged user with the ability to create computer objects on the AD server).
However, just in case you want to create your own experiments and scenarios, there are two additional
groups:
finance
investment
and four additional users:
fred (a member of the finance group remember fred finance)
ira
(a member of the investment group remember ira investment)
beth (a member of both the finance and investment groups remember beth both)
allen (a member of all 5 groups remember allen all)
All these users have a password of ironport.
C. Block several categories that you consider inappropriate, by clicking in the Block column.
D. Be sure to block Gambling this will be used in the lab to test acceptable use.
E. Click the Submit button at the bottom of the page.
[Submitting changes builds an inactive configuration that can later be committed or abandoned.]
F. Click the yellow button in the upper right hand corner of the WSA GUI.
G. Enter a meaningful comment, and then click Commit Changes
.You should be blocked and End User Notification page should be displayed.
Task D: Reading the proxy access log using the CLI
To troubleshooting policy configurations, the most important log is the proxy access log. You will be
viewing the access log throughout the lab. At this point, you will be learning how to view this log in
real time.
11. Connect to the S-Series via SSH
A. Double click on the desktop icon that says putty.exe.
B. There is a predefined Session called s100v-alpha.wsa.train. This will connect you, via SSH, to
your WSA.
C. Login to the WSA
Login:
admin
Password:
Cisco123$
12. There are two ways to view logs with the WSA CLI.
Type tail accesslogs into the WSA CLI.
Type tail to show the list of configured logs, and then enter the number of the log you wish.
Using one of these methods, start to tail the access log.
Warning: There will occasionally be a delay of 10 to 30 seconds in the output of the tail accesslogs
command, so it may not seem like real time. You will have to be patient.
13. Using FF, visit http://poker.com and look at both the access log and the HTTP headers. You will be
blocked, due to the Access Policy you created in the previous lab. Look for the following strings in
the access log entry:
TCP_DENIED the action or cache result code
403 the HTTP response code
BLOCK_WEBCAT the ACL decision tag
14. Using FF, try to download the eicar test virus again. Look at both the access log and the HTTP
headers. Look for the following strings in the access log entry on WSA:
TCP_DENIED the action or cache result code
403 the HTTP response code
BLOCK_AMW_RESP the ACL decision tag
15. Using FF, visit http://ihaveabadreputation.com and look at both the access log and the HTTP
headers. You will be blocked, due to the Web Reputation Filters. Look for the following strings in
the access log entry:
TCP_DENIED the action or cache result code
403 the HTTP response code
BLOCK_WBRS the ACL decision tag
10
Note: Since you are not using surrogates, it is relatively easy to clear authentication information:
FF by selecting Tools > Internet Options > General > Browsing History > Delete >Select all >
Delete > Apply > Ok
However, if you use surrogates (for example, when you are using transparent proxy mode), it can be
challenging to clear authentication information for a client. If you are using cookie surrogates, you may
have to also clear cookies. If you exit the browser, you must be sure to exit all windows.
Finally, the WSA caches authentication information. You may have to clear the authentication cache
using the CLI command authcache > FLUSHALL. When using IP surrogates, this is required.
11
12
13
14
If you want to try to do this lab without detailed instructions, you need to know the following:
Task A;
Extended business hours are Monday through Friday 7 am to 6 pm, and Saturday 8 am to noon.
Peak business hours are Monday through Friday 10 am to 2 pm.
Because your policies are time based, you will also need to use the Policy Trace tool.
Use Response Detail Overrides in the Policy Trace tool. Then you will not have to enter URLs
that match the categories you wish to test.
Task B:
You need to create a custom URL category for URLs where the hostname is an IP address. You can
find lengthy discussions on the Internet about the best way to craft a RegEx to match IP addresses. But
note that the WSA does not allow the full RegEx syntax when working with custom URL categories.
For this exercise, many possible RegExes will work so keep it simple.
You can use any IP address to test your policy. For example, you can try going to http://204.15.80.137.
15
J.
