Support Center

Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Site insert in Multiple category

Max Monterumisi Mar 02, 2017 08:44AM PST

Hi,
I import from Fastvue Syslog the Palo Alto Threat record.
Under the node "USERS" in the node "SITE DOMAIN" I select this fields:

Origin Domain | Category | Total Browsing Time | Hits |

The problem is with some site, for examples ilmeteo.it
In some case in the table I have:
Origin Domain | Category |
ilmeteo.it | computer-and-internet-info |
ilmeteo.it | web-advertisements |
ilmeteo.it | business-and-economy |
ilmeteo.it | news |
ilmeteo.it | social-networking |
ilmeteo.it | content-delivery-networks |
ilmeteo.it | search-engines |

crazy?!?!?!?
I double check in the Thread logs direct on my firewall and every time a user navigate over xxxxxx.ilmeteo.it Palo Alto assign only "news" as Category.
Then..... where Fastvue retrive this value ?

Up 0 rated Down
Fastvue Mar 02, 2017 09:02AM PST FASTVUE Agent
Hey Max,

Thanks very much for getting in touch about this.

Palo Alto's URL filtering and categorization works on the entire URL, not just the domain.

For example:
ilmeteo.it/pc-hardware/computers/ would get categorised as 'computer-and-internet-info'
ilmeteo.it/ads/buywebspynow/greatdeal.jpg would get categorised as 'web-advertisements'
ilmeteo.it/business/ would get categorised as 'business-and-economy'
... and so on.

WebSpy Vantage is therefore showing a separate row for each unique combination of site and category.

I recommend having two additional nodes in your report. One showing just the Site Domain column (actually, I suggest using the 'Origin Domain' column instead for a cleaner list of websites), and another node just showing the 'Category' column. This will provide you with summarised information for sites, and summarised information for categories.

I hope this helps! Let me know how you go!

Cheers!
Scott
Up 0 rated Down
Max Monterumisi Mar 03, 2017 07:35AM PST
Thank you Scott for the answer.
I do not want Fastvue perform an analysis according to its categories, I would like that used ONLY the categories of Palo Alto, as indicated in each line of the thread log file.
how I can do ?
Up 0 rated Down
Fastvue Mar 03, 2017 07:40AM PST FASTVUE Agent
Hey Max,

The categories shown in your report _are_ the categories that Palo Alto has logged for ilmeteo.it.

Your report is only showing the 'domain' part of the URL, but Palo Alto is categorizing the full individual URLs on that site - which includes advertising, news, CDNs and so on.

If you change the 'Origin Domain' column to 'Site URL' then re-run the report, you'll see the full URLs and get a better idea of why Palo Alto is categorizing them this way.

I hope that makes sense.

Cheers!
Scott
Up 0 rated Down
Fastvue Mar 13, 2017 02:12AM PDT FASTVUE Agent
Hey Max,

I'm just checking in to see how everything is going with WebSpy Vantage? Did the last email help answer your questions?

Please let us know if there is anything else we can help you with!

Cheers!
Scott

Post Your Public Answer

Your name (required)
Your email address (required)
Answer (required)

Contact Us

support@fastvue.co
http://assets0.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete