Ability to report on user web searches

Reply
Highlighted
Not applicable

Ability to report on user web searches

I work in a large K-12. We had used Blue Coat for our Web Security/Proxy before moving entirely to PAN. With Blue Coat we had the ability to produce reports on users search terms. Does anyone know if this is possible within PAN-OS?

Thank you,

Patrick

Tags (3)
Highlighted
L1 Bithead

Did you ever figure out a method for reporting user search queries through the Palo Alto firewall?

Highlighted
Cyber Elite

Hello,

I could be wrong, however it only logs what url's the person visited not what they typed into a search bar.

 

Regards,

Highlighted
L7 Applicator

Try to find something that stands out in search query.

For example if you search Palo Alto Networks in Chrome search term is:

https://www.google.co.uk/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=palo%20alto%20network...

 

So you could start with something like:

( url contains 'www.google' ) and ( url contains 'q=' ) and !( url contains 'doubleclick' )

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI
Highlighted
Cyber Elite

Or perhaps something like safe search. While it may not report on what is typed, it may prevent the kids from seeing things they shouldnt...

 

https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/url-filtering/enable-safe-search-enf...

 

Just another thought...

Highlighted
L7 Applicator

Also keep in mind that if you don't decrypt then URL log shows only www.google.com/ as this is visible on the certificate.

Actual search term goes inside encrypted payload.

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI
Highlighted
L1 Bithead

Thanks for the good info.

 

Build in reporting of search queries, especially suspicious keywords, would be a nice feature to add for K-12 customers who need to stay CIPA compliant.

 

We still like our PA-3020 though, for all the other great work it does for us. 

Highlighted
L3 Networker

Agreed.

 

We have been wanting this feature for 3 years now and have brought it up to Palo and logged it as a feature request.  It must not be a priority for Palo.

 

The best product in this regard was Lightspeed Systems content filter.  They have a very nice reporing system and logging layout.  It would also log keyword searches by user and give daily reports and real-time data on them.  Sadly, the rest of the product wasn't great, but reports and kwd searches/reports were spot-on.

 

I'd love to have this in Palo.  I hate their reporting and have wanted an overhaul since the beginning.  Being a K12 school district, we have different needs than corporate sector.

L1 Bithead

+1 on Lightspeed Rocket being great at reporting details. We are needing to refresh our Rocket appliance hardware this year. $20k for a new appliance and 1 year of web filtering, and MDM. I'd gladly put that funding toward a redundant PA-3020 if PAN-OS were more configurable for K-12 environments. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!