K.
L.
M.
N.
O.
P.
Q.
2. Configure the URL filters for the Global Policy (Access Policies group)
A. In the WSA GUI, navigate to Web Security Manager > Access Policies.
B. Click on the text in the URL Filtering column of the Global Policy row.
C. Block categories that represent illegal or offensive material there are several such categories.
D. Set the categories Filter Avoidance and Peer File Transfer to Warn.
E. Under Social Networking Category select Time Range
F. Block Social Networking during Peak Business Hours (otherwise Monitor)
G. Under Shopping Category select Time Range
H. Block Shopping during Extended Business Hours (otherwise Warn).
I. Click the Submit button in the lower right of the page.
J. Click the yellow button in the upper right that says Commit Changes >>.
K. Enter a meaningful comment, such as Created Global AUP.
L. Click Commit Changes.
M. Check the results by visiting the following URLs:
a. www.proxify.com (Filter Avoidance)
b. www.facebook.com (Social Networking)
c. www.amazon.com (Shopping)
OR You can also use our Lab Exercise Page to test the global acceptable use policy
A. Go to the Lab Exercise Page.
B. Under Links to Websites, follow the link Websites by URL category.
C. Try to identify the URL categories using the access log.
3. Use the Policy Trace tool to test the time based policies regarding Social Networking and Gambling.
A. In the WSA GUI, navigate to System Administration > Policy Trace.
B. For URL, enter any valid URL, say www.cisco.com.
C. For User Name, enter WSA\nina.
D. For Authentication Realm, select the realm you created in Lab 2.
E. Click on the text Advanced to access the advanced settings.
F. Under Request Details, for Time of Request, enter a time inside peak business hours.
G. Under Response Detail Overrides, for URL Category, select Social Networking.
H. Click the Find Policy Match button.
I. Verify that the results match your policy configuration. If not, troubleshoot and fix any errors.
Repeat Steps 4F through 4I for various combinations of request times and URL categories.
16
17
18
Task D:
Here is how you can find malware to test HTTPS inspection:
A. Using Firefox, go to the Lab Exercise Page.
B. Under Files(HTTPS), follow the link Malware files.
Task A: Confirm global setting for Web Reputation Filters and DVS engine
1. Confirm licensing.
A. In the WSA GUI, navigate to System Administration > Feature Keys.
B. Confirm that Cisco Web Reputation Filters, Webroot, McAfee and Sophos all have valid feature
keys.
2. Verify global settings for Web Reputation Filters and DVS engine.
A. Navigate to Security Services > Anti-Malware and Reputation.
B. Confirm that Web Reputation Filtering is enabled.
C. Confirm that Sophos, McAfee, and Webroot, are enabled.
D. Confirm that McAfee Heuristic Scanning is enabled.
19
http://login.tracking101.com/ has a WBRS of -7.6, so the transaction was blocked (ACL tag
BLOCK_WBRS). Note also that this was classiieFd as a site serving adware:
s100v-alpha.wsa.train> grep tracking101 accesslogs
Task C: Block encrypted files for everyone except members of the HR team
5. Confirm that the Global Access Policy is configured to block encrypted files.
A. In the WSA GUI, navigate to Web Security Manager > Access Policies.
B. Click on the text in the Web Reputation and Anti-Malware Filtering column of the Global Policy
row.
C. Confirm that all the categories of malware are set to Block. Note that one malware category is
Encrypted File.
If they are set to Monitor, you made a mistake when you ran the System Setup Wizard. You can
correct this mistake by clicking on the two Select all links in the Block column (there are two
such links).
D. Submit any changes you may have made.
6. Create an Access Policy for HR team.
A. In the WSA GUI, navigate to Web Security Manager > Access Policies.
B. Click Add Policy.
C. Set Policy Name to HR.
D. Add a short, meaningful description.
E. Under Policy Member Definition:
1) Under Identification Profiles and Users, select the Selected Groups and Users radio button.
2) Click on the text that says No groups entered.
