Help, how do I detect suspicious connections to external sites though your proxy?

  • 1
  • Question
  • Updated 9 years ago
  • Answered
  • (Edited)
  • 1
How do I create a report which will show traffic flows from my network which use our proxy server to access external sites?
Photo of Noeleen Hussey

Noeleen Hussey, Employee

  • 18 Posts
  • 1 Reply Like

Posted 9 years ago

  • 1
9 years ago
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes
Official Response
To set the report up please take the Web::Proxy Flows report as a base you will find it from the GUI:
Modules - Web - Advanced Reports - Proxy Flows (by IP)

In this report set up a filter in the parameter Website Name as follows:

!(\:8080|\:443|[a-z]|(\d+)\.(\d+)\.(\d+)\.(\d+))$

This should show you all accesses to servers not on ports 443 8080....
  • 1

Powered by Get Satisfaction