Professional Documents
Culture Documents
COPYRIGHT
Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
Contents
Preface
About this guide . . . . . . . . . . . . . . . . Audience . . . . . . . . . . . . . . . . Conventions . . . . . . . . . . . . . . . What's in this guide . . . . . . . . . . . . Finding product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
5 5 5 6 6
11
11 12 12 13 14
My Profile
Profile settings overview . . . . . . . . . . . . . . Enter default email settings . . . . . . . . . . . . . Select the number of report results per page . . . . . . Assign the number format . . . . . . . . . . . . . Select the date and time format . . . . . . . . . . . Set up the summary report that appears at logon . . . . View delegated reports settings for your account . . . . Change your password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15
. 15 15 16 . 16 . 17 . 17 . 18 18
19
. 19 19 21 . 22 22 . 24 . 25 26 . 28 29 . 29 . 29
Queries
31
Preconfigured queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Contents
Custom queries . . . . . . . . . . . . . . . . . . . . . . . . . Query types . . . . . . . . . . . . . . . . . . . . . . . . Query columns and order . . . . . . . . . . . . . . . . . . Query-level filters . . . . . . . . . . . . . . . . . . . . . . Query layout . . . . . . . . . . . . . . . . . . . . . . . . Query configuration . . . . . . . . . . . . . . . . . . . . . . . . Select query and data types . . . . . . . . . . . . . . . . . Configure query-level filters . . . . . . . . . . . . . . . . . Set up query layout . . . . . . . . . . . . . . . . . . . . . Query management . . . . . . . . . . . . . . . . . . . . . . . . Copy queries . . . . . . . . . . . . . . . . . . . . . . . . Delete queries . . . . . . . . . . . . . . . . . . . . . . . Share queries . . . . . . . . . . . . . . . . . . . . . . . View query use . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. 32 . 32 . 33 33 34 . 34 . 35 . 35 . 36 . 37 37 . 37 . 38 38
Filters
Filters overview . . . . . . . . . . . . . . . . . . Filter types . . . . . . . . . . . . . . . . . Preconfigured filters . . . . . . . . . . . . . . . . . Custom filters . . . . . . . . . . . . . . . . . . . Add or edit filters . . . . . . . . . . . . . . . . . . Copy filters . . . . . . . . . . . . . . . . . . . . Share filters . . . . . . . . . . . . . . . . . . . . View filter use . . . . . . . . . . . . . . . . . . . Remove a filter from reports . . . . . . . . . . . . . Delete a filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
. 39 . 39 41 . 41 . 41 . 41 . 42 . 42 . 43 . 43
Advanced Reports
Advanced report definition overview . . . . . . . . . . . . . . . . . . . . Preconfigured advanced report definitions . . . . . . . . . . . . . . . User-configured advanced reports . . . . . . . . . . . . . . . . . . Configure advanced reports definitions . . . . . . . . . . . . . . . . . . . Use the Report Console . . . . . . . . . . . . . . . . . . . . . . Name and select the queries for advanced reports . . . . . . . . . . . Select filters and dates for advanced reports . . . . . . . . . . . . . . Use advanced settings to get multiple reports . . . . . . . . . . . . . Get advanced report results . . . . . . . . . . . . . . . . . . . . . . . Run an advanced report immediately . . . . . . . . . . . . . . . . . Schedule advanced reports . . . . . . . . . . . . . . . . . . . . . Manage advanced reports and report schedules . . . . . . . . . . . . . . . . Edit advanced reports and report schedules . . . . . . . . . . . . . . Copy advanced reports and report schedules . . . . . . . . . . . . . . Disable report schedules . . . . . . . . . . . . . . . . . . . . . . View the use of an advanced report definition . . . . . . . . . . . . . Import advanced report definitions . . . . . . . . . . . . . . . . . . Export advanced report definitions . . . . . . . . . . . . . . . . . . Delete advanced report definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
45
45 45 45 46 46 47 47 48 49 49 50 50 51 51 51 52 52 52 53
A B C
55 57 67 71
Preface
This guide provides the information you need to use the product. Contents About this guide Finding product documentation
Audience
McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Users People who use the computer where the software is running and can access some or all of its features.
Conventions
This guide uses the following typographical conventions and icons. Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis. Bold User input or Path
Code
Text that is strongly emphasized. Commands and other text that the user types; the path of a folder or program. A code sample. Words in the user interface including options, menus, buttons, and dialog boxes. A live link to a topic or to a website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product.
The McAfee Web Reporter creates reports that show you how people in your organization are using the Internet. McAfee Web Reporter provides the reporting tools to identify issues in your organization such as liability exposure, productivity loss, bandwidth overload, and security threats. You can use this information to modify web use policies and provide guidance for appropriate Internet use in your organization. Use McAfee Web Reporter with McAfee Web Gateway, McAfee SiteAdvisor Enterprise software, McAfee SmartFilter software, and other third-party web filtering solutions. Contents McAfee Web Reporter overview Report options Report language options
Report options
In McAfee Web Reporter, there are various types of reports that give you different levels of detail. When creating custom and advanced reports, you can select display options or layout options for additional customization. McAfee Web Reporter offers three types of reports: summary reports, custom reports, and advanced reports. Each report type has a different purpose and its own configuration settings.
Table 1-1 Report types Report type Definition Summary Summary reports are the most condensed type of reports and are accessible from the Quick View menu. These reports are preconfigured reports that provide a snapshot of recent web activity. Report types include sites, user names, user IP addresses, categories, malware, web reputation, protection areas, and actions. In addition to viewing these reports in the McAfee Web Reporter window, you can send or store summary reports in additional formats using one of the supported localized languages and include a logo. Custom reports are accessible from the Quick View menu and provide more detail than summary reports. Custom reports allow you to select which data to include in a report, save the report as a favorite or advanced report, and schedule it to run regularly. You can view custom reports in the McAfee Web Reporter window or send or store the reports. When you choose to send or store the reports, you can select one of the available file types, reformat the fields using an available language, and include a logo. Advanced reports provide the most amount of detail. Advanced reports use queries and filters, and offer additional options such as layouts, graphs, and query-level filters. Using all the options, you decide which data to put in the report and the amount of detail to display.
Custom
Advanced
Select from the following list of languages: Chinese (Simplified) Chinese (Traditional) English (US) French German Italian Japanese Korean Portuguese Russian Spanish
Log on to the McAfee Web Reporter web-based user interface, where you create and view reports. Contents Log on to McAfee Web Reporter User interface basics
If the sites certificate is not verified because it is self-signed, take the necessary action in your browser to continue to the site. 2 3 4 5 If prompted to install the Java Runtime Environment (JRE), click Yes. The JRE is required to open the McAfee Web Reporter interface. Type your user name and password. Click Options and select the directory your user name and password belong to. Click Log On.
11
Navigation bar
The navigation bar contains buttons that correspond to the features in McAfee Web Reporter. After clicking a button, you are presented with submenus. The navigation bar is your first step in accessing various windows throughout McAfee Web Reporter. Features include: Quick View Displays two types of condensed interactive reports for your organizationsummary and custom Here, you can also save custom reports as favorite reports. Use Quick View reports to select a preconfigured summary report to view the current weeks data or create a custom report to view specific data for any time period. Reports Gives you the ability to create reports with more specific detail (advanced reports) than Quick View reports Create customized advanced reports by using data filters and advanced queries. You can also schedule advanced reports to run whenever and however you want them. My Profile Determines account preferences and the default Quick View summary report, displays delegated reports access you have, and the option to change your McAfee Web Reporter account password Administration (for administrator accounts only) Gives administrators the ability to set up McAfee Web Reporter for use in your organization For more information about this menu, see the McAfee Web Reporter Product Guide.
12
Toolbars
Toolbars provide an additional way to further customize what you see on a window in McAfee Web Reporter. There are a few different toolbars available depending on which window is displayed. Toolbars are located at the top of the list for Quick View and Reports windows.