3) The groups will populate the Directory search result box or you can type in the desired r.
4) Highlight the hr group WSA\hr, or type it in, and then click the Add > button.
[Or you can type in the desired group name and then click the Add > button.]
5) Click the Done button in the lower right of the page.
F. Submit your changes.
20
C. Near the bottom of the page, change the action for Encrypted File from Block to Monitor.
D. Submit your changes.
8. Commit the changes made in the three previous steps.
A. Click the yellow button in the upper right that says Commit Changes >>.
B. Enter a meaningful comment, such as Configured HR Access Policy.
C. Click Commit Changes.
9. Confirm that Nina cannot download encrypted files.
A. Clear authentication setting in Firefox.
B. Go to the Lab Exercise Page. Log into the proxy as WSA\nina.
C. Under Files (HTTP), follow the link Malware files.
D. Left click on Confidential.zip. The transaction will be blocked.
E. Click the Back button in Firefox.
F. Right click on Confidential.zip, and select Save Link As. Click Save to save the file to your
Desktop.
G. Double click on the file on your desktop to open it. Notice that it has been corrupted. If you
check the size of the downloaded file, you will see it has been truncated from about 300 KB to
about 1.6 KB, or sometimes, even 0 bytes depending on the version of Firefox you are running..
What you have seen is that depending on how you attempt to download a file:
Sometimes the HTTP transaction is blocked in the browser, and a 403 HTTP return code is
sent to the browser.
Sometimes the download agent is interrupted while the download is taking place, truncating
the file.
10. Confirm that Harry can download encrypted files.
A. Clear the cache and the authentication sessions in Firefox.
B. Left click on Confidential.zip. You will be asked to authenticate.
C. Log into the proxy as WSA\harry.
D. You should now be able open the ZIP file.
E. Confirm that the ZIP file contains encrypted files.
There really isnt any need to open the files, but if you want to confirm that they are not
corrupted, note that the password to open them is ironport.
11. Inspect the relevant access log entries. The easiest way to do this is with the grep command.
S100v-alpha.wsa.train> grep Confidential.zip accesslogs
. . .
1320546101.539 55 172.20.11.250 TCP_DENIED/403 1855 GET
http://outside.wsa.train/malware/Confidential.zip
"WSA\nina@ADRealm" DIRECT/outside.wsa.train application/x-zip
BLOCK_AMW_RESP_11-DefaultGroup-DefaultGroup-NONE-NONE-NONEDefaultGroup <IW_comp,ns,"0","-",0,0,0,"-","-",-,-,-,"-","26",2147220974,"Confidential.zip","-",-,-,IW_comp,-,"Encrypted File","","Unknown","Unknown","-","-",269.82,0,-,"-","-"> . . .
21
22
20. Installing the certificate in your browser will stop the browser from generating warnings when the SSeries is performing HTTPS inspection.
A. Save the certificate by clicking the text Download Certificate in the HTTPS Proxy Settings box.
Select the Save option and save it on the desktop.
23
21. Back in the WSA GUI, under Invalid Certificate Options, set Unrecognized Root Authority to
Monitor. This is required, as the CA for the lab exercise page is not yet part of the WSA trusted CA
store.
22. Submit your changes. Read the Confirm Enabled dialog box carefully. Click Continue. Then
commit your changes.
23. Confirm that files downloaded using HTTPS are now being scanned for malware.
A. Clear your Firefox browser cache. (you may be prompted again for auth. Use WSA\harry for
auth)
B. Go to https://secure.eicar.org/eicar.com.txt. You will get a block page now
24. Inspect the relevant access log entries. Note that there are two transactions associated with HTTPS
inspection.
