advertisement
The Web Security Dashboard
Web Security Status Monitor mode
Web Security Help | Web Security Solutions | Version 7.8.x
For security purposes, a TRITON console session ends after 30 minutes of inactivity.
You can, however, enter a Status Monitor mode that lets you monitor Internet activity and alerting data without timing out.
You must log off of other TRITON management modules to enter Status Monitor mode in the Web Security manager.
In Status Monitor mode, information on the Status > Dashboard, Status > Alerts,
Status > Deployment, and Reporting > Real-Time Monitor pages continues to update normally until you close the browser or log off.
To initiate Status Monitor mode, first save or discard any pending changes, then:
Select Status Monitor mode from the Role drop-down list in the Web Security toolbar.
Click the Status Monitor button in the toolbar at the top of the Status >
Dashboard or Status > Alerts. page.
To stop monitoring Web Security status, log off of the TRITON console or close the browser.
Web Security Help
47
The Web Security Dashboard
48
Websense Web Security Solutions
3
Internet Usage Filters
Web Security Help | Web Security Solutions | Version 7.8.x
Related topics:
Managing access to categories and protocols
Configuring filtering settings
Policies govern user Internet access. A policy is a schedule that determines how and when clients are able to access websites and Internet applications. At their simplest, policies consist of:
Category filters, used to apply actions (permit, block) to website categories
Protocol filters, used to apply actions to Internet applications and non-HTTP
protocols
Note
In Websense Web Security Gateway Anywhere environments, the hybrid service does not enforce protocol filters.
A schedule that determines when each filter is enforced
Policies let you assign varying levels of Internet access to clients (for example, users, groups, or IP addresses in your network). First, create filters to define precise Internet access restrictions, and then use the filters to construct a policy.
Web Security Help
49
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
advertisement
Table of contents
- 3 Contents
- 17 Getting Started
- 17 Overview
- 18 Working in the TRITON console
- 20 Navigating the Web Security manager
- 23 Reviewing, saving, and discarding changes
- 24 Your subscription
- 24 Managing your account through the MyWebsense Portal
- 25 Configuring your account information
- 27 The Websense Master Database
- 29 Configuring database downloads
- 30 What is WebCatcher?
- 31 Websense Technical Support
- 33 The Web Security Dashboard
- 35 Threats dashboard
- 37 Investigate threat event details
- 39 How severity is assigned to suspicious activity
- 39 Reviewing threat incident details
- 41 Reviewing threat-related forensic data
- 42 Risks dashboard
- 43 Usage dashboard
- 43 System dashboard
- 44 Adding elements to a dashboard tab
- 46 Time and bandwidth saved
- 47 Web Security Status Monitor mode
- 49 Internet Usage Filters
- 50 Managing access to categories and protocols
- 52 When a category or protocol is blocked
- 52 New Master Database categories and protocols
- 53 Special categories
- 55 Risk classes
- 58 Security protocol groups
- 58 Actions
- 59 Using quota time to limit Internet access
- 60 Search filtering
- 61 Working with filters
- 62 Creating a category filter
- 63 Editing a category filter
- 65 Creating a protocol filter
- 65 Editing a protocol filter
- 67 Websense-defined category and protocol filters
- 68 Category and protocol filter templates
- 69 Configuring filtering settings
- 73 Clients
- 74 Working with clients
- 75 Working with computers and networks
- 76 Working with users and groups
- 77 Directory services
- 78 Windows Active Directory (Mixed Mode)
- 79 Windows Active Directory (Native Mode)
- 80 Novell eDirectory and Oracle (Sun Java) Directory Server
- 81 Advanced directory settings
- 83 Working with custom LDAP groups
- 84 Adding or editing a custom LDAP group
- 84 Adding a client
- 85 Searching the directory service
- 86 Changing client settings
- 87 Password override
- 88 Account override
- 89 Moving clients to roles
- 90 Working with hybrid service clients
- 91 Internet Access Policies
- 92 The Default policy
- 93 Working with policies
- 94 Creating a policy
- 95 Editing a policy
- 97 Assigning a policy to clients
- 97 Enforcement order
- 98 Prioritizing group and domain policies
- 100 Responding to a URL request
- 105 Exceptions to Policies
- 105 Managing exceptions
- 107 How are exceptions organized?
- 108 Adding or editing an exception
- 110 Overriding an exception
- 111 If multiple exceptions could apply, which takes precedence?
