Help, how do I detect suspicious connections to external sites though your proxy?

  • 1
  • Question
  • Updated 8 years ago
  • Answered
  • (Edited)
How do I create a report which will show traffic flows from my network which use our proxy server to access external sites?
Photo of Noeleen Hussey

Noeleen Hussey, Employee

  • 18 Posts
  • 1 Reply Like

Posted 8 years ago

  • 1
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 390 Posts
  • 8 Reply Likes
Official Response
To set the report up please take the Web::Proxy Flows report as a base you will find it from the GUI:
Modules - Web - Advanced Reports - Proxy Flows (by IP)

In this report set up a filter in the parameter Website Name as follows:

!(\:8080|\:443|[a-z]|(\d+)\.(\d+)\.(\d+)\.(\d+))$

This should show you all accesses to servers not on ports 443 8080....