The first shows the decision to decrypt:
1443747208.073 584 172.20.11.250 TCP_MISS_SSL/200 39 CONNECT
tunnel://secure.eicar.org:443/ "WSA\harry@ADRealm1"
DIRECT/secure.eicar.org - DECRYPT_WBRS_7-DefaultGroup-GOLDDefaultGroup-NONE-NONE-DefaultGroup <IW_csec,0.8,-,"-",-,-,-,,"-",-,-,-,"-",-,-,"-","-",-,-,IW_csec,-,"-","","Unknown","Unknown","-","-",0.53,0,-,"-","-",-,"-",-,-,"-",""> The second shows how the decrypted traffic is handled:
1443747208.421 347 172.20.11.250 TCP_DENIED_SSL/403 0 GET
https://secure.eicar.org:443/eicar.com.txt "WSA\harry@ADRealm1"
DIRECT/secure.eicar.org application/octet-stream
BLOCK_AMW_RESP_12-HR-GOLD-DefaultGroup-NONE-NONE-DefaultGroup
<IW_csec,0.8,0,"-",0,0,0,27,"-",0,1,6,"EICAR test file",-,-,"","-",-,-,IW_csec,-,"Virus","-","Unknown","Unknown","-","",0.00,0,-,"Unknown","-",-,"-",-,-,"-","-"> -
24
25
5. In the WSA GUI, navigate to Reporting > Web Tracking. In the Search box:
A. For Time Range, select Day.
B. Leave User/Client IP blank.
C. For Website, enter outside.wsa.train.
D. For Transaction Type, select All Transactions.
E. Click the Search button.
F. In the Results table, click the text that says Display Details
G. For at least one transaction, click the text that says RELATED TRANSACTIONS.
H. Note that the HTML components (images, Javascript, etc.) associated with the page are
displayed.
6. Modify the web tracking search as follows. In the Search box:
A. Change Website to blank.
B. Change Transaction Type to Blocked.
C. Click the Search button.
D. In the Results table, click the text that says Display Details
E. Note the reasons that the transaction was blocked, as well as the details about the threat.
7. Modify the web tracking search as follows. In the Search box:
A. Change Transaction Type back to All Transactions.
B. Click Advanced to search transactions using advanced criteria.
1) Under Malware Threat, select the Filter by Malware Category radio button.
2) Select Encrypted File from the drop-down menu.
C. Click the Search button.
D. In the Results table, click the text that says Display Details
E. In the Results box, you should see:
1) Harry was allowed to download an encrypted file.
2) Ninas attempt to download an encrypted file was blocked.
If you do not see this, perhaps you did not complete Task C of Lab 5.
8. Modify the web tracking search as follows. In the Search box:
A. Click Advanced to search transactions using advanced criteria.
1) Under Policy, select the Filter by Policy radio button.
2) Enter HR into the Filter by Policy text ieFld.
B. Click the Search button.
C. In the Results table, click the text that says Display Details
D. In the Results box, you should see:
1) Harry was allowed to download an encrypted file.
2) There should be no information about Nina.
26
27
","Unknown","Unknown","-","-",0.00,0,-,"-","-"> 3. Disable Adaptive Scanning. This will make the WSA imitate the pre-7.5 versions.
A. In the WSA GUI, navigate to Security Services > Anti-Malware and Reputation.
B. Click Edit Global Settings.
C. Uncheck the Enable Adaptive Scanning checkbox.
D. Submit and commit your changes.
4. Observer how adaptive scanning being disabled affects the configuration of the WSA.
A. In the WSA GUI, navigate to Web Security Manager > Access Policies
B. Click on the Web Reputation and Anti-Malware Filtering settings for the Global Policy.
C. Note (see figure on next page):
3) You can enable or disable Web Reputation Filtering, and can change the thresholds.
4) You can enable or disable Anti-Malware Scanning, and can choose between Sophos and
McAfee (but cannot choose both).
5. In Firefox, go back to ihaveagoodreputation.com, and under Malware Files try downloading the
eicar.com.txt file. You will not be blocked. This is the pre-7.5 WSA behavior. Objects downloaded
from websites with WBRS from 6.0 to 10.0 are not scanned.
