Websense uses their Multiplexer service to filter events from logs to generate Syslog events for QRadar (or any other SIEM). I do not know if the audit logs are exported or supported by the Multiplexer, as the audit logs are generated in HTML/Excel format.
If the Multiplexer service does not support audit logs, then existing Device Support Module (DSM) for Websense TRITON would need a protocol update to support a method retrieve and parse the events. The DSM would also require a review of the audit event format generated by Websense to ensure that they are parsed and categorized properly.
If the Multiplexer service does not support audit logs, then existing Device Support Module (DSM) for Websense TRITON would need a protocol update to support a method retrieve and parse the events. The DSM would also require a review of the audit event format generated by Websense to ensure that they are parsed and categorized properly.
Can QRadar SIEM collects the Websense audit trail logs that shows which administrators have accessed TRITON - Email Security, as well as any changes made to policies and settings.
Link:http://www.websense.com/content/support/library/email/v76/esg_help/customizing_audit_log_explain_esg.aspx
We followed the dsm guide to collect the logs for websense, we are getting the application logs but not the Websense audit trail logs.
If Yes? Please share the detailed process.
Appreciate your help at the earliest.
Link:http://www.websense.com/content/support/library/email/v76/esg_help/customizing_audit_log_explain_esg.aspx
We followed the dsm guide to collect the logs for websense, we are getting the application logs but not the Websense audit trail logs.
If Yes? Please share the detailed process.
Appreciate your help at the earliest.
Websense Email Security provides an audit trail showing which administrators have accessed TRITON - Email Security, as well as any changes made to policies and settings. This information is available only to Super Administrators. Monitoring..
No comments:
Post a Comment