- 111 Editing multiple exceptions at the same time
- 112 Exception shortcuts
- 112 How do I block or permit a URL for everyone?
- 113 How do I block or permit a URL for one person?
- 113 How do I block or permit a URL for my entire role?
- 114 How do I block or permit a URL for one of my managed clients?
- 115 How do I create an unfiltered URL?.
- 117 Block Pages
- 119 Blocking graphical advertisements
- 119 Blocking embedded pages
- 120 Working with block pages
- 122 Customizing the block message
- 123 Changing the size of the message frame
- 124 Changing the logo that displays on the block page
- 124 Using block page content variables
- 126 Reverting to the default block pages
- 126 Creating alternate block messages
- 127 Using an alternate block page on another machine
- 128 Determining why a request was blocked
- 128 Request blocked by Filtering Service
- 129 Request blocked by the hybrid service
- 131 Use Reports to Evaluate Internet Activity
- 132 What is Internet browse time?
- 133 Presentation reports
- 136 Creating a new presentation report
- 137 Defining the report filter
- 139 Selecting clients for a report
- 140 Selecting categories for a report
- 141 Selecting protocols for a report
- 141 Selecting actions for a report
- 142 Setting report options
- 143 Customizing the report logo
- 143 Confirming report filter definition
- 144 Working with Favorites
- 145 Running a presentation report
- 146 Scheduling presentation reports
- 147 Setting the schedule
- 149 Selecting reports to schedule
- 150 Setting the date range
- 151 Selecting output options
- 151 Viewing the scheduled jobs list
- 153 Viewing job history
- 153 Reviewing scheduled presentation reports
- 155 Investigative reports
- 157 Summary reports
- 160 Using search to generate a summary report
- 161 Anonymizing investigative reports
- 161 The Anonymous option
- 162 Multi-level summary reports
- 163 Flexible detail reports
- 165 Columns for flexible detail reports
- 167 User Activity Detail reports
- 168 User activity detail by day
- 169 User activity detail by month
- 170 Standard reports
- 171 Favorite investigative reports
- 172 Scheduling investigative reports
- 175 Managing scheduled investigative reports jobs
- 175 Outliers reports
- 176 Output options for investigative reports
- 178 Accessing self-reporting
- 178 Application reporting
- 181 How is user agent data collected?
- 182 Browser use details
- 183 Platform use details
- 184 Real-Time Monitor
- 187 Real-Time Monitor in Multiple Policy Server Deployments
- 189 Content Gateway Analysis
- 191 Scanning options
- 193 Content categorization
- 194 Tunneled protocol detection
- 195 Security threats: Content security
- 196 Security threats: File analysis
- 202 Outbound security
- 203 Advanced options
- 205 Scanning exceptions
- 207 Data files used with scanning
- 208 Reporting on advanced analysis activity
- 209 How analysis activity is logged
- 211 SSL decryption bypass
- 215 Configure the Hybrid Service
- 216 Activate your hybrid service account
- 217 Define filtered locations
- 218 Adding or editing filtered locations
- 220 Managing explicit proxies
- 220 Adding or editing an explicit proxy
- 221 Configuring failover to the hybrid service
- 222 Specify sites not managed by the hybrid service
- 223 Adding or editing unfiltered destinations
- 224 Configure user access to the hybrid service
- 226 Adding domains
- 227 Editing domains
- 227 Customizing hybrid block pages
- 228 Enabling HTTPS notification pages
- 229 What is a PAC file?
