01-14-2016 11:00 PM
Wasn't sure which category/group to post this one in, but here goes!
Challenge: We have a customer who needs to log/record ALL web destinations visited by ALL users, with timestamps to correlate information. This is for audit/accountability purposes. I.e. "User A" was reported as posting something naughty on any minor-forum website etc. on date X. This data then needs to be reported/audited sensibly so relevant data can be found. Note additionally, this will be modelled on a service/design leveraging web-logins. Some aspects of this are a given. I.e. we'll likely use Clearpass to align a username to device/IP (at any given moment). And Airwave will likely be used to provide history etc.
KEY: My gut feel is that we can't do this with Aruba products alone? The key gap being alignment of the detailed-destinations to specific users, and having that data recorded against a timeline...?
So with Airwave, I can produce reports. But even within the AppRF reports, it's not very centric around destinations vs. users. It's more interested in "top" applications and destinations broadly speaking, and the "top 10 users" only looks at Apps. So this doesn't quite hit the brief.
With controllers, whilst we could enable syslog targets, I can't establish a direct method for giving complete data from them alone - I.e. enabling logging against role-acls (all HTTP/HTTPs for instance) would achieve "source/dest/time" log, but the source/dest are in IP format. So that gives us a gap in terms of correlating the destination to an FQDN. And manually resolving that would be a nightmare (so some other "product" is needed). I'm also mindful that FQDN>PublicIP is pretty changable. Especially with some less ligitimate destinations in mind.
So this leads me to belive we'd need something else sat behind it? Like a Palo-Alto or similar? I.e. something that could record and correlate automatically?