Table 2-1 Toolbar options Number Option 1 2 3 4 5 6 7 8 9 Back Save Report Send Report Schedule Report Bar Graph Table Hits Percent Hits Bytes Definition Displays the previously viewed report Saves a custom report as a favorite or advanced report Stores a summary or custom report on the McAfee Web Reporter server or sends it through email or FTP Sets the schedule, such as frequency, format, delivery, and delegation, for a custom report Displays the summary or custom report data in bar graph format Displays the summary or custom report data in table format Displays or hides the total number of hits per category for a custom report Displays or hides the percentage of total hits per category in a custom report Displays or hides the total number of bytes per category for a custom report
13
Table 2-1 Toolbar options (continued) Number Option 10 11 12 13 14 15 16 17 18 Percent Bytes Current page of total pages Results Find Find Now Clear Reports Dates Display Definition Displays or hides the percentage of total bytes per category in a custom report Displays the current page number in view and the total number of pages for a custom report; also available for advanced reports Displays the number of results present in a custom report; also available for advanced reports Defines all or part of a filter name to search for Searches the filters list for matches to what you typed in the Find field Clears any search terms entered in the Find field Lists the names of advanced reports in the Reports Results list Lists time-range options used to filter the Report Results list Specifies the type of filters to display in the list
14
My Profile
Profile settings define your account preferences, such as recipient and sender email addresses for emailed reports, the formats for dates, times, numbers that appear in the user interface and reports, and the summary report that appears on logon. Contents Profile settings overview Enter default email settings Select the number of report results per page Assign the number format Select the date and time format Set up the summary report that appears at logon View delegated reports settings for your account Change your password
15
Task 1 2 3 Go to My Profile | Preferences. Type the full email addresses for the recipient and sender. Use commas (no spaces) to separate multiple email addresses. Click Save.
Task 1 2 3 Go to My Profile | Preferences. From the Results per page drop-down list, select the number. Click Save.
16
In the Decimal separator field, type the separator. Values available are comma (,), period (.), or clear the field to use a blank space to separate thousands. The default is period (.). Examples: 123.456.789 123,456,789 123 456 789
Click Save.
17
18
Quick View reports are interactive real-time reports that give you a condensed view of data within the McAfee Web Reporter user interface. With Quick View reports, you can select from predefined reports, create your own reports, and save reports as favorites. Contents Quick View reports overview View Quick View reports Send Quick View reports Schedule favorite or custom reports
Summary reports
Summary reports are preconfigured interactive real-time reports that display activity for today, yesterday, and the past seven days. The preconfigured summary reports are part of the Quick View report feature that gives you an overview of network activity for your organization. Summary reports also offer drilldown capabilities for you to see more refined detail about any of the available data. The first report you see after logging on to McAfee Web Reporter or when you click Quick View is the default summary report. When a summary report is displayed, you can use buttons on the report toolbar to send the report, and switch between table and bar graph formats for most reports.
19
Actions
The Actions report shows the actions (Allow, Block, Bypass, Monitor, Override, and Warn) taken on website requests made today, yesterday, and during the past seven days. For example, you suspect a user has unofficial access to override blocked websites. You can use this report to determine if there is a large amount of override actions and to which user this access belongs.
Categories
The Categories report shows which TrustedSource database categories visited websites fall into. Categories are shown as they exist in the log source or the TrustedSource database. In addition to categories, you can sort the data on category reports by risk groups. Risk groups exist to identify the primary risks associated with a category of URLs. Each category falls into one of the seven risk groups. McAfee Web Reporter includes All as a selection to include categories from all risk groups. For example, you view a categories report that displays the top categories of URLs requested on your network during the previous week. After evaluating the data, you might find there is too much activity associated with non-business websites, or there is a need for access to business-related websites that you are currently blocking. Using this data, you can modify your filtering policy to be more effective for your organization.
Malware
The Malware report shows the malware your organization is exposed to when users visit websites. For example, your network is infected with a particular malware and you need to find which website it originated from. Using this report, you can determine which website the malware came from, when, and which user accessed the site. Using this report, you can modify your filtering policy appropriately.
Protection Areas
The Protection Areas report shows which protection area visited sites were filtered through. Protection areas are defined by the security feature that filtered the site. For example, some sites were blocked but the reason is not obvious. Using this report, you can determine the reason sites were blocked.
Sites
The Sites report shows a list of the most visited websites in your organization. In addition to highlighting web surfing trends at the site level, these reports make it easy to identify popular sites that do not fall into standard categories, helping you determine whether you should modify your filtering policy. For example, you might suspect that some users are viewing non-work related sites, but you cannot manage access to these sites because the sites do not fall into a specific category. You can view a site report for the group that lists the top sites viewed by users in that group. After you determine which sites users in the group are consistently requesting, you can add these sites to a user-defined category, then include the category in the policy currently assigned to this group.
20
User Groups
The User Groups report shows which groups have users with active web usage. This report is helpful when you want a report for groups in your organization. For example, you want to see which groups have the highest amount of web activity. Use the User Groups report to view a list of groups with the number of bytes and hits.
User IPs
The User IPs report shows web usage for IP addresses within your organization. This report is helpful when you want reports for departments based on IP addresses or ranges. This report is also helpful to pinpoint and curb productivity issues. For example, you are a system administrator responsible for a small network with statically assigned IP addresses, but no central authentication server. Using McAfee Web Reporter, you can view a User IP report that lists those IP addresses with the most web activity. You can then click an IP address in the first column to view a list of accessed sites with the time and day they were accessed.
User Names
The User Names report shows user names with active web usage. This report shows which sites the users visit. This type of report is particularly useful in helping you pinpoint and curb productivity problems and address other concerns. For example, you might suspect that some users are abusing Internet access by surfing the Internet for hours at a time during the workday. Using McAfee Web Reporter, you can view a user report that lists those users with the most Internet activity. You can then click a user name in the first column to view a list of sites that were viewed and the day and time they were viewed.
Reputation
The Reputation report shows the reputation rating for the most visited websites. This report is helpful to determine if users are going to sites that might expose the organization to harmful content or other security issues. For example, you would like to set up a filtering policy that blocks unverified sites, but need to check a list of those sites to see if it would be blocking sites your users need to access. Using this report, you can see the sites users have visited that are rated as Unverified and discuss the need to access these sites with users or groups. Based on your findings, you can adjust your filtering policy.
Custom reports
Custom reports are interactive real-time summary reports with additional display options and settings you can customize. Custom reports display data much like summary reports, but with custom selections. You can select the type of data, dates, and additional display options to create a custom report. Dates You can select a predefined date range, choose your own start and end date, and if you select Today or Yesterday, you can narrow your results even more by selecting an hourly time range. Report type These are the same report types found on the Summary tab of the Quick View window. Filters All filter types are available. You can select a preconfigured filter or create a new filter. Display options Using these options, you can modify the report data that appears.
21
For example, select Current week as the date and Category activity for as the report type and Productivity as the filter to see which productivity categories have URLs that were accessed this week. You can then drill down to view more details, such as the URL, user name, and more. See also Select filters and dates for advanced reports on page 47 Use advanced settings to get multiple reports on page 48
Tasks View summary reports on page 22 You can view nine preconfigured summary reports that provide an interactive depiction of activity for today, yesterday, and the past seven days. Create custom reports on page 24 Use custom reports when you want to select the timeframe, report type, filters, and display options for your report. Save custom reports as advanced reports on page 25 Save a custom report as an advanced report to add queries and other configuration changes to further refine the report. Quick View favorites on page 26 Create a favorite from a custom report for use at a later time. Saving a custom report as a favorite preserves the properties used to generate the report, not the actual report data. After you save a report, you can view (regenerate), edit, or delete it.
22
Task 1 2 Go to Quick View | Summary. Select the report type to view the report.
Some reports might return a dash () instead of a category, malware, protection area, user names, or reputation. This dash indicates the item is uncategorized, not associated with a particular type (such as no malware, protection area, or reputation), or the user is anonymous.
To drill down to subreports, click an entry from the report displayed on your screen to display a list of submenus that will lead you to additional report data.
Tasks View additional details in Quick View reports on page 23 View additional report details in Quick View reports using the drilldown links. Tabbed reports on page 24 The tabbed reports feature allows you to view multiple summary, favorite, and custom reports and move within the drilldown paths. View site and reputation in Quick View reports on page 24 When viewing a Site Activity report or a Detailed Activity report, click a URL to see the View Site and View Site Reputation links.
23
Tabbed reports
The tabbed reports feature allows you to view multiple summary, favorite, and custom reports and move within the drilldown paths. Use tabs to quickly switch between two or more reports. There are three ways to view a report in a new, empty tab: Click New Tab to open a new, empty tab.
Displaying the links: To open a new browser window that displays the selected website, click View Site. To open a new browser window that displays the TurstedSource.org website with reputation information for the URL, click View Site Reputation.
24
Task 1 Go to Quick View | Custom. The Custom menus appear. By default, the menus are collapsed. 2 3 4 Configure the custom report using the available options. Select the type of report. Select the filters for expanding or narrowing the report data. Leave the All filter type selected to include all data. Select a preconfigured filter or a user-created filter to limit the data in the report. Add a new filter by typing directly into a filter field. Type the filter data exactly as it would appear in the log data or report; wildcards are not allowed. Some filter fields automatically search log data for matching results as soon as you start typing and display the complete matching result above the field. If there are no matches, no results are displayed. For example, you want to filter on the user name jshepherd. You type js in the user name field and jshepherd appears above the field. Use commas to separate multiple entries. Unsaved filters appear in italics (new unsaved user group filters appear in bold). To save the new filter, click the down arrow next to the filter and select Save and complete configuring the filter. To clear the field, select the All option for that filter type from the drop-down list.
Before you change a report filter, review reports that use that filter. When you change a report filter, it affects all custom and advanced reports that use the filter.
5 6
Select display options for the report. Click View to display the report.
If the report does not include any data, verify that the report criteria is valid. If the criteria is valid, there might not be any matching report data.
When the custom report takes more than a few seconds to appear, McAfee Web Reporter provides additional options: Wait for the report to display Keep this tab open until the report appears. While the report is generating, you can open a new tab to run another custom report. Schedule the report Click this link to open the Add Scheduled Report window and schedule the report to generate. Cancel the report Click this link to cancel the generating report.
25
Task 1 Create and view a custom report. 2 3 On the report viewing toolbar, click Save as Advanced Report. Name the report and click OK.
Any queries associated with the custom report are preserved and saved with the same name as the report.
The report is added to the advanced reports list (viewable from Reports | Advanced | Advanced Reports). The query with the same name appears in the queries list (viewable from Reports | Advanced | Queries).
You can change the report layout between table and bar graph views using options in the associated query; however, you will not have interactive abilities for the created advanced report.
Tasks Save an existing custom report as a Quick View favorite on page 26 After viewing a custom report in the Quick View report window, you can save it as a favorite report. Add a favorite report from the Advanced Reports window on page 27 You can add (create) a Quick View favorite without viewing it in the Quick View report window. Manage favorite reports on page 27 Save a custom report as a favorite for use at a later time. After saving a custom report as a favorite, you can view the favorite, edit the configuration settings, view a list of report schedules that use the favorite, and delete the favorite.
26
The new favorite appears in the following locations: Quick View | Favorites Reports | Manage Reports | Report Console
27
Edit favorites
Edit a favorite when you want to change any of the settings within the configuration, such as the dates. You can make changes to favorite reports by opening the configuration of the favorite in the Quick View report window or Advanced Reports window. Task 1 Open the favorite report configuration: 2 Quick View window Quick View | Favorites Advanced Reports window Reports | Advanced | Favorite Reports
Make any changes to the configuration and resave the favorite report: Quick View window Click View, click Save as Favorite, and in the Favorite name field, retype the original favorite name exactly as it appears in the Favorite List. When the overwrite message appears, click Yes. Advanced Reports window Click OK.
28
The Add Scheduled Report window appears. 2 3 Use settings on the tabs of the Add Scheduled Report window to name, schedule, format, select delivery location, and select who you want the report to run as. Click OK to save the scheduled report.
29
Queries
Queries are the foundation for advanced reports that define the type of data in a report and how that data is presented in the report. In McAfee Web Reporter, queries and filters work together to specify what report you want, which data you want to see, and how you want to see it. You set up queries and filters separately, yet they work together to create your report. A report is organized into sections of data, such as user names, websites, dates, and more. McAfee Web Reporter retrieves data from log files and stores the data in a database. A query acts as the communicator between the database and the report, telling the database which types of data to display in the report. After specifying the types of data, the query then defines how the report will look.
Use preconfigured queries or configure your own custom queries for your advanced reports. Contents Preconfigured queries Custom queries Query configuration Query management
Preconfigured queries
McAfee Web Reporter has preconfigured queries that are used in the preconfigured advanced reports. However, you can also use these queries in your own reports. The preconfigured queries are designed for use with the preconfigured advanced reports in McAfee Web Reporter. The name of each preconfigured query corresponds to a preconfigured advanced report. However, the preconfigured queries were created using typical configurations for use with any advanced report. McAfee Web Reporter shares the predefined queries across all reporting administrator and user accounts. Use the original configuration in your own advanced reports, or copy the preconfigured query and modify it to match your reporting needs. McAfee Web Reporter shares preconfigured queries across all reporting users and administrators.
31
Custom queries
Custom queries are queries you configure to fit your specific reporting needs. There are four configuration areas: Query types Amount of detail in the report Data types and order Type of data in a report and the order of priority Query-level filters Filter which data is displayed based on selected data options Layout Visual presentation of data
Query types
The query type determines the amount of detail in a report. There are two types of queries to choose from when setting up a querysummary or detailed. Each query type has its own set of data options (also called columns) to select from. The data options define which data type is shown in your report, such as user name, dates, URL, and so on. The query type determines the amount of detail in the report for each type of data. Summary The McAfee Web Reporter query will look for data that is similar based on the data type and condense it into one line in the report, much like a Quick View report. For example, if you choose the Site Name column, the query finds all the URLs with the same domain and condenses them into one line in the reportwww.example.com/news and www.example.com/travel are condensed into one line as www.example.com. Select the summary report when you want: Reports that look similar to Quick View reports, with added flexibility and customization Hourly data for reports such as hits per user, categories per week, bytes per log source, and so on
Detailed The McAfee Web Reporter query represents data exactly as is with the original amount of detail available in the log file. This type of query displays a line in the report for each line in a log file (one hit). Select the detailed query when you want: Complete URLs in a report or a more exact representation of the log data Down-to-the-minute report data
See also Query columns and order on page 33 Select query and data types on page 35
32
Query columns
Query columns determines the type of data you want in your report, such as user names, URLs, and dates. The list of query columns, depends on the type of query you select (summary or detailed).
Column order
The order in which the query columns are placed in the Selected columns list affects how each set of data appears in the report and the order in which any additional rules (such as query-level filters) are applied. For example, you want a report that displays a list of websites each user visited. After selecting the User Name and Site Name columns, you would place the User Name column at the top of the list, giving it highest priority, and the Site Name column at the bottom of the list, giving it lower priority. This tells the query to organize the data by user name first and to match the list of websites to the user name. See also Query types on page 32 Select query and data types on page 35
Query-level filters
Query-level filters, called column properties, filter information on a single column (data type) according to parameters you define. Query-level filters are different from report-level filters in that query-level filters offer limited filtering capabilities only for the query in which they are set up and are applied after any report-level filters. For example, you want a report to show all URLs that include Google searches for used cars. In your query you would select the URL data column and type www.google.com/search?*q=used+cars* in the Include column property field.
Use column properties to filter data only when report-level filters cannot be used.
The options available for column properties depend on the type of data column you select to filter on. Options include changing the display name of the column, including or excluding data, sorting, setting the measurement of data, decimal point placement, and more. When you want more filtering capabilities and control over data in any querysuch as filtering on user names, categories, or log sourcesuse report-level filters. See also Configure query-level filters on page 35
33
Query layout
Layout options define how the report displays the data.
Using a table
A table displays the data in a set of columns and rows. The order in which the data appears on the report will vary depending on the priority applied to each columnthe column placed at the top of the Selected columns field on the Query tab appears as the first column on the left in a table, or the highest level of grouping for the information. Use a table when you want to display the following: Basic representation of data Lists of data Multiple Statistics columns (only one Statistics column can be used in a graph) No Statistics columns (one Statistics column is required for graphs)
Using a graph
A graph displays data in 2D or 3D bar or pie charts and data is ordered by the columns selected for the y-axis and x-axis. While you must select data columns for the query, not all of the data might appear in the report. Ultimately, the layout and type of data that appears on the report depends on which data options are selected for the y-axis and x-axis of the graph in the layout. Use a graph when you want to display the following: Graphical representation of data Easy-to-view comparison of data Comparison of a statistics column against any other column
Query configuration
Create your own custom queries using the query configuration options. Configure queries using the following options: Report and data types Define how much detail and the type of data to display in a report. Query-level filters Configure the query to further customize which data is displayed based on selected data options. Layout Control the visual presentation of data in reports using layout settings.
34
Tasks Select query and data types on page 35 Query columns are the foundation of a query. Select columns for type of data you want to include. Configure query-level filters on page 35 Define parameters for specific column properties in a query to further refine data that appears in a report. Set up query layout on page 36 Choose a graph or chart and identify the legend for the query layout. Configure these options within query settings.
On the Query tab, type a name and description for the query in the appropriate fields. To rename a query, type a new name in the Query name field.
When changing the name of a shared query, the query name changes for all users of this query. Changing the query name does not affect its use in reports.
3 4 5
From the Available Columns drop-down list, select either Web - Summary or Web - Detailed from the drop-down list to set the query type. Select one or more available data columns and click the > arrow button to move it to the Selected columns field. To change the order of column priority in the Selected columns field, use the up and down arrows.
Columns placed at the top of the Selected columns field are the first to have rules applied. For tables, the column placed at the top of the list appears as the first column on the left of the report.
See also Query types on page 32 Query columns and order on page 33
35
4 5
On the Properties for <column name> pane, type or select the query-level filter settings. Click OK.
If you type a value for which no database records exist for that column property, the report will be blank.
2 3 4
Click the Layout tab. Select the type of layout and the number of results to include. If you select Web - Detailed columns on the Query tab, you can select Combine similar data in results to group the same log records into one entry, similar to a summary query.
Use this option when you have an existing Web - Detailed query for which you want only summary data. If you are creating a new query and want only summary data, select Web - Summary.
If you select Graph, complete setup by selecting the graph type, y-axis and x-axis, and leave or modify the labels and graph title. Consider the following when selecting data for the x-axis: Group by The first column you select in the x-axis field is considered the top-level group, and rules are applied first to this column, similar to giving the column top priority in the Selected columns list on the Query tab. When you click a column first in the x-axis field, (group by) appears next to the column name. The (group by) means all similar data in this column is combined into one group. For example, if you select User Name first, each user name is condensed into its own group. List per group The second column you select in the x-axis field has rules applied second. When you click a column second in the x-axis field, (list per group) appears next to the column name. The (list per group) means that each individual piece of data is listed separately under each top-level group (the first x-axis column). For example, if you select User Name first as the group by column and Site Name second as the list per group column, the report displays the user name for each site that user visited.
If you are unsure of your grouping order, the graph title indicates the order by using then. For example, if you select User Name for group by and Site Name for list per group, the graph title displays User Name then Site Name.
36
Query management
Manage existing queries through the copy, delete, sharing, and view use options. After creating queries, you can manage queries using additional options. Copying queries Copies an existing query Deleting queries Permanently removes a query Sharing queries Shares a query with other McAfee Web Reporter users Viewing query use Displays which advanced reports use the query
Tasks Copy queries on page 37 Copy a query when you want to create a new query that uses many of the same settings as that query. Delete queries on page 37 Delete a query when it is no longer used. Share queries on page 38 Share the query with other users and control the level of permissions others have. View query use on page 38 View a query's use before you change settings or delete a query.
Copy queries
Copy a query when you want to create a new query that uses many of the same settings as that query. Task 1 2 3 4 Go to Reports | Advanced | Queries. Select a query from the list. Edit the copied query. Click OK.
Delete queries
Delete a query when it is no longer used. Task 1 2 Go to Reports | Advanced | Queries. Select a query from the list.
To select multiple consecutive queries, press the Shift key as you select the first and last queries. To select multiple non-consecutive queries, press the Ctrl key as you select the queries you want.
3 4
37
Share queries
Share the query with other users and control the level of permissions others have.
When changing or deleting a shared query, the action you take affects everyone using that query. For example, you create a basic query and give edit permission to Everyone. Then another reporting user edits the basic query to remove the Action column. This change affects all reports and users using that query.
Task 1 2 3 Go to Reports | Advanced | Queries and add a new query or edit an existing query. Click the Sharing tab on the Add or Edit Query window, select Share this query. Click Add to select users for sharing. The Share with Users window appears. This window is populated with the logon accounts created by the reporting administrator. For information about the list of available users, contact a reporting administrator. To delete users or groups from sharing, select a user or group in the Share this query field and click Delete. Click Yes to confirm. In the Permissions for <user or group name> field, select the permissions you want to give to other users. Click OK.
4 5 6
Task 1 2 Go to Reports | Advanced | Queries. Select a query from the list and click Used By. The View Use window appears and displays which advanced reports use the query. 3 Click Close.
38
Filters
Filters provide a way to focus in on which data you want in the report. Use the predefined filters or create your own using the settings on the Filters section of the interface in McAfee Web Reporter. Contents Filters overview Preconfigured filters Custom filters Add or edit filters Copy filters Share filters View filter use Remove a filter from reports Delete a filter
Filters overview
Filters help you get the exact data you want in your reports. You set up filters and queries separately, yet they work together to create your report. A report is organized into sections of data, such as user names, websites, dates, and more. McAfee Web Reporter gets data from log files and stores the data in a database. A query communicates to McAfee Web Reporter which type of data to display in the report. The filter then communicates with McAfee Web Reporter the exact data within the data type to get for the report.
Use preconfigured filters or configure your own custom filters for advanced reports.
Filter types
McAfee Web Reporter offers several types of filters for use in custom reports and advanced reports. Use one of the following filter types to refine the data for your reports.
39
Table 6-1 Filter types and descriptions Filter type Action Description Identifies the action taken on a URL request when a user visited a website. Actions correspond to the web filter policy in place on your network For example, if you have a policy to block all gambling websites and a user attempts to visit gambling.example.com, the report shows that gambling.example.com was blocked. Category Identifies the requested URL's TrustedSource database category or corresponding risk group For example, a Category filter configured to show data for the Productivity risk group will filter only the data categorized as a productivity risk group category. File Type Identifies file types found in the URL. For example, a File Type filter configured to show data only for video files will display only those URL requests for websites that contain video files Identifies which log source the data came from For more information about log sources, contact a reporting administrator. Malware Identifies malware found in requested URLs For example, if a user visited a website that was infected with a known virus, the virus name will show up as malware. Protection Area Identifies protection areas that filtered the URL request Protection areas are defined by the security feature that filtered the site. For example, if you are using McAfee Web Gateway, the corresponding protection area is one of the Web Filter choices. Protocol Identifies which Internet protocol the URL uses For example, if you want to show a report that excludes FTP sites, select Exclude selected protocols and select the checkbox next to FTP. Site Identifies URLs for the websites For example, to filter for all McAfee websites, type: *.mcafee.*. User IP Identifies which user IP address made the URL request For example, you might want data about specific IP addresses if you have a computer lab that allows any user or users with generic log on IDs to logon and visit websites. User Name (and Group) Identifies user names and group names that made URL requests For example, to include the Management group, but exclude specific individuals within that group, place the group at the top of the list and the users at the bottom of the list.
Groups filters work with LDAP groups or internal directory groups.
Log Source
Reputation
Identifies the level of risk associated with a URL by associating the URL with a particular reputation score For example, a website scored as Minimal Risk is from a legitimate source.
40
Preconfigured filters
McAfee Web Reporter includes four preconfigured filters, each filter corresponding to a risk group that contains specific TrustedSource database categories. In McAfee Web Reporter, the four preconfigured filters are designed for use with preconfigured advanced reports. However, the preconfigured filters were created covering four common risk groups that you can use in any advanced report or custom report. The preconfigured filters are shared across all reporting administrator and user accountswhen any administrator or user makes a change to a preconfigured filter, the change occurs in each McAfee Web Reporter account. For example, if user jshepherd removes a category from the preconfigured Productivity filter, the preconfigured Productivity filter in jlock's account also changes. Use the original configuration in your own advanced reports or custom reports, or copy the preconfigured filter and modify it to match your reporting needs.
Custom filters
McAfee Web Reporter allows you to make your own filters to fit your exact reporting needs. Configure a filter using the following options: Use the filter to include data or exclude data . Select options based on the filter type. Filter example For example, you selected the Category column for your query, but you want data only for a particular set of categories (risk group), such as Productivity categories. To do this, you would create a Category filter that includes the Productivity risk group only.
Copy filters
You can copy an existing filter that has many of the settings you want, then modify the configuration and rename it.
41
Task 1 2 3 4 Go to Reports | Advanced | Filters. Select a filter from the Filters list and click Copy. On the Copy Filter window, modify the filter configuration according to your needs. Click OK.
Share filters
When you create a filter, you can choose to share it with other users and select the level of permission others have. Use permissions settings to determine if others can use, view, edit, or delete the filter.
If you share a filter with other reporting users, they have access based on the permissions you grant. If those permissions include edit and delete, then any user who edits or deletes the filter affects all reporting users who use that filter. For example, you create a Sports category filter and give edit permissions to Everyone. Then another reporting user edits the Sports category filter to include the Web Ads category as well. This change affects all reports for every McAfee Web Reporter user or administrator using that filter.
Task 1 2 3 On the Sharing tab on the Add or Edit <filter type> Filter window, select Share this filter. The default for sharing is Everyone. To select users for sharing, click Add. From the Reporting users list, select one or more users and click OK.
To select multiple consecutive filters, press the Shift key as you select the first and last filters. To select multiple non-consecutive filters, press the Ctrl key as you select the filters you want.
4 5 6
To delete users or groups from sharing, select a user or group in the Share this filter field and click Delete. Click Yes to confirm. In the Permissions for <user or group name> field, select the checkboxes next to the permissions you want to grant for sharing. Click OK.
42
3 4
Click Used By. The View Use window appears and displays which reports use the filter. Click OK.
Open each advanced report that uses the filter you want to delete and remove the filter. a b c d Go to Reports | Advanced | Advanced Reports. Select the advanced report from the list and click Edit. On the Filters tab, go to the appropriate filter drop-down list and select a different filter to remove the filter you want to delete. Click OK.
Delete a filter
You can delete a filter when it is no longer in use. Before you begin Before deleting a filter, remove it from all reports.
43
3 4
44
Advanced Reports
Advanced reports are detailed reports you create using queries, filters, and layout options. Using advanced reports, you can narrow or expand the data in a report by using queries and filters that determine the exact information you want in a report. Contents Advanced report definition overview Configure advanced reports definitions Get advanced report results Manage advanced reports and report schedules
45
Naming the report and selecting queries Enter a name and description for the report and select the queries and their order for the report. Selecting Filters and dates Select the filters you want to use to get the exact data you want and select the dates you want a report for. Configuring the report to run multiple times Configure the report to run multiple times using additional queries or other parameters.
See also Add a favorite report from the Advanced Reports window on page 27
Task 1 2 Go to Reports | Manage Reports | Report Console. Configure or run an advanced report or favorite report.
Use the steps in the next procedures to complete advanced report configuration.
46
See also Manage favorite reports on page 27 Manage advanced reports and report schedules on page 50 Quick View favorites on page 26
4 5 6
Provide a description for the report. Select the queries you want to use in the report and put them in the order you want them to appear in the report. Add new columns to separate tables or graphs on a report into additional columns.
Columns do not appear when generating the advanced report in PDF file format.
47
Task 1 2 3 4 5 6 Go to Reports | Advanced | Report Console. Add a new report or select an existing report to edit. Click the Filters tab. Select the beginning and end dates for the data you want to view in the report. Select filters from any filter type drop-down list. Click OK.
See also Use advanced settings to get multiple reports on page 48 Custom reports on page 21 Filters on page 4 Queries on page 3
Multiple advanced reports results are available. Example of an advanced report using advanced settings This feature is useful if you want to view a Top Sites report for each user in your organization. Instead of manually creating multiple Top Sites by Hits reports (one for each user), you can create a single Top Sites by Hits report and then select this report to automatically run for each user. To do this: 1 2 3 Create a query named Top Sites by Hits and any filters you want. Configure an advanced report. On the Advanced tab of the Add Advanced Report window, select the Run report multiple times using this data checkbox.
48
4 5 6
Select either the Results of a query column data set and select the User Name column of an existing query, or select the Manual list data set to type in a list of users. Select how you want the report delivered. Click OK.
McAfee Web Reporter will generate a unique Top Sites by Hits report for each user.
See also Select filters and dates for advanced reports on page 47 Custom reports on page 21
Tasks Run an advanced report immediately on page 49 Run an advanced report immediately when you want report results immediately available to view, instead of waiting for results to appear after the next scheduled report job. Schedule advanced reports on page 50 Schedule an advanced report to run automatically at specific times. Running reports on a schedule eliminates the need for your direct involvement.
The report definition is processed and the report runs. Go to Reports | Manage Reports | Report Results to view the report. See also Report language options on page 8
49
Name the scheduled report. Select the report you want to schedule from the options. Configure the options on all tabs. Click OK.
The report is scheduled and appears in the list on the Report Schedules and Report Console windows. See also Report language options on page 8
50
Select a report from the list. To edit an existing report schedule on the Report Console window: in the Details pane, select a report from the Schedules drop-down list. Click Edit and make changes to the report. Click OK when you are finished making changes.
3 4
51
Advanced report definitions are imported and appear on the Advanced Reports window.
3 4
Click Import/Export. On the Import/Export window, select Export selected reports to a file, then browse to the location where you want to save the file.
52
5 6
Select the location. You are returned to the Import/Export Reports window. Modify the file name if you do not want to use the default. The default file name is ReportDef.xml.
3 4
53
Preconfigured Filters
Four preconfigured filters in McAfee Web Reporter include the selected categories in a report. Preconfigured filters are shared across all reporting users and administrators. Table A-1 Preconfigured filters Filter Bandwidth Media Risk Group Bandwidth Categories Internet Radio/TV Media Downloads Media Sharing Streaming Media Web Ads Productivity Productivity Auctions/Classifieds Blogs/Wiki Entertainment Fashion/Beauty Games Humor/Comics Job Search Marketing/Merchandising Mobile Phone Online Shopping Personal Pages Politics/Opinion Real Estate Recreation/Hobbies Religion/Ideology Restaurants Sports Stock Trading
55
Preconfigured Filters
Table A-1 Preconfigured filters (continued) Filter Risk Risk Group Liability Categories Criminal Activities Gambling Hate/Discrimination Historical Revisionism Illegal Software Incidental Nudity Nudity Pornography Visual Search Engine Security Security Anonymizers Anonymizing Utilities Hacking/Computer Crime Interactive Web Applications Malicious Sites P2P/File Sharing Parked Domain Personal Network Storage Phishing Remote Access Resource Sharing Shareware/Freeware Spam URLs Spyware/Adware
56
Preconfigured Queries
These are the preconfigured queries in McAfee Web Reporter. Table B-1 Preconfigured queries Query Name Bandwidth: Volume by Category Bandwidth: Volume by Category (Chart) Bandwidth: Volume by Category (Detail) Selected Columns Bytes URL Category Bytes URL Category Bytes Percent of Bytes Hits Percent of Hits URL Category Bandwidth: Volume by Day of Week (Chart) Bandwidth: Volume by Day of Week (Detail) Bytes Day of Week Bytes Percent of Bytes Day of Week Hits Percent of Hits Bandwidth: Volume by Hour (Chart) Bandwidth: Volume by Hour (Detail) Bytes Hour Bytes Percent of Bytes Hits Percent of Hits Hour Bandwidth: Volume by Month (Chart) Bytes Month Graph Displays each month of the year with the volume in megabytes Table Graph Displays each hour of the day with the volume in megabytes Displays each hour of the day with the volume in megabytes and includes percent of bytes, number of hits, and percent of hits details Table Graph Displays each day of the week with the volume in megabytes Displays each day of the week with the volume in megabytes and includes percent of bytes, number of hits, and percent of hits details Table Graph Layout Description Table Displays each URL category with the volume in descending order of megabytes with unlimited results Displays each URL category with the volume in descending order of megabytes for the top 30 results Displays each URL category with the volume in descending order of megabytes and includes percent of bytes, number of hits, and percent of hits details with unlimited results
57
Preconfigured Queries
Table B-1 Preconfigured queries (continued) Query Name Bandwidth: Volume by Month (Detail) Selected Columns Bytes Percent of Bytes Hits Percent of Hits Month Bandwidth: Volume by Site Bytes Site Name URL Category Category: Top 20 Sites by Volume (Site-Detail) Bytes Percent of Bytes Hits Percent of Hits Site Name URL Category Category: Usage by Hits Average Browse Time Bytes Percent of Bytes Hits Percent of Hits URL Category Category: Usage by Hits-Top 20 (Chart) Categories: Usage by Volume Hits URL Category Average Browse Time Percent of Browse Time Bytes Percent of Bytes Hits Percent of Hits URL Category Category: Usage by Volume-Top 20 (Chart) Bytes URL Category Graph Displays URL categories with the volume in descending order of megabytes for the top 20 results Table Graph Displays URL categories in descending order of hits for the top 20 results Displays URL categories with the volume in descending order of megabytes and includes percent of bytes, hits, percent of hits, percent of browse time, and average browse time for the top 100 results Table Displays URL categories in descending order of hits and includes the percent of hits, number of megabytes, percent of bytes, and the average browse time for the top 100 results Table Table Displays each site name and corresponding URL category with the volume in descending order of megabytes for the 30 most visited sites Displays URL categories and site names with the volume in descending order of megabytes and includes percent of bytes, number of hits, and percent of hits for the 20 most visited sites Layout Description Table Displays each month of the year with the volume in megabytes and includes percent of bytes, number of hits, and percent of hits details
58
Preconfigured Queries
Table B-1 Preconfigured queries (continued) Query Name Content Categories by Hits Selected Columns Bytes Percent of Bytes Hits Percent of Hits URL Category Content Categories by Volume Bytes Percent of Bytes Hits Percent of Hits URL Category Daily Malware Volume by Log Source Bytes Day of Week Log Source Malware Name Detail Malware Hits by Date Date Hits Malware Name Quarterly Traffic Volume by Year Bytes Quarter Year Risk: Categories by Hits Hits URL Category Bytes Percent of Bytes Hits Percent of Hits URL Category Risk: Categories by Volume Bytes Percent of Bytes Hits Percent of Hits URL Category Table Displays URL categories with volume in descending order of megabytes and includes percent of bytes, hits, and percent of hits with unlimited results Graph Table Displays URL categories in descending order of hits and includes percent of hits, megabytes, and percent of bytes with unlimited results Displays URL categories in descending order of hits for the top 200 results Table Displays the year and the quarter of the year with volume in gigabytes for the top 20 results Table Displays malware names by date in descending order of hits for the top 20 results Table Displays log sources with malware data in descending order of megabytes and includes the day of week for the top 20 results Table Displays URL categories with the volume in descending order of megabytes and includes percent of bytes, hits, and percent of hits for the top 20 results Layout Description Table Displays URL categories, hits, percent of hits, megabytes, and percent of bytes limited to 20 results
59
Preconfigured Queries
Table B-1 Preconfigured queries (continued) Query Name Risk: Categories by Volume (Chart) Risk: Users by Hits Selected Columns Bytes URL Category Average Browse Time Bytes Percent of Bytes Hits Percent of Hits URL Category User IP User Name Risk: Users by Volume Average Browse Time Bytes Percent of Bytes Hits Percent of Hits URL Category User IP User Name Table Displays user names with volume in descending order of kilobytes and includes user IP address, percent of bytes, hits, percent of hits, average browse time, and URL category for the top 20 results Table Layout Description Graph Displays URL categories with volume in descending order of megabytes for the top 200 results Displays user names in descending order of hits and includes user IP address, percent of hits, kilobytes, percent of bytes, average browse time, and URL category for the top 20 results
60
Preconfigured Queries
Table B-1 Preconfigured queries (continued) Query Name Selected Columns Layout Description Table Displays user names in descending order of hits for URL categories that include the following data: Anonymizers Anonymizing Hacking Interactive Malicious Sites P2P Parked Personal Network Phishing Remote Access Resource Sharing Shareware Spam URLs Spyware and includes user IP addresses, percent of hits, and average browse time for the top 50 results Security: Top 50 Users by Volume (Detail) Average Browse Time Bytes Percent of Bytes URL Category User IP User Name Table Displays user names with volume in megabytes for URL categories that include the following data: Anonymizers Anonymizing Hacking Interactive Malicious Sites P2P Parked Personal Network Phishing Remote Access Resource Sharing Shareware Spam URLs Spyware and includes user IP addresses, percent of bytes, and average browse time for the top 50 results Security: Top 50 Average Browse Time Users by Hits (Detail) Hits Percent of Hits URL Category User IP User Name
61
Preconfigured Queries
Table B-1 Preconfigured queries (continued) Query Name Security: Usage by Hits (Chart) Selected Columns Hits URL Category Layout Description Graph Displays URL categories in descending order of hits for categories that include the following data: Anonymizers Anonymizing Hacking Interactive Malicious Sites P2P Parked Personal Network Phishing Remote Access Resource Sharing Shareware Spam URLs Spyware for the top 200 results Security: Usage by Hits (Summary) Average Browse Time Bytes Percent of Bytes Hits Percent of Hits URL Category Table Displays URL categories in descending order of hits for that include the following data: Anonymizers Anonymizing Hacking Interactive Malicious Sites P2P Parked Personal Network Phishing Remote Access Resource Sharing Shareware Spam URLs Spyware and includes percent of hits, megabytes, percent of bytes, and average browse time for the top 100 results
62
Preconfigured Queries
