Websense
WebsenseWebproxy normalizes WebsenseWebproxy events and enables you to analyze the data using a dashboard.
Release Details
Version: 5.3.0
Release Date: May 02, 2024
Supported On: Logpoint v7.4.0 or later for log source template
SHA 256: 57815e136286bfb71cfb55a4ec26a917521f78ecc052b6230512511a70d34075
Documentation: Websense guide
Download
Enhancement
Description |
Issue ID |
Reference ID |
---|---|---|
Added Syslog Collector based Forcepoint log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template. |
KB-22676 |
- |
Past Releases
Websense v5.2.0
Release Date: June 29, 2022
Supported On: Logpoint v6.7.0 or later
Download: WebsenseWebproxy_5.2.0.pak
SHA256: 8c535b7f3b8866f39c762adc733b06a197b1e150e27b592ec7c0fb9cc358ed81
Enhancements
Description |
Issue ID |
Reference ID |
---|---|---|
Added new signatures in LP_Websense Webproxy to normalize Forcepoint Email Security logs. | KB-16340 | 64832 |
Changed the name of the facility field to device_facility. | KB-17213 | - |
Parsed the message field into subject and message. |
KB-17213 | - |
Bug Fix
Description |
Issue ID |
Reference ID |
---|---|---|
Some Websense logs were not normalized by WebsenseWebproxyCompiledNormalizer. | KB-12612 | 53643 |
Websense v5.1.0
Supported On: Logpoint v6.7.0 or later
Enhancements
- The application is now updated to split the logs when an attachment contains multiple files with corresponding hash values. Each split log contains the fields file and hash, which extracts the name of an attachment and hash value. Additionally, it includes the fields file_value and hash_value with all file and hash values separated by a colon.
- The taxonomy of the following fields is changed to maintain for consistency:
Application | Previously Used Field Name | Modified Field Name |
---|---|---|
WebsenseWebproxyCompiledNormalizer | duser | target_user |
suser | user | |
logrecordsource | log_record_source | |
delivery_code_info | delivery_code_information | |
host | device | |
host_address | host [in the header] |
Bug Fixes
The following issues have been resolved:
- An issue in WebsenseWebproxyCompiledNormalizer where the Websense Webproxy logs were not properly normalized when the field user captured the none value.
- An issue in WebsenseWebproxyCompiledNormalizer where a trailing quotation mark was missing in the field url.
- An issue where some Websense Webproxy logs were not normalized when fields with '-' or the n/a value were extracted from the field user.
- An issue in WebsenseWebproxyCompiledNormalizer where the fields reason and trueSrc were missing.
- An issue in WebsenseWebproxyCompiledNormalizer where the value for the field sender was not properly parsed.
- An issue where some Websense Forcepoint logs were not normalized when the field log_ts captured a 13 digits timestamp value when it could handle only a 10 digits timestamp.
- An issue in some Websense Forcepoint logs where the field hash had a null value.
Websense v3.5.0
Release date: May 14, 2020
SHA 256: e00893847215d25d31e572851ddaecc5eedd62d2445c7f7b255b816b4b057ee9
Download: WebsenseWebproxy_3.5.0.pak
Enhancement
A minor update has been done in the Websense's normalizer for better signature handling.
Support
If you have any questions or require assistance, create a support ticket.
Comments
Article is closed for comments.