Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
The current version of Websense Web Security allows reports to include IP addresses if each is added individually. I would like to request that the reporting features include filtering based upon a user-specified IP subnet. This feature should honor IP/netmask, CIDR notation, and specifying a custom IP range. For example, a report filter would be able to support filtering using any of the following methods:
This would be really useful. We have multiple office locations, with a particular address block assigned to each location, and being able to run investigative reports for IP blocks would allow us to see data for each location. One place in TRITON this would be useful is on the investigative reports page, in the "Search for" drop-down, when source IP or destination IP are selected.
I've not tried your examples. But have you tried just specifying a partial address? When I select source IP = "192.168.24.", I get a report of all IPs in the 192.168.24.0/24 IP block.
Yep, and that option works as long as all of the subnets I would ever want to filter on are /24. If they are not, the task becomes much more difficult. For example, say I want to create a report that shows all users who use the FTP protocol to a destination host registered in Russia. In this instance the issue becomes more apparent.
Okay, so yes, I've done those types of investigative searches also, and it is not fun. CIDR and/or IP range search capability would be a very useful feature and I add my vote for it.
(Sorry, sto6ma9ch, but I assumed from the example you initially provided that you were requesting this enhancement for source IP type queries. I understand now.)
This option have been added to 7.7.3 release, you can now report by subnet by using the Investigative reports.
