search cancel

How to see client access via ProxySG to one of the external IP addresses ?

book

Article ID: 258067

calendar_today

Updated On:

Products

ISG Proxy ProxySG Software - SGOS

Issue/Introduction

How do I find a client that accesses a malicious (external) IP address or a malicious URL ?

Environment

Release : 7.3.8.2

Resolution

Edge Secure Web Gateway (formerly ProxySG) GUI doesn't has function to see client IP it is access for malicious URL. 
These information will be contains in accesslog that Edge Secure Web Gateway created.
Open the Accesslog and search "malicious".
You can find the client IP(and also user name) and URL in the line.

Malicious Category and accessed client IP/user name

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=QCKRr+eyws0edt9Utg7M8w==

The URL

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=xt+A35QyKYmIDFNdaHd4rQ==

The Malicious site IP

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=l9xBVPlCfaOlC1+Mf2sN1Q==

 

Additional Information

If you have Management Center and Reporter it devices are analysis Edge Secure Web Gateways accesslogs and create result by graphical interface.
That result you will get below sample.

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=gc7DSfVW4VYP49iNNfyumw==

Please also see product detail in out documents.

Management Center Reporter