Web Filtering and Web Application Content Pack

Overview

Abnormal or out-of-place web traffic may indicate that an inside source has been compromised, or that you are experiencing a malware event, adware, spyware, or other unwanted connections. This content pack is a collection of components that can be used to quickly launch dashboards to monitor web connections, look deeper into web traffic, and prioritize where further investigation is required.

Content Pack Components

Views
  • Web Filter Normalization View
  • Web Filter View
  • Web filter View - Allowed
  • Web Filter View - Blocked
  • Vendor Web Filter Views
    • Barracuda Web View
    • Cisco Web View
    • EdgeWave Web View
    • Fortinet Web View
    • McAfee Web View
    • Radware Web View
    • Sophos Web View
    • Squid Web View
    • Symantec Web View
    • Trend Micro Web View
    • Trustwave Web View
    • Websense Web View
Reports

Gives a summary of daily web traffic, which is filtered off of devices listed below.

  • Web Filter - Daily Activity Report
    • Top Source IPs – Allowed
    • Top Source IPs – Denied
    • Top Domains
    • Top Source Users
    • Top Destination Ports – Allowed
    • Top Destination Ports – Blocked
    • Average Domain Severity
    • Average Event Severity with Count
Correlation Rules
  • Web Filter - Multiple Blocked Web Policy Connections
  • Web Filter - Excessive Web Connections
  • Web Filter - Multiple Allowed Web Policy Connections
  • Web Filter - Possible Web Exploit Event

Required Products

  • McAfee Enterprise Security Manager (ESM) 10.0.x, 9.6.x, 9.5.x
  • McAfee Advanced Correlation Engine (ACE) 10.0.x, 9.6.x, 9.5.x
  • Select views will work best when any of the following devices are logging to the McAfee Enterprise Security Manager.
    • Barracuda Networks – Barracuda Web filter
    • Cisco – IronPort Web Security Appliance
    • EdgeWave – iPrism Web Security
    • Fortinet – FortiWeb Web Application Firewall
    • McAfee – WebShield
    • McAfee – Web Gateway
    • Radware – AppWall
    • Sophos – Web Security and Control
    • Squid – Squid
    • Symantec – Symantec Web Gateway
    • Trend Micro – InterScan Web Security Suite
    • Trustwave – WebDefend
    • Websense – Websense

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article

Explore

Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?

Register for Free Trial