Integrate Websense Web Security Gateway (WSG)
Integrate Websense Web SecurityGateway (WSG)EventTracker EnterpriseEventTrackerPublication Date: Jan. 19, 20178815 Centre Park DriveColumbia MD 21045www.eventtracker.com
EventTracker: Integrating Websense Web Security GatewayAbstractThis guide provides instructions to configure Websense Web Security Gateway (WSG) to sendthe syslog events to EventTracker Enterprise.ScopeThe configurations detailed in this guide are consistent with EventTracker Enterprise version7.X and later, and Websense Web Security Gateway (WSG) v7.7 and later.AudienceWebsense Web Security Gateway users, who wish to forward events to EventTracker Manager.The information contained in this document represents the current view of PrismMicrosystems Inc. on the issues discussed as of the date of publication. Because PrismMicrosystems must respond to changing market conditions, it should not be interpreted to bea commitment on the part of Prism Microsystems, and Prism Microsystems cannotguarantee the accuracy of any information presented after the date of publication.This document is for informational purposes only. Prism Microsystems MAKES NOWARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.Complying with all applicable copyright laws is the responsibility of the user. Without limitingthe rights under copyright, this paper may be freely distributed without permission fromPrism, as long as its content is unaltered, nothing is added to the content and credit to Prismis provided.Prism Microsystems may have patents, patent applications, trademarks, copyrights, or otherintellectual property rights covering subject matter in this document. Except as expresslyprovided in any written license agreement from Prism Microsystems, the furnishing of thisdocument does not give you any license to these patents, trademarks, copyrights, or otherintellectual property.The example companies, organizations, products, people and events depicted herein arefictitious. No association with any real company, organization, product, person or event isintended or should be inferred. 2017 Prism Microsystems Corporation. All rights reserved. The names of actual companiesand products mentioned herein may be the trademarks of their respective owners.1
EventTracker: Integrating Websense Web Security GatewayTable of ContentsAbstract. 1Scope . 1Audience. 1Prerequisites. 3Integrate EventTracker with Websense WSG . 3Deploy Websense Multiplexer . 3Enable and configure SIEM integration . 6EventTracker Knowledge Pack (KP). 6Import Websense WSG Knowledge Pack into EventTracker . 8Import Category . 9Import Alerts . 10Import Tokens . 11Import Flex Reports . 12Verify Websense WSG knowledge pack in EventTracker . 13Verify Websense WSG Categories . 13Verify Websense WSG Alerts. 13Verify Websense WSG Tokens. 14Verify Websense WSG Flex Reports. 15Create Flex Dashboards in EventTracker . 16Schedule Reports . 16Create Dashlets. 19Sample Flex Dashboards . 222
EventTracker: Integrating Websense Web Security GatewayPrerequisites EventTracker should be installed Websense Web Security Gateway v7.7 and later should be installed and configuredIntegrate EventTracker with WebsenseWSGWebsense Web Security solutions can be configured to pass Internet activity (log) data toEventTracker product.To enable this configuration:1. Install an instance of Websense Multiplexer for each Websense Policy Server in yournetwork.In appliance-based deployments Policy Server runs on the full policy source appliance andall users directory and filtering appliances.2. In Websense-Web Security Gateway, to activate the integration and configure Multiplexerto send log data to EventTracker in the format required, select Settings, select General andthen select SIEM Integration.Deploy Websense MultiplexerWebsense Multiplexer can run on supported Windows/Linux platforms/Websense V-Seriesappliances. To install Multiplexer on Windows, use the TRITON Unified theDownloadspageof https://www.websense.com/. (Enter your product and version, and then select theWindows installer.)Perform a custom installation. To install Multiplexer on Linux, use the Web(WebsenseWeb77Setup Lnx.tar.gz),availablefromSecurity Linux InstallertheDownloadspage3
