Investigative reports reference
The information that can be displayed in an investigative report depends on what elements are already selected. If you are looking at requests by user, for example, you cannot add group information. Likewise, if you are looking at a report by category, you cannot simultaneously view risk class data.
The table below lists the types of data that can be displayed in an investigative report. If you have drilled down into the data to create a detail report, these are the columns that you can add to the report to create a custom view of the data.
| Column Name | Description |
|---|---|
| User | Name of the user who made the request. User information must be available in the Log Database to include it on reports. Group information is not available in user-based reports. |
| Day | Date the Internet request was made. |
| URL Hostname | Domain (host) name of the requested site. |
| Domain | Directory service domain for the directory-based client (user or group, domain, or organizational unit) that made the request. |
| Group | Name of the group to which the requester belongs. Individual user names are not given on group-based reports. If the user who requested the site belongs to more than one group in the directory service, the report lists multiple groups in this column. |
| Risk Class | Risk class associated with the category to which the requested site belongs. If the category is in multiple risk classes, all relevant risk classes are listed. |
| Directory Object |
Directory path for the user who made the request, excluding the user name. Typically, this results in multiple rows for the same traffic, because each user belongs in multiple paths. If you are using a non-LDAP directory service, this column is not available. |
| Action | Action the software took as a result of the request (for example, category permitted or category blocked). |
| Source Server |
IP address of the component sending requests to Filtering Service. This may be Content Gateway, Network Agent, or a third-party integration product. With the Web Hybrid module, use this option to identify requests managed by the hybrid service from both on-site (filtered location) and off-site users. |
| Protocol | Protocol of the request (for example, HTTP or FTP). |
| Protocol Group | Forcepoint URL Database group in which the requested protocol falls (for example, Remote Access or Streaming Media). |
| Source IP |
IP address of the machine from which the request was made. With the Web Hybrid module, you can use this option to review requests coming from a specific hybrid filtered location. |
| Destination IP | IP address of the requested site. |
| Full URL | Domain name and path for the requested site (example: http://www.mydomain.com/products/ref=abc123?string/). If you are not logging full URLs, this column is blank. |
| Month | Calendar month the request was made. |
| Port | TCP/IP port over which the user communicated with the site. |
| Bandwidth |
The amount of data, in kilobytes, contained in both the initial request from the user and the response from the website. This is the combined total of the Sent and Received values. |
| Bytes Sent | Number of bytes sent as the Internet request. This represents the amount of data transmitted, which may be a simple request for a URL, or may be a more significant submission if the user is registering for a website, for example. |
| Bytes Received |
Number of bytes received from the Internet in response to the request. This includes all text, graphics, and scripts that make up the site. For sites that are blocked, the number of bytes varies according to the software creating the log record. When Network Agent logs the records, the number of bytes received for a blocked site represents the size of the block page. If the log record is created by Content Gateway, as a result of analysis, the bytes received represents the size of the page analyzed. If a third-party integration product creates the log records, the bytes received for a blocked site may be zero (0), may represent the size of the block page, or may be a value obtained from the requested site. |
| Time | Time of day the site was requested, shown in the HH:MM:SS format, using a 24-hour clock. |
| Category | Category to which the request was assigned. This may be a category from the Forcepoint URL Database or a custom category. |