Table B-1 Preconfigured queries (continued) Query Name Security: Usage by Volume (Chart) Selected Columns Bytes URL Category Layout Description Graph Displays URL categories with volume in descending order of megabytes for the top 200 results that include the following data: Anonymizers Anonymizing Hacking Interactive Malicious Sites P2P Parked Personal Network Phishing Remote Access Resource Sharing Shareware Spam URLs Spyware Security: Usage by Volume (Summary) Average Browse Time Bytes Percent of Bytes Hits Percent of Hits URL Category Table Displays URL categories with volume in descending order of megabytes for categories that include the following data: Anonymizers Anonymizing Hacking Interactive Malicious Sites P2P Parked Personal Network Phishing Remote Access Resource Sharing Shareware Spam URLs Spyware and includes percent of bytes, hits, percent of hits, and average browse time for the top 100 results
63
Preconfigured Queries
Table B-1 Preconfigured queries (continued) Query Name Summary: Hits per Hour (Chart) Selected Columns Hits - Allowed Hits - Blocked Hour Summary: Top 10 Categories by Volume Summary: Top 10 Content Types by Volume (Chart) Summary: Top 10 Log Sources by Volume Summary: Top 10 Malicious Sites Bytes URL Category Bytes Content Type Bytes Log Source Hits Site Name Web Reputation Summary: Top 10 Malware Blocks Hits - Blocked Malware Name Table Table Table Table Graph Table Displays URL categories with volume in descending order of megabytes for the top 10 results Displays content types with volume in descending order of megabytes for the top 10 results Displays log sources with volume in descending order of megabytes for the top 10 results Displays site names with web reputation rating of Malicious or Suspicious in descending order of hits for the top 10 results Displays malware name in descending order of hits that were blocked for the top 10 results Displays site names in descending order of browse time for the top 10 results Displays site names with volume in descending order of megabytes for the top 10 results Displays user names in descending order of browse time for the top 10 results Layout Description Graph Displays each hour of the day with the number of hits allowed and the number of hits blocked
Summary: Top 10 Browse Time Sites by Browse Time Site Name Summary: Top 10 Sites by Volume Summary: Top 10 Users by Browse Time Bytes Site Name Browse Time User IP User Name Summary: Top 10 Users by Volume Bytes User IP User Name Summary: TrustedSource Web Reputation (Chart) Summary: Volume per Hour (Chart) TrustedSource Anti-Malware Hits (Chart) Hits Web Reputation Bytes Hour Hits Malware Name
Table
Table
Table
Displays user names with volume in descending order of megabytes for the top 10 results
Graph
Displays web reputation ratings in descending order of hits for the top 200 results Displays each hour of the day with volume in megabytes Displays malware names in descending order of hits for the top 200 results
Graph
Graph
64
Preconfigured Queries
Table B-1 Preconfigured queries (continued) Query Name TrustedSource Anti-Malware Hits (Detail) Selected Columns Bytes Hits Malware Name Site Name TrustedSource Anti-Malware Hits (Summary) Bytes Hits Malware Name TrustedSource Bytes Anti-Malware Protected Users (Top Hits 20) Malware Name User IP User Name TrustedSource Protection Area (Chart) TrustedSource Protection Area (Detail) Hits Protection Area Bytes Hits Protection Area Site Name TrustedSource Protection Area (Summary) Bytes Hits Protection Area TrustedSource Protection Area Users (Top 20) Bytes Hits Protection Area User IP User Name TrustedSource Web Reputation (Chart) TrustedSource Web Reputation (Detail) Hits Web Reputation Bytes Hits Site Name Web Reputation Table Graph Displays web reputation ratings in descending order of hits for the top 200 results Displays site names with corresponding web reputation ratings when Malicious or Suspicious in descending order of hits and includes volume in megabytes for the top 100 results Table Displays user names with the corresponding protection area in descending order of hits and includes user IP addresses and volume in megabytes for the top 20 results Table Displays protection areas in descending order of hits and includes volume in megabytes with unlimited results Table Graph Displays protection areas in descending order of hits for the top 200 results Displays site names with the corresponding protection area in descending order of hits and includes volume in megabytes for the top 100 results Table Displays user names, user IP addresses, and malware names in descending order of hits and includes volume in megabytes Table Displays the malware names in descending order of hits and includes volume in megabytes Layout Description Table Displays malware names with the originating site name in descending order of hits and includes volume in megabytes
65
Preconfigured Queries
Table B-1 Preconfigured queries (continued) Query Name TrustedSource Web Reputation (Summary) Selected Columns Bytes Hits Web Reputation TrustedSource Web Bytes Reputation Protected Hits Users (Top 20) User IP User Name Web Reputation Web Browsing: Top 30 Users Browse Time URL Category User Name Table Displays user names with URL category in descending order of browse time for the top 30 results Table Displays user names with corresponding web reputation ratings when Malicious or Suspicious in descending order of hits and includes user IP addresses and volume in megabytes for the top 20 results Layout Description Table Displays web reputation ratings in descending order of hits and includes volume in megabytes with unlimited results
66
These are the preconfigured advanced report definitions in McAfee Web Reporter. Table C-1 Preconfigured advanced report definitions Advanced Report Selected queries Definition Name Bandwidth - Media Bandwidth: Volume by Category Sites Bandwidth: Volume by Site Bandwidth: Volume by Category (Chart) Bandwidth: Volume by Category (Detail) Bandwidth Volume by Time Bandwidth: Volume by Month (Chart) Bandwidth: Volume by Month (Detail) Bandwidth: Volume by Day of Week (Chart) Bandwidth: Volume by Day of Week (Detail) Bandwidth: Volume by Hour (Chart) Bandwidth: Volume by Hour (Detail) Category - Top 20 Sites by Volume (Site-Detail) Category: Top 20 Sites by Volume (Site-Detail) None all data matching the queries will display in the report Category: Usage by Hits-Top 20 (Chart) Category: Usage by Hits Category: Usage by Volume-Top 20 (Chart) Category: Usage by Volume Content Categories by Hits Content Categories by Hits None all data matching the queries will display in the report None all data matching the queries will display in the report Displays hits and number of megabytes for URL categories found in your log file data Displays number of megabytes and hits for URL categories found in your log file data None all data matching the queries will display in the report Displays the number of megabytes for websites in 20 different URL categories configured in the advanced settings of the report Displays usage information for URL categories found in your log file data None all data matching the queries will display in the report Displays the number of megabytes for various time periods Selected filters Bandwidth Media Description Displays the number of megabytes for URL categories and websites in the Bandwidth risk group
67
Table C-1 Preconfigured advanced report definitions (continued) Advanced Report Selected queries Definition Name Daily Malware Volume by Log Source Daily Malware Volume by Log Source Selected filters None all data matching the queries will display in the report None all data matching the queries will display in the report Productivity Description Displays number of megabytes, log source, and time periods for malware data found in your log files Displays number of hits and dates for malware data found in your log files
Displays browse time and user names for URL categories found in your log file data Displays number of gigabytes per year and quarter of the year
None all data matching the queries will display in the report Risk
Risk: Categories by Hits (Chart) Risk: Categories by Hits Risk: Users by Hits Risk: Categories by Volume (Chart) Risk: Categories by Volume Risk: Users by Volume
Displays the number of hits and megabytes, percent of hits and megabytes, average browse time, and user name information for websites in the Liability risk group
Security: Usage by Hits (Chart) Security: Usage by Hits (Summary) Security: Top 50 Users by Hits (Detail) Security: Usage by Volume (Chart) Security: Usage by Volume (Summary) Security: Top 50 Users by Volume (Detail)
Security
Displays the number of hits and megabytes, percent of hits and megabytes, average browse time, and user name information for websites in the Security risk group
68