EventTracker: Integrating Websense Web Security Gatewayof https://www.websense.com/. (Enter your product and version, and then select theLinux installer.)Perform a custom installation. To add Multiplexer to an existing software installation, launch the installer for yourplatform and select the Modify option.1. On Windows, if you chose to keep installation files after the initial installation, selectStart, select All Programs, and then select Websense.2. To start the installer without having to re-extract files, select Websense TRITON Setup. To enable Multiplexer on a full policy source or user directory and filtering appliance:1. In Appliance Manager, select Administration, select Toolbox, and then selectCommand Line Utility page 2. Select the Web Security module. 3. Select multiplexer, then use the enable command. Install only one Multiplexer instance for each Policy Server instance. If more than one Multiplexer is installed for a Policy Server, only the last installed instanceof Multiplexer is used. Configuration for each Multiplexer instance is stored by its Policy Server. This means thatyou can configure different settings for each Multiplexer instance, if, for example, you use adifferent SIEM product in different regions.The following diagram shows a possible configuration for SIEM integration:4
EventTracker: Integrating Websense Web Security GatewayFigure 1This deployment includes 2 Policy Server instances, each with its own Multiplexer instance. There are two Filtering Service instances associated with Policy Server 1; both passInternet activity data to Multiplexer 1. Each Multiplexer instance passes the data that it receives from its associated FilteringService instances to both Websense Log Server and a third-party SIEM product.The illustration shows two V-Series appliances and an additional server; all Websensecomponents shown in the diagram could be deployed on supported Windows/Linux server/VSeries appliance.5
EventTracker: Integrating Websense Web Security GatewayEnable and configure SIEM integrationLog on to Web Security Gateway to activate and configure SIEM integration.1. Select Settings, select General, and then select SIEM Integration.2. Select Enable SIEM integration for the Policy Server.3. Provide the IP address or hostname of the EventTracker machine. Then, provide 514 as theCommunication Port.4. Specify the UDP to use when sending data to the EventTracker machine.5. Select the syslog/key-value pairs (Splunk and others) from the SIEM format drop down.6. Click OK to save the changes done.7. Click Save and Deploy to implement the changes done.After the changes have been saved, it forwards the logs to EventTracker.EventTracker Knowledge Pack (KP)Once logs are received in to EventTracker, Alerts and Reports can be configured intoEventTracker.The following Knowledge Packs are available in EventTracker v7.x to support Websense WSGmonitoring:Categories: Websense WSG: Bandwidth web category access blocked - This category based reportprovides information related to blocked bandwidth web category access. Websense WSG: Bandwidth web category access permitted - This category based reportprovides information related to permitted bandwidth web category access. Websense WSG: Baseline web category access blocked - This category based reportprovides information related to blocked baseline web category access. Websense WSG: Baseline web category access permitted - This category based reportprovides information related to permitted baseline web category access. Websense WSG: Productivity web category access blocked - This category based reportprovides information related to blocked productivity web category access. Websense WSG: Productivity web category access permitted - This category based reportprovides information related to permitted productivity web category access.6
EventTracker: Integrating Websense Web Security Gateway Websense WSG: Security web category access blocked - This category based reportprovides information related to blocked security web category access. Websense WSG: Security web category access permitted - This category based reportprovides information related to permitted security web category access. Websense WSG: Social networking web category access blocked - This category basedreport provides information related to blocked social networking web category access. Websense WSG: Social networking web category access permitted - This category basedreport provides information related to permitted social networking web category access.Alerts: Websense WSG: Bandwidth web category access blocked - This alert is generated whenany Bandwidth web category access blocked from Websense WSG. Websense WSG: Baseline web category access blocked - This alert is generated when anyBaseline web category access blocked from Websense WSG. Websense WSG: Productivity web category access blocked - This alert is generated whenany productivity web category access blocked from Websense WSG. Websense WSG: Security web category access blocked - This alert is generated when anySecurity web category access blocked from Websense WSG. Websense WSG: Social networking web category access blocked - This alert is generatedwhen any Social networking web category access permitted from Websense WSG.7
