ironport_sseries_accesslog__XSQUID_sec-ops-profile = { ##### ##### ##### ##### ##### ##### ##### ##### ##### ##### ##### ## IronPort S-Series Sawmill Configuration ## Description: IronPort Sawmill Plug-in for the SecOps Profile ## ## IronPort S-Series OS Version: 5.6.0 and up ## Sawmill for IronPort Release Version: 7.3.1 ## Last Modified: July, 2009. ##### ##### ##### ##### ##### ##### ##### ##### ##### ##### ##### # The name of the log format log.format.format_label = "IronPort S-Series Access Logs Sec Ops Profile for Extended Squid Format" log.miscellaneous.log_data_type = "firewall" log.miscellaneous.log_format_type = "proxy_server" # The log is in this format if any of the first ten lines match this regular expression # Note: to accomodate the different varations between 5.1 and 5.2+ this autodetect expression uses an 'or' statement within now # timestamp elapsed host action/status size method uri user hierarchy/server mime desicion-policy_group unknown # log.format.autodetect_regular_expression = `[0-9.]* [0-9]* [0-9.]* [A-Z_]*/[0-9]* [0-9]* [A-Z]* [^ ]* [^ ]* [A-Z_]*/[^ ]* [^ ]* [^ ]*-[^ ]* <([^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+|[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+)> [^ ]+` # Allowing forward support of WSA log changes - ignore the entries after the 13th field of the verdict string. log.format.autodetect_regular_expression = `[0-9.]* [0-9]* [0-9.]* [A-Z_]*/[0-9]* [0-9]* [A-Z]* [^ ]* [^ ]* [A-Z_]*/[^ ]* [^ ]* [^ ]*-[^ ]* <[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+|[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,>]+` # This regular expression is used to parse the log fields out of the log entry # (timestamp) elapsed (host) (action)/(status) (size) (method) (uri) (user) hierarchy/server (mime) desicion-policy_group unknown log.parsing_filters.parse = ` if (matches_regular_expression(current_log_line(), 'TCP_DENIED/407')) then "reject" else if (matches_regular_expression(current_log_line(), # Simple case - one MIME Type listed # '^([0-9.]*) *[0-9]* ([0-9.]*) ([A-Z_]*)/([0-9]*) ([0-9]*) ([A-Z]*) ([^ ]*) +([^ ]*) [A-Z_]*/[^ ]* ([^ ]*) ([^ ]+) <([^,]+),([^,]+),[^,]+,([^,]+),[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,([^,]+)> [^ ]+')) then ( # Allowing forward support of WSA log changes - ignore the entries after the 13th field of the verdict string. '^([0-9.]*) *[0-9]* ([0-9.]*) ([A-Z_]*)/([0-9]*) ([0-9]*) ([A-Z]*) ([^ ]*) +([^/]*)/[^ ]* ([^ ]*) ([^ ]+) <([^,]+),([^,]+),[^,]+,([^,]+),[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,([^,>]+)')) then ( date_time = $1; source_ip = $2; field_action = $3; field_svr_response = $4; field_size = $5; field_method = $6; url = $7; field_auth_user = $8; field_mime_type = $9; field_decision = $10; field_category = $11; field_wbrs_string = $12; field_webroot_id = $13; field_mcafee_id = $14; ) else if (matches_regular_expression(current_log_line(), # Second case - multiple MIME types # '^([0-9.]*) *[0-9]* ([0-9.]*) ([A-Z_]*)/([0-9]*) ([0-9]*) ([A-Z]*) ([^ ]*) +([^ ]*) [A-Z_]*/[^ ]* ([^ ]*).* ([^ ]+) <([^,]+),([^,]+),[^,]+,([^,]+),[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,([^,]+)> [^ ]+')) then ( # Allowing forward support of WSA log changes - ignore the entries after the 13th field of the verdict string. '^([0-9.]*) *[0-9]* ([0-9.]*) ([A-Z_]*)/([0-9]*) ([0-9]*) ([A-Z]*) ([^ ]*) +([^/]*)/[^ ]* ([^ ]*).* ([^ ]+) <([^,]+),([^,]+),[^,]+,([^,]+),[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,[^,]+,([^,>]+)')) then ( date_time = $1; source_ip = $2; field_action = $3; field_svr_response = $4; field_size = $5; field_method = $6; url = $7; field_auth_user = $8; field_mime_type = $9; field_decision = $10; field_category = $11; field_wbrs_string = $12; field_webroot_id = $13; field_mcafee_id = $14; ) ` log.format.date_format = "seconds_since_jan1_1970" log.format.time_format = "seconds_since_jan1_1970" statistics.miscellaneous.entry_name = "requests" #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# # Log fields log.fields = { # Fields from Logs (order must coincide with actual log field order) date_time = "" source_ip.type = "host" field_action = "" field_svr_response = "" field_size = "" field_method = "" url.type = "page" field_auth_user = "" field_mime_type = "" field_decision = "" field_category = "" field_wbrs_string = "" field_webroot_id = "" field_mcafee_id = "" # Newly created fields day_of_week = "" hour_of_day = "" #field_bw_cost = "" field_cache_type = "" field_category_severity = "" field_malware_id = "" field_object_page = "" #SECURITYCOST#field_security_cost = "" field_source_id = "" field_unique_src_ips = "" field_usage = "" field_url_file_extension = "" #URLFILENAME#field_url_filename = "" #URLPASSWORD#field_url_password = "" #URLPATH#field_url_path = "" field_url_port = "" #URLQUERY#field_url_query = "" field_url_scheme = "" field_url_server = "" #URLUSER#field_url_user = "" field_wbrs_value = "" field_policy_group = "" } # log.fields #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# # Database fields database.fields = { date_time = { label = "Year/Months/Days" } # date_time day_of_week = { label = "Day of Week" } # day_of_week field_auth_user = { label = "Auth User" } # field_auth_user field_action = { label = "Action" } # field_action field_cache_type = { label = "Cache Type" } # field_cache_type field_category = { label = "Category" } # field_category field_category_severity = { label = "Severity" } # field_category_severity field_decision = { label = "Decision" } # field_decision field_malware_id = { label = "MalwareID" } # field_malware_id field_mcafee_id = { label = "McAfee" } # field_mcafee_id field_method = { label = "Method" } # field_method field_mime_type = { label = "MIME Type" } # field_mime_type field_object_page = { label = "Page View" } # field_object_page field_policy_group = { label = "Policy Group" } # field_policy_group field_url_server = { label = "Server" } # field_url_server field_source_id = { label = "SourceID" } # field_source_id field_svr_response = { label = "Server Response" } # field_svr_response field_url_file_extension = { label = "File Extention" } # field_url_file_extension #URLFILENAME#field_url_filename = { #URLFILENAME#label = "Filename" #URLFILENAME#} # field_url_filename #URLPASSWORD#field_url_password = { #URLPASSWORD#label = "URL Password" #URLPASSWORD#} # field_url_password #URLPATH#field_url_path = { #URLPATH#label = "Path" #URLPATH#} # field_url_path field_url_port = { label = "Port" } # field_url_port #URLQUERY#field_url_query = { #URLQUERY#label = "URL Query" #URLQUERY#} # field_url_query field_url_scheme = { label = "Scheme" } # field_url_scheme field_usage = { label = "Usage" } # field_usage #URLUSER#field_url_user = { #URLUSER#label = "URL User" #URLUSER#} # field_url_user field_wbrs_string = { label = "Web Reputation" } # field_wbrs_string field_webroot_id = { label = "Webroot" } # field_webroot_id hour_of_day = { label = "Hour of Day" } # hour_of_day source_ip = { label = "Client IP" } # source_ip url = { label = "URL" } # url } # database.fields #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# database.numerical_fields = { #field_bw_cost = { # label = "Bandwidth Cost" # default = true # type = "float" # display_format_type = "\\$%0.2f" #} # field_bw_cost #SECURITYCOST#field_security_cost = { #SECURITYCOST#label = "Security Cost" #SECURITYCOST#default = true #SECURITYCOST#type = "float" #SECURITYCOST#display_format_type = "\\$%0.2f" #SECURITYCOST#} # field_security_cost field_size = { label = "Size" default = true type = "float" display_format_type = "bandwidth" } # field_size field_unique_src_ips = { label = "Unique Src IPs" default = true log_field = "source_ip" type = "unique" } # field_unique_src_ips field_wbrs_value = { label = "WBRS" default = true type = "float" display_format_type = "%0.1f" requires_log_field = false } # field_wbrs_value page_views = { label = "Page Views" default = true requires_log_field = false } # page_views requests = { label = "Requests" default = true requires_log_field = false entries_field = true } # requests } # database.numerical_fields #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# # Log Filters log.filters = { logfilter_report_retention = { value = "if (date_time_to_epoc(date_time) < (now() - 60*60*24*45)) then ('reject');" disabled = "true" label = "Ignore log line older than 45 Days" comment = "Log lines older than 45 days will be ignored and will not be processed." expressions = { type = "conditional" boolean_operator = "or" boolean_operator_sequence = "" if = { 0 = { log_field = "date_time" operator = " -1) then field_auth_user = substr(field_auth_user, 0, end);` } # logfilter_extract_auth_user logfilter_populate_source_id = { label = "Populate the field Source_ID" comment = "Populate the field Source_ID based on Authenticated Username if present, Client IP else, or finally '(none)'" value = `if (field_auth_user ne "-") then field_source_id = field_auth_user else field_source_id = source_ip` } # logfilter_populate_source_id logfilter_omit_empty_user_names = { label = "Omit empty AuthUsrs" comment = "Replaces AuthUsrs '-' (unauthenticated) with '(none)'; which by default omits their inclusion in AuthUsr reports" value = `if (field_auth_user eq "-") then field_auth_user = "(none)"` } # logfilter_omit_empty_user_names logfilter_mcafee_ids = { label = "Replace Non-Malware McAfee" comment = "Replace the McAfee fields which do not contain malware with () to remove their inclusion in reports defaultly." value = `if (field_mcafee_id eq "-") then field_mcafee_id = "(none)" else if (field_mcafee_id eq "Skipped") then field_mcafee_id = "(skipped)"` } # logfilter_mcafee_ids logfilter_webroot_ids = { label = "Replace Non-Malware Webroot" comment = "Replace the Webroot fields which do not contain malware with () to remove their inclusion in reports defaultly." value = `if (field_webroot_id eq "-") then field_webroot_id = "(none)" else if (field_webroot_id eq "Skipped") then field_webroot_id = "(skipped)" else if (field_webroot_id eq "Unscannable") then field_webroot_id = "(unscannable)"` } # logfilter_webroot_ids logfilter_malware_ids = { label = " Munch MalwareID" comment = "Consoldate the Webroot & McAfee malware names into one field. If both identify the malware, then Webroot will take pressidence." value = `if (!contains(field_mcafee_id, '(')) then field_malware_id = field_mcafee_id else if (!contains(field_webroot_id, '(')) then field_malware_id = field_webroot_id` } # logfilter_malware_ids #SECURITYCOST#logfilter_compute_security_cost = { #SECURITYCOST#label = "Compute security cost" #SECURITYCOST#comment = "Computes the security cost attributed from Malware. (Based on IT services, downtime and re-imaging, according to the Radicati Group, January 2006)" #SECURITYCOST#value = `if (field_malware_id eq "(empty)") or (field_malware_id eq "(none)") or (field_malware_id eq "(skipped)") or (field_malware_id eq "(unscannable)") then field_security_cost = 0; #SECURITYCOST#else field_security_cost = 265;` #SECURITYCOST#} # compute_securitycost logfilter_consolodate_cache_type = { label = "Consolodate cache type" comment = "Consolodate action field based on the source of content for bandwidth calculations" value = `if ((field_action eq "TCP_CLIENT_REFRESH_MISS")) then field_cache_type = "Refresh"; else if (matches_regular_expression(field_action, 'MISS$')) then field_cache_type = "Miss"; else if (matches_regular_expression(field_action, 'HIT$')) then field_cache_type = "Hit"; else if (matches_regular_expression(field_action, 'DENIED$')) then field_cache_type = "Denied"; else field_cache_type = "Unknown";` } # logfilter_consolodate_cache_type #logfilter_compute_bandwidth_cost = { # label = "Compute bandwidth cost" # comment = "Computes the cost of bandwidth at .15 USD per Gigabyte (1 gigabytes = 1,073,741,824 bytes)" # value = `if (field_cache_type eq "Miss") then (field_bw_cost = field_size * .15 / 1073741824;) else (field_bw_cost = 0)` #} # logfilter_compute_bandwidth_cost logfilter_parse_decision_tag = { label = "Parse Decision Tag into components" comment = "Parses the Decision Tags into Action and Policy" value = `if (matches_regular_expression(field_decision, '^([^-]+)-([^-]+).