Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Ability to report on user web searches

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Ability to report on user web searches

Not applicable

I work in a large K-12. We had used Blue Coat for our Web Security/Proxy before moving entirely to PAN. With Blue Coat we had the ability to produce reports on users search terms. Does anyone know if this is possible within PAN-OS?

Thank you,

Patrick

8 REPLIES 8

L1 Bithead

Did you ever figure out a method for reporting user search queries through the Palo Alto firewall?

Cyber Elite
Cyber Elite

Hello,

I could be wrong, however it only logs what url's the person visited not what they typed into a search bar.

 

Regards,

Try to find something that stands out in search query.

For example if you search Palo Alto Networks in Chrome search term is:

https://www.google.co.uk/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=palo%20alto%20network...

 

So you could start with something like:

( url contains 'www.google' ) and ( url contains 'q=' ) and !( url contains 'doubleclick' )

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Or perhaps something like safe search. While it may not report on what is typed, it may prevent the kids from seeing things they shouldnt...

 

https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/url-filtering/enable-safe-search-enf...

 

Just another thought...

Also keep in mind that if you don't decrypt then URL log shows only www.google.com/ as this is visible on the certificate.

Actual search term goes inside encrypted payload.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

L1 Bithead

Thanks for the good info.

 

Build in reporting of search queries, especially suspicious keywords, would be a nice feature to add for K-12 customers who need to stay CIPA compliant.

 

We still like our PA-3020 though, for all the other great work it does for us. 

Agreed.

 

We have been wanting this feature for 3 years now and have brought it up to Palo and logged it as a feature request.  It must not be a priority for Palo.

 

The best product in this regard was Lightspeed Systems content filter.  They have a very nice reporing system and logging layout.  It would also log keyword searches by user and give daily reports and real-time data on them.  Sadly, the rest of the product wasn't great, but reports and kwd searches/reports were spot-on.

 

I'd love to have this in Palo.  I hate their reporting and have wanted an overhaul since the beginning.  Being a K12 school district, we have different needs than corporate sector.

+1 on Lightspeed Rocket being great at reporting details. We are needing to refresh our Rocket appliance hardware this year. $20k for a new appliance and 1 year of web filtering, and MDM. I'd gladly put that funding toward a redundant PA-3020 if PAN-OS were more configurable for K-12 environments. 

  • 4944 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!