- 231 Send user and group data to the hybrid service
- 231 Configure Directory Agent settings for the hybrid service
- 233 Configure how data is gathered for the hybrid service
- 234 Oracle (Sun Java) Directory Server and the hybrid service
- 235 Novell eDirectory and the hybrid service
- 236 Adding and editing directory contexts
- 238 Optimizing search results
- 239 Schedule communication with the hybrid service
- 241 Define custom authentication settings
- 242 Adding custom authentication rules
- 243 Editing custom authentication rules
- 245 Monitor communication with the hybrid service
- 246 View hybrid service authentication reports
- 247 View User Agent Volume report
- 249 Manage Off-site Users
- 250 Using remote filtering software
- 251 Configuring Remote Filtering settings
- 252 Configure remote filtering to ignore FTP or HTTPS traffic
- 253 Configure the Remote Filtering Client heartbeat interval
- 253 Hybrid service management of off-site users
- 254 Configuring hybrid filtering for off-site users
- 254 Off-site user self-registration
- 257 Protect Vital Information
- 257 Protecting against data loss
- 258 Protecting end users’ devices
- 258 Mobile Integration
- 261 Refine Web Security Policies
- 261 Restricting users to a defined list of URLs
- 262 Limited access filters and enforcement order
- 263 Creating a limited access filter
- 264 Editing a limited access filter
- 265 Adding sites from the Edit Policy page
- 266 Copying filters and policies to roles
- 267 Building filter components
- 268 Working with categories
- 268 Editing categories and their attributes
- 269 Reviewing all customized category attributes
- 270 Making global category changes
- 270 Renaming a custom category
- 271 Creating a custom category
- 272 Keyword-based policy enforcement
- 273 Defining keywords
- 274 Reclassifying specific URLs
- 276 Prioritizing Security Risk categorization
- 277 Blocking posts to sites in some categories
- 278 Working with protocols
- 279 Protocol-based policy enforcement
- 280 Editing custom protocols
- 280 Adding or editing protocol identifiers
- 281 Renaming a custom protocol
- 282 Making global protocol changes
- 282 Creating a custom protocol
- 284 Adding to a Websense-defined protocol
- 284 Using Bandwidth Optimizer to manage bandwidth
- 286 Configuring the default Bandwidth Optimizer limits
- 287 Managing traffic based on file type
- 288 Enforcement based on file extension
- 291 Enforcement based on file analysis
- 292 Enabling file type blocking in a category filter
- 293 Working with file type definitions
- 294 Adding custom file types
- 294 Adding file extensions to a file type
- 296 Using regular expressions
- 296 Using the Toolbox to verify policy enforcement behavior
- 297 URL Category
- 297 Check Policy
- 298 Test Filtering
- 298 URL Access
- 298 Investigate User
- 299 Identifying a user to check policy or test filtering
- 301 User Identification
- 302 Transparent identification
- 303 Transparent identification of remote users
- 303 Manual authentication
- 304 Configuring user identification methods
- 306 Setting authentication rules for specific machines
- 306 Defining exceptions to user identification settings
- 307 Revising exceptions to user identification settings
- 308 Secure manual authentication
- 309 Generating keys and certificates
- 310 Activating secure manual authentication
- 311 Accepting the certificate within the client browser
- 312 DC Agent
- 313 Configuring DC Agent
- 315 Reviewing DC Agent polled domains and domain controllers
- 316 The dc_config.txt file
- 317 Logon Agent
- 318 Configuring Logon Agent
- 319 RADIUS Agent
- 320 Configuring RADIUS Agent
- 321 eDirectory Agent
- 322 Configuring eDirectory Agent
- 323 Adding an eDirectory server replica
- 324 Configuring eDirectory Agent to use LDAP
- 325 Enabling full eDirectory Server queries
- 326 Configuring an agent to ignore certain user names
- 328 Identification of hybrid users
- 330 Authentication priority and overrides
- 331 Web Endpoint deployment overview
- 333 Manually deploying Web Endpoint for Windows
- 335 Manually deploying Web Endpoint for Mac OS X
- 335 Integrating a single sign-on identity provider
- 336 Websense Directory Agent
- 337 Directory Agent and User Service
- 338 When users are not identified
- 339 Delegated Administration and Reporting
- 340 The fundamentals of delegated administration
- 340 Delegated administration roles
- 341 Delegated administrators
- 342 Delegated administration and reporting permissions
- 345 Administrators in multiple roles
- 346 Multiple administrators accessing the TRITON console
- 347 Preparing for delegated administration
- 348 Creating a Filter Lock
- 349 Locking categories
- 350 Locking protocols
- 351 Preparing delegated administrators
- 352 Managing delegated administration roles
- 353 Adding roles
- 354 Editing roles
- 357 Adding Administrators
- 359 Adding managed clients
- 360 Managing role conflicts
- 361 Updating delegated administration roles
- 362 Delete roles
- 362 Delete managed clients
- 363 Managing Super Administrator clients
- 363 Performing delegated administrator tasks
- 364 View your user account
- 365 Add clients to the Clients page
- 366 Create policies and filters
- 367 Reviewing administrator accounts
- 367 Enabling network accounts
- 369 Web Security Server Administration
- 370 Websense Web Security components
- 371 Policy enforcement and management components
- 374 Reporting components
- 375 User identification components
- 376 Interoperability components
- 376 Reviewing your Web Security deployment
- 377 Using the Policy Server map
- 378 Using the component list
- 379 Evaluating directory performance
- 380 Review directory server details
- 380 Understanding Policy Broker
- 381 Reviewing Policy Broker connections
- 382 Working with Policy Server
- 383 Reviewing Policy Server connections
- 384 Adding or editing Policy Server instances
- 385 Working in a multiple Policy Server environment
- 386 Changing the Policy Server IP address
- 388 Working with Filtering Service
- 389 Review Filtering Service details
- 389 Review Master Database download status
- 390 Resuming Master Database downloads
- 390 Filtering Service support for YouTube in Schools
- 391 Policy Server, Filtering Service, and State Server
- 394 Integrating with a third-party SIEM solution
- 395 Working with Content Gateway
- 396 Managing Content Gateway connections
- 396 Viewing and exporting the audit log
- 398 Stopping and starting Websense services
- 401 Websense Web Security installation directories
- 401 Alerting
- 402 Flood control
- 402 Configuring general alert options
- 403 Configuring system alerts
- 405 Configuring category usage alerts
- 405 Adding or editing category usage alerts
- 406 Configuring protocol usage alerts
- 407 Adding or editing protocol usage alerts
- 408 Configuring suspicious activity alerts
- 409 Reviewing current system status
- 410 Backing up and restoring your Websense data
- 412 Scheduling backups
- 414 Running immediate backups
- 415 Maintaining the backup files
- 416 Restoring your Websense data
- 417 Discontinuing scheduled backups
- 417 Command reference
- 419 Reporting Administration
- 420 Assigning categories to risk classes
- 421 Configuring reporting preferences
- 422 Configuring how requests are logged
- 424 Configuring Log Server
- 429 Testing the Log Database connection
- 430 Introducing the Log Database
- 431 Database jobs
- 432 Log Database administration settings
- 433 Configuring database partition options
- 436 Configuring Log Database maintenance options
- 438 Configuring how URLs are logged
- 439 Configuring Internet browse time options
- 440 Configuring trend and application data retention
- 442 Log Database sizing guidance
- 443 Configuring Dashboard reporting data
- 446 Configuring investigative reports
- 446 Database connection and report defaults
- 448 Display and output options
- 450 Self-reporting
- 451 Network Configuration
- 452 Network Agent configuration
- 453 Configuring global settings
- 454 Configuring local settings
- 456 Configuring NIC settings
- 457 Configuring monitoring settings for a NIC
- 458 Adding or editing IP addresses
- 459 Verifying Network Agent configuration
- 461 Troubleshooting
- 461 Installation and subscription issues
- 462 There is a subscription problem
- 462 Unable to verify the subscription key
- 463 After upgrade, users are missing from the Web Security manager
- 463 Master Database issues
- 463 The initial filtering database is being used
- 464 The Master Database is more than 1 week old
- 464 The Master Database does not download
- 465 Subscription key
- 465 Internet access
- 466 Verify firewall or proxy server settings
- 467 Insufficient disk space on the Filtering Service machine
- 468 Insufficient memory on the Filtering Service machine
- 468 Restriction applications
- 469 Master Database download does not occur at the correct time
- 469 Contacting Technical Support for database download issues
- 470 Policy enforcement issues
- 470 Filtering Service is not running
- 471 User Service is not available
- 471 High CPU usage on the Filtering Service machine
- 472 Sites are incorrectly categorized as Information Technology
- 472 Keywords are not being blocked
- 473 Custom or limited access filter URLs are not handled as expected
- 473 Websense software is not applying user or group policies
- 473 Remote users do not receive the correct policy
- 474 Network Agent issues
- 474 Network Agent is not installed
- 474 Network Agent is not running
- 475 Network Agent is not monitoring any NICs
- 475 Network Agent can’t communicate with Filtering Service
- 476 Update Filtering Service IP address or UID information
- 476 Insufficient memory on the Network Agent machine
- 477 High CPU usage on the Network Agent machine
- 477 User configuration and identification issues
- 477 User and group-based policies are not applied
- 478 Unusually high directory server connection latency
- 479 Filtering Service can’t communicate with transparent ID agent
- 480 DC Agent has insufficient permissions
- 481 DC Agent unable to access required file
- 482 DC Agent Domains and Controllers page is blank
- 482 I cannot add users and groups to the Web Security manager
- 483 Directory service connectivity and configuration
- 483 Directory service configuration
- 484 User identification and Windows Server
- 484 Turning on the Computer Browser service
- 485 Changing DC Agent, Logon Agent, and User Service permissions
- 486 User Service on a Websense appliance or Linux server
- 487 Remote users are not prompted for manual authentication
- 487 Remote users are not being filtered correctly
- 488 Block message issues
- 488 No block page appears for a blocked file type
- 488 Users receive a browser error instead of a block page
- 489 A blank white page appears instead of a block page
- 489 Log, status message, and alert issues
- 490 Where do I find error messages for Websense components?
