Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2778
Views
0
Helpful
1
Replies

how to see specific users web traffic or domains visited ?

cyberops123
Level 1
Level 1

‎04-24-2018 06:22 PM - edited ‎03-08-2019 07:44 PM

I am trying to figure out how to check for specific users internet browsing history in Cisco ironport s170 .

we get time to time phishing emails and when we do investigation we want to make sure if end user clicked on the link that comes in the email and  or directed to different malicious websites . 

 

I used third party cloud based proxy and I was able to filter for any user for specific time period and pull out all the websites they visit . Let me know if anyone can help me on this 

 

 

Thanks 

Labels:
0 Helpful
1 Reply 1

Handy Putra
Cisco Employee
Cisco Employee

‎04-24-2018 06:34 PM

Hi,

 

You can pull out a report from Web Tracking report.

 

From web tracking, you can enter the user or client IP address on certain time range and also filter based on websites, or transaction types (allow, block, etc).

And if you click on "Advanced" link you can make further filter.

 

Web tracking is in GUI -> Reporting -> Web Tracking -> Proxy Services tab

 

Another way is that to check the actual raw logs from CLI (called accesslogs)

You can do  "grep" command and select accesslogs number and put your user or client IP address as the regular expression to list out what sort of traffic that user requesting.

 

Regards

Handy Putra

0 Helpful
Customers Also Viewed These Support Documents