Table C-1 Preconfigured advanced report definitions (continued) Advanced Report Selected queries Definition Name Summary Overview of All Activity Summary: Top 10 Sites by Volume Summary: Top 10 Users by Volume Summary: Top 10 Malware Blocks TrustedSource Web Reputation (Chart) Summary: Top 10 Content Types by Volume (Chart) Summary: Top 10 Sites by Browse Time Selected filters None all data matching the queries will display in the report Description Displays the number of hits and megabytes for user information, malware data, reputation ratings, time periods, websites, and URL categories
Summary: Top Summary: Top 10 10 Malicious Sites Users by Browse Time Summary: Volume per Hour (Chart) Summary: Hits per Hour (Chart) TrustedSource Summary Summary: Top 10 Categories by Volume Summary: Top 10 Log Sources by Volume Displays the number of hits and megabytes, user information, and websites forTrustedSource database malware data, reputation ratings, and protection areas
None all data matching the TrustedSource Anti-Malware Hits (Summary) queries will display in the TrustedSource Anti-Malware Hits (Detail) report TrustedSource Anti-Malware Protected Users (Top 20) TrustedSource Anti-Malware Hits (Chart) TrustedSource Protection Area (Chart) TrustedSource Protection Area (Summary) TrustedSource Protection Area (Detail) TrustedSource Protection Area Users (Top 20) TrustedSource Web Reputation (Chart) TrustedSource Web Reputation (Summary) TrustedSource Web Reputation (Detail) TrustedSource Web Reputation Protected Users (Top 20)
None all data matching the TrustedSource Anti-Malware Hits (Summary) queries will display in the TrustedSource Anti-Malware Hits (Detail) report TrustedSource Anti-Malware Protected Users (Top 20) TrustedSource Anti-Malware Hits (Chart)
Displays the number of hits and megabytes, user information, and websites for TrustedSource database malware data
69
Table C-1 Preconfigured advanced report definitions (continued) Advanced Report Selected queries Definition Name TrustedSource Protection Area Summary TrustedSource Protection Area (Chart) TrustedSource Protection Area (Summary) TrustedSource Protection Area (Detail) TrustedSource Protection Area Users (Top 20) TrustedSource Reputation Summary TrustedSource Web Reputation (Chart) TrustedSource Web Reputation (Summary) TrustedSource Web Reputation (Detail) TrustedSource Web Reputation Protected Users (Top 20) None all data matching the queries will display in the report Displays the number of hits and megabytes, user information, and websites for TrustedSource database reputation ratings Selected filters None all data matching the queries will display in the report Description Displays the number of hits and megabytes, user information, and websites for TrustedSource database protection areas
70
Index
A
about this guide 5 actions translation 8 actions report about 20 Administration menu 12 advanced report results 49 run now 49 advanced reports about 7, 45 configure 46 copy 51 create a favorite 27 custom 45 date range 47 dates 47 definitions 45 about 45 export 52 import 52 delete 53 disable 51 export 52 filters 47 import 52 make changes 51 manage 50 multiple reports 48 name 47 parts of 45 preconfigured 45 results 49 results of a query column 48 run multiple times 48 save a custom report 25 scheduled 50 disable 51 toolbar 13 used by 52 user-configured 45 view use 52
C
categories preconfigured filters 55 translation 8 categories report about 20 charts 34 column properties 35 conventions and icons used in this guide 5 custom reports about 7, 19, 21 as advanced report 25 create, view 24 details 23 drilldown links 23 favorite 26 favorites 22 filters 24 multiple reports 22 reputation, view 24 save as advanced 25 save as favorite 26 schedule 29 send 29 site, view 24 tabbed reports 24 view 22, 23
D
date format 15, 17 date range advanced reports 47 dates translation 8 dates for advanced reports 47 decimal separator 16 delegated reports profile settings 15, 18 directories logon 11 documentation audience for this guide 5 product-specific, finding 6
71
Index
E
email default settings 15
F
favorite reports about 19, 22 details 23 drilldown links 23 edit 28 manage 27 multiple reports 22 reputation, view 24 save custom 26 schedule 29 send 29 site, view 24 tabbed reports 24 view 22, 23, 27 favorites save 26, 27 send 29 used by 28 view use 28 filters about 39 add 41 advanced reports 47 copy 41 delete 43 descriptions 39 edit 41 new for custom reports 24 preconfigured 41 categories 55 descriptions 55 risk groups 55 query-level 35 remove from report 43 sharing 42 toolbar 13 TrustedSource 41 types 39 used by 42 view use 42
graphs (continued) group by 34 list per group 34 pie charts 34 x-axis 34 group by columns 34 x-axis 34 groups view members 18
H
Help menu 12 HTTP logon URL 11 HTTPS logon URL 11
L
languages data 8 report fields 8 list per group 34 logon profile settings 15 logon URL 11
M
malware report about 20 McAfee ServicePortal, accessing 6 menus Administration 12 My Profile 12 Quick View 12 Reports 12 My Profile about 15 date format 15, 17 decimal separator 16 default report 17 default risk group 17 delegated report settings 18 email settings 15 menu 12 number format 15, 16 number of results 15, 16 password 15, 18 recipient address 15 sender address 15 summary report, default 17 thousands separator 16 time format 15, 17
G
graphs bar charts 34 columns 34
72
Index
N
name advanced reports 47 number format decimal separator 16 thousands separator 16 number of results 15, 16
Q
queries charts 34 column properties 35 columns 34 configure 35 copy 37 data type 35 delete 37 filters 35 graphs 34 group by 34 layout 34, 36 list per group 34 preconfigured 31 query type 35 sharing 38 tables 34 used by 38 view use 38 x-axis 34 y-axis 34 query-level filters 35 Quick View about 19 custom reports 24 custom, about 21 details 23 drilldown links 23 favorite view 27 favorite reports edit 28 filters 24 delete 43 remove 43 used by 42 view use 42 menu 12 multiple reports 22 reputation, view 24 row limits 22 save as 26 save as advanced report 25 save favorites 26, 27 schedule 29 send 29 site, view 24 summary report default 17 summary reports 19 tabbed reports 24 toolbar 13 view 22, 23
P
password change 18 preconfigured advanced reports 45 filters 41 queries 31 preferences date format 17 decimal separator 16 delegated report settings 18 email 15 number format 16 number of results 16 password 18 profile settings 15 recipient address 15 risk group, default 17 sender address 15 summary report, default 17 thousands separator 16 time format 17 profile about 15 settings 15 profile settings date format 17 decimal separator 16 delegated report settings 18 email 15 number format 16 number of results 16 password 18 recipient address 15 risk group, default 17 sender address 15 summary report, default 17 thousands separator 16 time format 17 protection areas translation 8 protection areas report about 20
73
Index
R
recipient address 15 report fields translation 8 report schedules copy 51 disable 51 make changes 51 reports about 7 advanced about 7 copy 51 custom about 7 delete 53 disable 51 export advanced 52 filters about 39 add 41 categories 55 copy 41 create 41 custom 41 delete 43 edit 41 preconfigured 41, 55 remove 43 risk groups 55 sharing 42 types 39 import advanced 52 multiple advanced reports 48 options 7 queries configure 35 copy 37 delete 37 layout 36 sharing 38 used by 38 view use 38 results 49 run now 49 scheduled 50 send favorites 29 send Quick View 29 summary about 7 translation 8 used by 52 view use 52 used by 42
Reports menu 12 reputation translation 8 view from Quick View 24 reputation report about 20 results field, default number 16 results of a query column 48 risk groups default 17 preconfigured filters 55 run now 49 run report multiple times 48
S
scheduled reports See also report schedules create 50 run now 49 send favorite reports 29 send reports 29 sender address 15 ServicePortal, finding product documentation 6 sharing filters 42 queries 38 site, view 24 sites report about 20 summary reports about 7, 19 actions report 20 categories report 20 default 15, 17 details 23 drilldown links 23 malware report 20 multiple reports 22 profile settings 15 protection areas report 20 reputation report 20 reputation, view 24 send 29 site, view 24 sites report 20 tabbed reports 24 types 20 user groups report 20 user IPs report 20 user names report 20 view 22, 23
74
Index
T
tabbed reports 24 Technical Support, finding product information 6 thousands separator 16 time formats translation 8 translation 8 time format 15, 17 toolbars advanced reports 13 filters 13 number of results, default 16 options 13 Quick View 13 translation data 8 languages 8 report fields 8 TrustedSource in preconfigured filters 41
user interface (continued) menu bar 12 My Profile menu 12 navigation bar 12 permissions 14 Quick View menu 12 Reports menu 12 toolbars 13 user IPs report about 20 user names report about 20
V
view group members delegated reports profile 18 view site 24 view site reputation 24 view user favorites 28
U
used by favorites 28 user groups report about 20 user interface Administration menu 12 See also McAfee Web Reporter Product Guide basics 12 logon 11
W
what's in this guide 6
X
x-axis 34
Y
y-axis Statistics column 34
75
700-2693A-00