EventTracker: Integrating Websense Web Security GatewayImport Websense WSG Knowledge Packinto EventTrackerNOTE: Import knowledge pack items in the following sequence: CategoriesAlertsParsing RuleFlex Reports1. Launch EventTracker Control Panel.2. Double click Export Import Utility, and then click the Import tab.Figure 23. Click the Import tab.8
EventTracker: Integrating Websense Web Security GatewayImport Category1.Click Category option, and then click the browsebutton.2. Locate the All Websense WSG group of categories.iscat file, and then click Open button.Figure 33. To import categories, click the Import button.EventTracker displays success message.Figure 44. Click the OK, and then click the Close button.9
EventTracker: Integrating Websense Web Security GatewayImport Alerts1. Click Alerts option, and then click the browsebutton.2. Locate the All Websense WSG group of alerts.isalt file, and then click the Open button.Figure 52. To import alerts, click the Import button.EventTracker displays success message.Figure 63. Click OK, and then click the Close button.10
EventTracker: Integrating Websense Web Security GatewayImport Tokens1.Click Token value option, and then click the browsebutton.Figure 72. Locate the All Websense WSG group of parsing rules.istoken file, and then click the Openbutton.3. To import tokens, click the Import button.EventTracker displays success message.Figure 84. Click OK, and then click the Close button.11
EventTracker: Integrating Websense Web Security GatewayImport Flex Reports1. Click Report option, and then click the browsebutton.Figure 92. Locate All Websense WSG group of Flex Report.issch file, and then click the Open button.3. To import scheduled reports, click the Import button.EventTracker displays success message.Figure 104. Click OK, and then click the Close button.12
EventTracker: Integrating Websense Web Security GatewayVerify Websense WSG knowledge pack inEventTrackerVerify Websense WSG Categories1. Logon to EventTracker Enterprise.2. Click the Admin menu, and then click Categories.3. In the Category Tree, expand Websense WSG group folder to view the imported categories.Figure 11Verify Websense WSG Alerts1. Logon to EventTracker Enterprise.2. Click the Admin menu, and then click Alerts.3. In the Search field, type ‘Websense WSG’, and then click the Go button.Alert Management page will display all the imported Websense WSG alerts.13
EventTracker: Integrating Websense Web Security GatewayFigure 124. To activate the imported alerts, select the respective checkbox in the Active column.EventTracker displays message box.Figure 135. Click the OK button, and then click the Activate now button.NOTE: You can select alert notification such as Beep, Email, and Message etc. For this,select the respective checkbox in the Alert management page, and then click the ActivateNow button.Verify Websense WSG Tokens1. Logon to EventTracker Enterprise.2. Click the Admin menu, and then click Parsing rules.14
EventTracker: Integrating Websense Web Security GatewayThe imported Websense WSG tokens are added in Token-Value Groups list. Pleaserefer Figure 12.Figure 14Verify Websense WSG Flex Reports1. Logon to EventTracker Enterprise.2. Select the Reports menu, and then select Configuration.3. In Reports Configuration, select Defined option.EventTracker displays Defined page.4. In search box enter ‘Websense WSG’.EventTracker displays Flex reports of Websense WSG.15
EventTracker: Integrating Websense Web Security GatewayFigure 15Create Flex Dashboards in EventTrackerNOTE: To configure the flex dashboards, schedule and generate the reports. Flex dashboardfeature is available from EventTracker Enterprise v8.0.Schedule Reports1. Open EventTracker in browser and logon.Figure 1616
EventTracker: Integrating Websense Web Security Gateway2. Navigate to Reports Configuration.3. Select Websense security gateway in report groups. Check Defined dialog box.Figure 171. Click on ‘schedule’to plan a report for later execution.2. Click Next button to proceed.3. In review page, check Persist data in EventVault Explorer option.17
EventTracker: Integrating Websense Web Security GatewayFigure 184. In next page, check column names to persist using PERSIST checkboxes beside them.Choose suitable Retention period.18