28
29
30
31
32
33
34
35
36
Click Next>>
N. Administrative Settings
Password:
Cisco123$
Email system alerts to: alpha@outside.wsa.train
Uncheck AutoSupport (in a production environment, leave this checked)
Uncheck Network Participation (in a production environment, leave this checked)
[Note: You uncheck these to stop the class S-Series from sending information to Cisco.]
Click Next>>
3. Security
B. Under Malware and Spyware Scanning, for Action for Detected Malware, select the Block radio
button.
Click Next>>
4. Review
Look over your settings, and edit any that looks wrong by clicking Edit on the right hand side.
Install your initial configuration by clicking Install This Configuration.
16. At this point the WSA will redirect you to the System Setup Next Steps. If you do not see this
page, hit the WSA Backup bookmark again.
17. Confirm that the S-Series web proxy is enabled and notice the proxy port numbers, as follows.
C. In the WSA GUI, navigate to Security Services >Web Proxy.
D. Under basic settings, you should see:
HTTP Ports to Proxy: 80, 3128
Proxy:
Enabled
If for some reason the proxy is disabled, the System Setup Wizard probably did not complete
correctly, and will have to be re-run.
C: Configuring the WSA s200v-alpha.wsa.train as BACKUP:
1: Navigate to NetworkHigh Availability
2: Click on Add Failover Group
3: Under Failover Group ID type in 10
4: Under Description type Backup
5: In the Hostname mention s000v-alpha.wsa.train
6: Under Virtual IP Address and Netmask please type 172.20.11.105/24
7: In the Interface please select Management
8: Under Priority please select Backup with Priority as 10.
9: Please click on Submit
10: Under High Availability Global Settings click on Edit settings.
11: Change the Failover HandlingPreemptive and click on Submit.
12: Now click on the Commit Changes in order for these settings to take effect.
13: Please ping the VIP (172.20.11.105) to check the configuration is perfect.
37
D: Tail the access-logs on Master and Backup and Change the proxy to VIP
1: Click on Putty on the Desktop
2: Click on S100v-alpha.wsa.train and S200v-alpha.wsa.train
3: Login to both the appliances
4: Please type the following command tail accesslogs on both the Appliances (s100v and
S200v)
5: Go to the Internet browserTools Internet Options Connections Lan Settings
Under Proxy Server Change the IP address to 172.20.11.105. Make sure you have the
IP address of the VIP and NOT the primary or the backup WSA.
6: Browse few websites (www.google.com, www.yahoo.com etc) using the changed proxy
settings and kindly check the access logs on both the appliances.
E: Testing the failover works by disabling the Failover Group on Master (Replicating that in the
real world when the Master WSA goes down)
A: Open the GUI interface of s100v-alpha.wsa.trian (172.20.11.103)
B: Go to NetworkHigh Availability
C: Edit Failover Group 10 Uncheck Enable Failover group Submit
D: Verify in the Latest StatusDisabled (It should show Disabled)
E: Commit Changes
F: Open the GUI Interface of S200v-alpha.wsa.train
G: Go to Network High Availability
H: Click on refresh status
I: Under latest status it will show Master
J: Go to the SSH session of s200v and validate that the traffic is hitting the backup Appliance
by browsing couple of websites.
K: Also verify that no traffic is hitting the master (Checking the SSH window of S100v)
F: When Master WSA Comes backup online, how change of role works
1: Log on to GUI Interface of S100v-alpah.wsa.train
2: Go to NetworkHigh Availability
3: Edit Failover Group 10 Check Enable Failover group Submit
Note: As we have got the Failover Handling to Preemptive, the Master WSA when it gets back online it
will take the precedence and become Master again.
4: Commit Changes
5: Click on refresh Status
6: Within few seconds the S100v now becomes Master again and the S200v becomes backup
38
Note: These will be the Logs which you will see which will indicate CARP IN and CARP OUT for
backup and Master.
39
40
Lab 12: Cisco Advanced Web Reporting (Web Security Appliance and Cloud Web Security)
Polls log data collected from a Cisco Web Security Appliance and Cloud Web Security.
