Subscribe to Our Youtube Channel
Related Manuals for 8e6 Technologies Threat Analysis Reporter TAR HL/SL/MSA
Summary of Contents for 8e6 Technologies Threat Analysis Reporter TAR HL/SL/MSA
- Page 1 Threat Analysis Reporter ® EVALUATION GUIDE Models: TAR HL/SL/MSA Software Version: 1.3.00 Document Version: 01.05.09...
- Page 2 This document may not, in whole or in part, be copied, photocopied, reproduced, trans- lated, or reduced to any electronic medium or machine readable form without prior writ- ten consent from 8e6 Technologies. Every effort has been made to ensure the accuracy of this document. However, 8e6 Technologies makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose.
-
Page 3: Table Of Contents
ONTENTS HREAT NALYSIS EPORTER Overview..1 Note to Evaluators..1 Install, Configure, and Test TAR... 1 1: A HAPTER CCESS THE Step 1: Launch IE..2 Step 2: Type in the URL... 2 Step 3: Log into the Application..2 2: D HAPTER RILL... - Page 4 ONTENTS 5: V HAPTER IEW A Step 1: Access Trend Charts..14 Step 2: Change the Time Span..14 6: M HAPTER ONITOR Step 1: Select Bandwidth and Outbound... 15 Step 2: Select the FTP Protocol Gauge... 15 Step 3: Select Port 21 Child Gauge.
-
Page 5: Hreat Nalysis Eporter Valuation Uide
HREAT NALYSIS Overview The Threat Analysis Reporter helps administrators manage internal Web-based threats by monitoring Internet usage information by user in real-time, and by providing proactive remediation tools to enforce the organization’s Acceptable Use Policy. Note to Evaluators Thank you for taking the time to review 8e6’s Threat Analysis Reporter (TAR) appli- ance. -
Page 6: Hapter Ccess The Tar Web Lient
1: A TAR W HAPTER CCESS THE LIENT 1: A HAPTER Step 1: Launch IE From your workstation, launch Internet Explorer to open an IE browser window. NOTE: If pop-up blocking software is installed on the workstation, it must be disabled. Information about disabling pop-up blocking software can be found in the TAR User Guide Appendix A: Disable Pop-up Blocking Software. - Page 7 1: A TAR W 3: L HAPTER CCESS THE LIENT OG INTO THE PPLICATION URL dashboard with URL gauges ECHNOLOGIES HREAT NALYSIS EPORTER VALUATION UIDE...
-
Page 8: Chapter 2: Drill Down Into Aurl Gauge
2: D URL G HAPTER RILL OWN INTO A 2: D HAPTER This section will step you through the manual monitoring of users in real-time via the URL gauge dashboard. Note that this is simply one of many ways to use TAR to monitor insider threats. -
Page 9: Time Span
Time Span Each gauge monitors events in real-time for a window of time between one and 60 minutes. This time span is customizable by the administrator. For example, if a gauge is set for 15 minutes, that gauge will indicate the number of page hits for the last 15 minutes of time. -
Page 10: Step 3: View A List Of Users Affecting A Child Gauge
2: D URL G HAPTER RILL OWN INTO A Step 3: View a List of Users Affecting a Child Gauge Double-click the child gauge to open a window containing a list of users who are responsible for driving that gauge’s score. In this example, double-click the “Spyware”... -
Page 11: Chapter 2: Drill Down Into Aurl G
HAPTER Step 5: Take Action on an Individual’s Activity In the Individual User View window, select the “Security” gauge from the list and then click the “Category View” button to view the hits and score the user obtained for each Security sub-category. The Individual User View window also lets you lock out the user from further accessing a category. -
Page 12: Step 7: View The Actual Web Page Visited By The User
2: D URL G HAPTER RILL OWN INTO A Step 7: View the Actual Web Page Visited by the User You can now view the full URL details for this specific user. In this example, select the first URL in the list and then click “Open URL” to open the actual Web page the end user visited. -
Page 13: Hapter Reate Aew Url Gauge
3: C HAPTER REATE A Step 1: Select the Gauges Menu Item In order to create a new custom gauge, select the “Gauges” menu item from the left-hand menu. This action will open a pop-up window (see Step 2). Select Gauges from left panel Step 2: Add a Gauge Group Click on the “Add Gauge Group”... -
Page 14: Step 3: Define The Gauge
3: C URL G HAPTER REATE A AUGE Step 3: Define the Gauge This section will explain how to set parameters for the new custom gauge. Define components for the gauge 1. Type in a name in the “Group Name” field (name it whatever you like). 2. -
Page 15: Chapter 3: Create A New Url Gauge Step 4: A
3: C URL G 4: A HAPTER REATE A AUGE DVANCED ETTINGS Step 4: Advanced Settings For the purposes of this demonstration, click the “Next” button to open a window where you configure advanced settings. Specify thresholds and the gauge method In this window you can specify different thresholds for each child category. -
Page 16: Hapter Reate An Utomated Lert
4: C HAPTER REATE AN UTOMATED LERT 4: C HAPTER This section will step you through the process of creating an automated threshold per user, so you can be automatically notified via email and the violating user will be automatically locked out once a threshold is exceeded. Step 1: Select Alerts In the left-hand menu tree, click “Policy”... -
Page 17: Step 3: Specify Alert Components
Step 3: Specify Alert Components Create a new alert by performing the following actions: 1. Click on one of the gauge names in the “Current Gauge” list (e.g. “Adult Content”). 2. Enable Alert Action checkboxes for “Email” and “Lockout”. 3. Type in the name for your alert in the “Alert Name” field. 4. -
Page 18: Chapter 5: View Aurl Trend Report
5: V URL T HAPTER IEW A REND EPORT 5: V HAPTER TAR lets you generate historical trend reports that show activity by URL categories and bandwidth protocols for a specified time period. These trend reports are helpful for monitoring improvement of activity in a certain category as well as providing a good tool for setting appropriate thresholds for each TAR gauge. -
Page 19: Hapter Onitor Andwidth Auges
6: M HAPTER ONITOR In addition to monitoring URL activity by user, TAR lets you view bandwidth activity by user, protocol and port for both inbound and outbound activity. This information can then be easily compared to the user’s URL activity, providing a complete picture of the user’s Web behavior. -
Page 20: Step 3: Select Port 21 Child Gauge
6: M HAPTER ONITOR ANDWIDTH AUGES Step 3: Select Port 21 Child Gauge Double-click on “Port 21” child gauge. FTP Port 21 gauge Step 4: View the User Summary Select one of the IP addresses in the list and then click the “User Summary” button. View User Summary 3: S 21 C... -
Page 21: Step 5: View Port Traffic
6: M 5: V HAPTER ONITOR ANDWIDTH AUGES RAFFIC Step 5: View Port Traffic Select the “FTP” protocol from the list and click the “Port View” button. The port traffic for this user will display for each of the ports assigned to FTP (e.g. Port 20 and 21). -
Page 22: Chaandwidthpter 7: View Aandwidth Baandwidthndwidth Trend Report
7: V HAPTER IEW A ANDWIDTH REND 7: V HAPTER As stated in Chapter 5, TAR has historical trend reports to demonstrate activity by URL categories and bandwidth protocols over a period of time. Bandwidth trend reports are helpful for monitoring bandwidth consumption improvement over time, as well as providing a good tool for setting appropriate thresholds for each TAR bandwidth gauge.
Need help?
Do you have a question about the Threat Analysis Reporter TAR HL/SL/MSA and is the answer not in the manual?
Questions and answers