Jenova
-
Content Count
5 -
Joined
-
Last visited
-
Web protection reporting detections in ESMC after update
Jenova replied to Cousin Vinny's topic in Remote Management
I've had my Web control rules logging level set to "warning" for couple of months already but they began to appear in detections only after last ESMC update. -
Web protection reporting detections in ESMC after update
Jenova replied to Cousin Vinny's topic in Remote Management
ok, got it. Thanks for info! -
Web protection reporting detections in ESMC after update
Jenova replied to Cousin Vinny's topic in Remote Management
And what exactly does "appropriate severity" mean in this situation? Logging level is set to "warning" for those rules. -
Web protection reporting detections in ESMC after update
Jenova replied to Cousin Vinny's topic in Remote Management
I have several rules blocking specific URL groups (which were created manually) in Web Control settings and user attempts to open those URLs also generate detections after last ESMC update. -
Web protection reporting detections in ESMC after update
Jenova replied to Cousin Vinny's topic in Remote Management
It is indeed annoying and not something to worry about, just informational thing. It doesn't look suitable for "threat/detection" term - if you've got an event there it means the access was definitely blocked (not like file scanning for example: found a threat - was it cleaned? removed? just detected? Such events required attention) It would be much better to move it to reports section (Web control category is missing at the moment) and create default dashboard item "Web control detections" with web control logs (which I have done myself manually). If you need it to be part of Detections, please make it optional category, not default.