- 490 Websense Health alerts
- 492 Two log records are generated for a single request
- 492 Usage Monitor is not available
- 493 Usage Monitor is not running
- 493 Policy Server and Policy Broker issues
- 493 I forgot my password
- 494 The Websense Policy Database service fails to start
- 494 Policy Server stops unexpectedly
- 495 A Policy Broker replica cannot synchronize data
- 495 Delegated administration issues
- 495 Managed clients cannot be deleted from role
- 496 Logon error says someone else is logged on at my machine
- 496 Recategorized sites are filtered according to the wrong category
- 496 I cannot create a custom protocol
- 497 Log Server and Log Database issues
- 497 Log Server is not running
- 498 Log Server has not received log files from Filtering Service
- 500 Low disk space on the Log Server machine
- 501 No Log Server is installed for a Policy Server
- 502 More than one Log Server is installed for a Policy Server
- 503 Log Database was not created
- 503 Log Database is not available
- 504 Log Database size causes reporting delays
- 505 More than 100 files in the Log Server cache directory
- 506 Last successful ETL job ran more than 4 hours ago
- 507 Configure Log Server to use a database account
- 508 Log Server is not recording data in the Log Database
- 508 Updating the Log Server connection account or password
- 509 Configuring user permissions for Microsoft SQL Server
- 509 Log Server cannot connect to the directory service
- 510 Wrong reporting page displayed
- 510 Investigative report and presentation report issues
- 511 Presentation Reports Scheduler not connected to Log Database
- 511 Inadequate disk space to generate presentation reports
- 512 Scheduled jobs in presentation reports failed
- 512 Data on Internet browse time reports is skewed
- 512 Bandwidth is larger than expected
- 513 Trend data is missing from the Log Database
- 513 Trend reports are not displaying data
- 514 Some protocol requests are not being logged
- 514 All reports are empty
- 514 Database partitions
- 515 SQL Server Agent job
- 515 Log Server configuration
- 516 Microsoft Excel output is missing some report data
- 516 Saving presentation reports output to HTML
- 517 Error generating presentation report, or report does not display
- 517 Investigative reports search issues
- 518 General investigative reports issues
- 518 Other reporting issues
- 518 Low memory on the Real-Time Monitor machine
- 519 Real-Time Monitor is not running
- 519 Real-Time Monitor is not responding
- 520 Cannot access certain reporting features
- 520 No charts appear on the Status > Dashboard page
- 520 There is a forensics data configuration problem
- 521 The forensics repository location could not be reached
- 521 Forensics data will soon exceed a size or age limit
- 522 Websense Multiplexer is not running or not available
- 522 Interoperability issues
- 523 Content Gateway is not running
- 523 Content Gateway is not available
- 524 Content Gateway non-critical alerts
- 526 Administrator unable to access other TRITON modules
- 527 Sync Service is not available
- 528 Sync Service has been unable to download log files
- 528 Sync Service has been unable to send data to Log Server
- 528 Hybrid policy enforcement data does not appear in reports
- 529 Disk space is low on the Sync Service machine
- 529 The Sync Service configuration file
- 530 Directory Agent is not running
- 531 Directory Agent cannot connect to the domain controller
- 532 Directory Agent communication issues
- 533 Directory Agent does not support this directory service
- 533 The Directory Agent configuration file
- 535 Directory Agent command-line parameters
- 535 Alerts were received from the hybrid service
- 536 Unable to connect to the hybrid service
- 536 Hybrid service unable to authenticate connection
- 537 Missing key hybrid configuration information
- 538 Hybrid failover proxy removed from explicit proxies list
- 538 Troubleshooting tips and tools
- 538 Where is the Websense “bin” directory?
- 538 The Windows Services tool
- 539 The Windows Event Viewer
- 539 The Websense log file
- 541 Index