Filename capturing not working...

Reply
L1 Bithead

Filename capturing not working...

Hi everyone,

Is it possible to capture filenames as they are uploaded to dropbox, box.com, justcloud.com, etc...?

We "should" be decrypting the traffic according to our decryption policy. Well it at least shows the flag decrypted in the packet capture. But.....I'm not seeing the filename anywhere. We'd like to know who transferred what to where and when for cloud storage. Is this possible?

Please and thanks,

Mark

Tags (1)
Highlighted
L4 Transporter

Re: Filename capturing not working...

hello

your security policy is configured may be with service application default. may be when you decrypted the the session the flow stop to match you policy because you tried to catch the application name on the 443 port and now the traffic is not seen as SSL.

be sure that you create asecurity policy which match the good app on the good tcp port like 443, and apply on it the security profile which handle the file blocking action.

regard's

L5 Sessionator

Re: Filename capturing not working...

Set the action for the URL category of Dropbox as alert and also try creating a file blocking profile and set the action as alert. Apply that file blocking profile to the security policy. Then check the traffic, URL filtering logs.

Rate the helpful answers

L1 Bithead

Re: Filename capturing not working...

Thanks guys, that's exactly what I was looking for. The filetypes were excluded from the outbound file blocking profile rule so it was never triggered.

Much appreciated!!!!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!