Additional logging for SSL Certificate Verification Incidents

Reply

Andrew Hoying Posted: 13 Mar 2012 8:47 AM

rated by 0 users

In order to track down infected systems on my network I really need the ability to see the source IP, and preferably the destination IP and host name, for SSL Validation Incidents in either the SSL Incidents report or in any log files generated. This is a critical feature request and would significantly help with an active investigation.

Reply

phylliszh replied on 15 Mar 2012 11:59 PM

rated by 0 users

Hi,

Thank you for inquiring about a new feature in Web Security Gateway.  Your request (FR201203-4415) has been entered into our Feature Request tracking system, and our Product Management team will review it within the next 30 days.  If you need a response sooner, we recommend that you open a case with Technical Support.  When the request is reviewed, the product manager will decide whether to accept this for future consideration or ask for more information.  Please note that Websense receives a high volume of feature requests, and as such Websense cannot include all of these requests in the next product release.  That said, the product team is constantly revisiting the list of requests to determine the features that have been most frequently requested, so that the highest priority features are addressed.

We look forward to your continued participation in the Websense community and welcome your active involvement in our product direction.

Phil

Reply

kscott replied on 13 Jun 2012 10:09 AM

rated by 0 users

I was about to put in a request for this myself.  It would be beneficial to see an IP address or user or some identification of who tried to get to the website that triggered the ssl incident.  I would think this would be best if added as another 'User/IP' column on the SSL -> Incidents page.