https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222335#M63948 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/76179">@AzerbaijanSupermarkets</a></P><P>As mentionned by <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43480">@BPry</a>, in my eyes this is a job for an email relay/gateway server, not really for a firewall.</P><P>&nbsp;</P><P>(Except maybe if FR 1255 sometimes will be implemented? <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a>: what exactly is this FR about? Logging of sender and receipient in smtp connections?)</P> Sun, 15 Jul 2018 16:48:23 GMT Remo 2018-07-15T16:48:23Z https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222151#M63903 <P>Good day to everyone!</P><P>I have such a case: I have to find out which users send email to ecober.com.</P><P>I have researched, but couldn't find any useful information.</P><P>Which filters should I use in monitor tab?</P><P>Thanks in advance!</P> Fri, 13 Jul 2018 08:04:05 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222151#M63903 AzerbaijanSupermarkets 2018-07-13T08:04:05Z https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222216#M63916 <P>you can reach out to your local sales team and have them add your vote to&nbsp; Feature Request FR 1255</P> Fri, 13 Jul 2018 13:53:12 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222216#M63916 reaper 2018-07-13T13:53:12Z https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222223#M63920 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/76179">@AzerbaijanSupermarkets</a>,</P><P>Generally one would look up the MX records for ecober.com (currently 173.203.187.1 and 173.203.187.2) and then you could utilize that within your search. The issue that you'll run into however is that the user is likely going through a relay server and won't actually show as 'source-user x connected to 173.203.187.1' from the firewall. This is where logging on your email server or email gateway will have to be reviewed and you'll have to see which users actually sent emails to 'ecober.com' or the addresses recorded in their MX record.&nbsp;</P><P>&nbsp;</P><P>Hopefully that helps.&nbsp;</P> Fri, 13 Jul 2018 14:21:37 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222223#M63920 BPry 2018-07-13T14:21:37Z https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222228#M63923 <P>Would it be possible to identify the recipient domain in a custom app&nbsp;by matching smtp-req-argument?</P><P>Then simply&nbsp;report on&nbsp;that application</P> Fri, 13 Jul 2018 14:37:01 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222228#M63923 JoeAndreini 2018-07-13T14:37:01Z https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222335#M63948 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/76179">@AzerbaijanSupermarkets</a></P><P>As mentionned by <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43480">@BPry</a>, in my eyes this is a job for an email relay/gateway server, not really for a firewall.</P><P>&nbsp;</P><P>(Except maybe if FR 1255 sometimes will be implemented? <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a>: what exactly is this FR about? Logging of sender and receipient in smtp connections?)</P> Sun, 15 Jul 2018 16:48:23 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222335#M63948 Remo 2018-07-15T16:48:23Z https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222359#M63953 <P>Thank you all for your replies.</P><P>Yes, we made this report using our local mail server.</P><P>But, we can't filter other mail applications (like gmail, yahoo and etc.).</P><P>This is still an issue.</P> Mon, 16 Jul 2018 06:14:02 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222359#M63953 AzerbaijanSupermarkets 2018-07-16T06:14:02Z https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222373#M63956 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/16592">@Remo</a>&nbsp;wrote:<BR />&nbsp; <P>(Except maybe if FR 1255 sometimes will be implemented? <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a>: what exactly is this FR about? Logging of sender and receipient in smtp connections?)</P> <HR /></BLOCKQUOTE> <P>&nbsp;</P> <P>FR1255 requests to add sender and receiver email address in the threat logs</P> Mon, 16 Jul 2018 10:47:34 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-monitor-web-activity-using-domain-name/m-p/222373#M63956 reaper 2018-07-16T10:47:34Z