Provides reports and dashboards to get insight into large volume of WSA and CWS
logs.
WSA vs CWS in terms of sending logs:1. WSA On-Premise It pushes logs using FTP, Syslog and SCP.
2. CWS push the data to data storage and expose it through API.
41
42
B: Users Menu
Step 1: Please click on the User on the top menu and then select the Time Range from 1st September
2015 to 30th September 2015. Note: Alternatively, you could also set the time picker to Advanced,
and set the Earliest field to -1000d. This will force the app the load all events for the last 1000 days.
Step 2: Scroll Down to the Users and sort by the maximum Bandwidth Used.
Step 3: Click on the <Top user> which has consumed the maximum Bandwidth.
Step 4: This will take us to User Drilldown option for the <TOP USER>
Step 5: Export this report in a PDF format.
C: Websites Menu
Step 1: Please click on the Websites on the Top Menu and then select the Time Range from 1st
September 2015 to 30th September 2015. Note: Alternatively, you could also set the time picker to
Advanced, and set the Earliest field to -1000d. This will force the app the load all events for the last
1000 days.
Step 2: Scroll down under Domain Matched and sort by the maximum Time_Spent.
Step 3: Click on the <Top domain> which has spent the maximum time on that specific domain.
Step 4: This will take us to the Domain Drill down for the Specific Domain and give us more
information on the Top Users by total Transactions and also the Trend for those transactions.
Step 5: Export this report in a PDF format.
D: URL Category Menu
Step 1: Please click on the URL Categories on the Top Menu and then select the Time Range from 1st
September 2015 to 30th September 2015. Note: Alternatively, you could also set the time picker to
Advanced, and set the Earliest field to -1000d. This will force the app the load all events for the last
1000 days.
2015, Cisco Systems
All rights reserved.
43
Step 2: Scroll down under URL Categories Matched and sort by the Bandwidth Saved by blocking.
Step 3: Click on the <Top URL Category>which has saved the maximum Bandwidth.
Step 4: This will take us to the URL Categories Drill down for the Specific Domain and Specific User.
Step 5: Export this report in a PDF format.
E: Application Visibility Menu
Step 1: Please click on the Application Visibility on the Top Menu and under Presents for a Week.
Step 2: Scroll down under Application Type Matched and sort by the Bandwidth Used.
Step 3: Click on the <Top Application Type>which has used the maximum Bandwidth.
Step 4: This will take us to the Application type Drill down for the top application matched and Top
User Matched.
Step 5: Export this report in a PDF format.
F: Other Dashboards
Security Reports Anti-Malware
Step 1: Click on the Other Dashboards Security Anti-Malware. Set the Time Range from 1st
September 2015 to 30th September 2015. Note: Alternatively, you could also set the time picker to
Advanced, and set the Earliest field to -1000d. This will force the app the load all events for the last
1000 days.
Step 2: Scroll down to the Malware Threats and sort is based on Bandwidth Saved by blocking
Step 3: Click on the <Top Malware> and it will take to the Malware Drill down page
Step 4: Export this report to PDF.
Security Reports Advance Malware Protection
Step 1: Click on the Other Dashboards Security Advance Malware Protection. Set the Time Range
from 1st September 2015 to 30th September 2015. Note: Alternatively, you could also set the time
picker to Advanced, and set the Earliest field to -1000d. This will force the app the load all events
for the last 1000 days.
Step 2: Scroll down to the Malware Threats Files and sort is based on Transaction Blocked
Step 3: Click on the <Top Malware Threat File> and it will take to the Advance Malware protection
Drill down page
Step 4: Export this report to PDF.
44
Web Tracking (We can track all the data using Web Tracking)
Step 1: Click on the Other Dashboard Web Tracking Proxy Services Present Week/Day.
Step 2: Please select the Advanced
Step 3: Under URL Category Computer and Internet
Step 4: Export this report to PDF.
45