EventTracker: Integrating Websense Web Security GatewayFigure 195. Proceed to next step and click Schedule button.6. Wait till the reports get generated.Create Dashlets1. Open EventTracker Enterprise in browser and logon.Figure 2019
EventTracker: Integrating Websense Web Security Gateway2. Navigate to Dashboard Flex.Flex Dashboard pane is shown.Figure 213. Fill suitable title and description and click Save button.4. Clickto configure a new flex dashlet. Widget configuration pane is shown.Figure 2220
EventTracker: Integrating Websense Web Security Gateway5.6.7.8.9.10.11.12.13.Locate earlier scheduled report in Data Source dropdown.Select Chart Type from dropdown.Select extent of data to be displayed in Duration dropdown.Select computation type in Value Field Setting dropdown.Select evaluation duration in As Of dropdown.Select comparable values in X Axis with suitable label.Select numeric values in Y Axis with suitable label.Select comparable sequence in Legend.Click Test button to evaluate. Evaluated chart is shown.Figure 2314. If satisfied, click Configure button.Figure 2415. Click ‘customize’16. Clickto locate and choose created dashlet.to add dashlet to earlier created dashboard.21
EventTracker: Integrating Websense Web Security GatewaySample Flex DashboardsFor below dashboardDATA SOURCE: Websense WSG - Social networking category web access blockedWebsense WSG - Social networking category web access blockedWIDGET TITLE: Websense WSG - Social networking category web access blockedCHART TYPE: DonutAXIS LABELS [X-AXIS]: Source IPFILTER: User NameLEGEND (SERIES): URL NameFigure 2522
EventTracker: Integrating Websense Web Security Gateway 15 The imported Websense WSG tokens are added in Token -Value Gr oups list. Please refer Figure 12 . Figure 14. Verify Websense WSG Flex Reports 1. Logon to EventTracker Enterprise. 2. Select the Reports menu, and then select Configura
This guide applies to Websense Web Security and Websense Web Filter, Version 7.1. References to Websense software or Websense Web Security include both products, unless otherwise indicated. Websense software consists of components that work together to monitor Internet requests, log activity, apply Internet usage filters, and report on activity.
today’s social, interactive Web while lowering costs across the enterprise. Based on the Websense TRITON architecture, Web Security Gateway consolidates real-time Web 2.0 security, enterprise-class DLP, and email security, both in the cloud and on-premises. Websense Web Security Gateway s
Websense Content Gateway services may not start if port conflict exists Websense Content Gateway services (including Websen se Content Manager) do not start if there is a port conflict between Websense Content Gateway process
Websense, Inc. Websense Crypto Module Java Software Version: 1.0 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 1 Document Version: 0.9 Prepared for: Prepared by: Websense, Inc. Corsec Security, Inc. 10240 Sorrento Valley Road San Diego, California 92121 United States
Introducing Web Security Gateway Anywhere 4 Websense Web Security Gateway Anywhere To collapse a pane, click the arrows in the up per corner of the pane. To expand it, click the arrows again. You can do this on any page in the TRITON security center. Hybrid Web filtering Web Security Gateway Anywhere supports on-premises appliance as well as hybrid
Important If you are also evaluating the Websense Web Security Gateway, first perform the installation and initial configuration steps in this guide, and then follow the steps in the Websense Web Security Gateway Evaluator's Guide to install and configure the gateway. Follow the steps in this guide to: Install filtering software on a .
Introduction 6 W Websense Web Security and Websense Web Filter Other related documentation See the Deployment Guide before installing the Web filtering components for network layout. Use the Installation Organizer to record IP addresses, port numbers, keys, passwords, and other information needed during installation. If you have integrated Websense software with a firewall, proxy server, or .
Director of Army Safety Background A rmy motorcycle mishaps are on the rise. Motorcycle mishaps resulted in 155 Soldier fatalities from FY02 through FY06. Collected accident data revealed that over half of motorcycle fatalities were the result of single vehicle accidents that involved riders exercising poor risk decisions and judgment. Males between the ages of 18 and 25 years are historically .
