Web Proxy
Web Proxy data source: pxy
Web Proxy data are raw events that capture network traffic, primarily Web surfing, from a collection of human users.
Examples
-
A user accessed the Web site https://yourcompany.com
-
A user received data from a web destination, vap3iad3.lijit.com
Examples of Web Proxy products include:
-
Microsoft Internet Security and Acceleration Server (ISA)
-
Squid
-
Blue Coat Secure Web Gateway
Supported SmartConnectors
The following SmartConnectors are used for the collection and ingestion of Web Proxy data:
-
SmartConnector for Microsoft Forefront Threat Management Gateway File
-
SmartConnector for Squid Web Proxy Server File
-
SmartConnector for Blue Coat Proxy SG Multiple Server File
Web Proxy Schema
The following table describes the default_secops_adm. Events table columns for Web Proxy data.
| Column Name | Data Type | Required (Y/N) | Description | Example |
|---|---|---|---|---|
| deviceReceiptTime | Integer | Y |
The time at which the event related to the activity was received. |
1592839336200 Equivalent GMT -2020-06- 22 15:22:00 |
| requestMethod | Varchar | Y | The HTTP method of the request. | GET |
| deviceSeverity | Varchar | Y | The HTTP response status. | 400 |
| bytesIn | Integer | Y | Bytes returned to the client in the response. | 410235 |
| sourceUserName | Varchar | N | The name associated with the client making the request. | john.legget |
| destinationHostName | Varchar | N | The host name of the machine the client is trying to connect to. | a-0001.a-msedge.net |
| bytesOut | Integer | N | The number of bytes the client sent in its request. | 690235 |
| requestClientApplication | Varchar | N | The agent string of the Blue Coat devices. | Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0 |
| deviceCustomString1 | Varchar | N | The agent string of the Microsoft devices. | Windows Update Agent |
| deviceVendor | Varchar | N | The device vendor of the client. | Microsoft |
| deviceProduct | Varchar | N | The device product of the client. | ISA Server |