*$')) then ( field_decision = $1; field_policy_group = $2; ); ` } # logfilter_parse_decision_tag logfilter_parse_url = { label = "Parse URL" comment = "Seperate URL into individual searchable parts like scheme, host, domain, etc." # Pass 1: Seperate URL into Scheme://Start.../End... value = "if (matches_regular_expression(url, '^([^:]+)://([^/]*)/(.*)$')) then ( field_url_scheme = lowercase($1); v.start = $2; v.end = $3; v.srv = v.start; v.prt = ''; if (field_url_scheme eq 'https') then ( v.prt = '443'; ) else if (field_url_scheme eq 'http') then ( v.prt = '80' ) else if (field_url_scheme eq 'ftp') then ( v.prt = '21' ); if (matches_regular_expression(v.start,'^[^:@]+[@:]+.+$')) then ( # Pass 2: Seperate Start based on user@pass:server:port if (matches_regular_expression(v.start, '^([^@]*)@(.*)$')) then ( v.user_pass = $1; v.start = $2; #if (matches_regular_expression(v.user_pass, '^([^:]*):(.*)$')) then ( #URLUSER#field_url_user = $1; #URLPASSWORD#field_url_password = $2; #); ); if (matches_regular_expression(v.start, '^([^:]*):([0-9]+)$')) then ( v.srv = $1; v.prt = $2; ); ); field_url_server = lowercase(v.srv); field_url_port = v.prt; # Pass 3: Seperate based on path\file.extention?query if (matches_regular_expression(v.end, '^([^?]*)[?]?(.*)$')) then ( v.end = $1; #URLQUERY#field_url_query = $2; ); if (matches_regular_expression(v.end, '^(.*)/([^/]*)$')) then ( #URLPATH#field_url_path = $1; v.end = $2; ); if (matches_regular_expression(v.end, '^(.*)\\.([a-zA-Z]+[1-9]?)$')) then ( #URLFILENAME#field_url_filename = $1; field_url_file_extension = uppercase($2); ); #URLFILENAME#else ( #URLFILENAME#field_url_filename = v.end; #URLFILENAME#); ); );" } # logfilter_parse_url logfilter_detect_page_views = { label = '$lang_admin.log_filters.detect_page_views_label' comment = '$lang_admin.log_filters.detect_page_views_comment' value = "if ((matches_regular_expression(field_svr_response, '^1|3|4|5')) or (matches_regular_expression(field_decision, '^BLOCK|DROP'))) then ( page_views = 0; field_object_page = 'Object'; ) else if (matches_regular_expression(field_mime_type, '^text/html$')) then ( if (matches_regular_expression(field_url_file_extension, '^TXT|JS|ICO|JPEG|JPG|GIF|PNG|CSS$')) then ( page_views = 0; field_object_page = 'Object'; ) else ( page_views = 1; field_object_page = 'Page'; ); ) else ( page_views = 0; field_object_page = 'Object'; )" } # logfilter_detect_page_views logfilter_rewrite_url = { label = "Rewrite URL" comment = "Rewrite URL to remove any inclusion of usernames, passwords, or ports which would unneedingly increase the database size and reduce performance. The URL file path, filename, and query string have also been removed." value = "url = field_url_scheme . '://' . field_url_server;" } # logfilter_rewrite_url #NONPAGEVIEW#logfilter_strip_non_page_views = { #NONPAGEVIEW#label = '$lang_admin.log_filters.strip_non_page_views_label' #NONPAGEVIEW#comment = '$lang_admin.log_filters.strip_non_page_views_comment' #NONPAGEVIEW#value = "if (page_views == 0) then url = substr(url, 0, last_index(url, '/') + 1) . '(nonpage)';" #NONPAGEVIEW#} # logfilter_strip_non_page_views #SIMPLIFYURL#logfilter_simplify_url = { #SIMPLIFYURL#label = "$lang_admin.log_filters.simplify_url_label" #SIMPLIFYURL#comment = "$lang_admin.log_filters.simplify_url_comment" #SIMPLIFYURL#value = "if (matches_regular_expression(url, '^([^:]+://[^/]+/)')) then url = $1 . '(omitted)'" #SIMPLIFYURL#} # logfilter_simplify_url #REMOVEQUERY#logfilter_remove_query = { #REMOVEQUERY#label = "$lang_admin.log_filters.remove_query_label" #REMOVEQUERY#comment = "$lang_admin.log_filters.remove_query_comment" #REMOVEQUERY#value = "if (matches_regular_expression(url, '^(.*\\?).*\$')) then url = $1 . '(parameters)';" #REMOVEQUERY#} # logfilter_remove_query logfilter_transform_AuthUsr_lowercase = { label = "Transform AuthUsrs lower case" comment = "Eliminates possibility that user logs may be seperated because of AuthUser case" value = "field_auth_user = lowercase(field_auth_user);" } # logfilter_transform_AuthUser_lowercase logfilter_wbrs = { label = "Group Web Reputation Scores" comment = "Simplify Web Reputation scores into the groups of Poor, Scan-Further, and Good." value = 'field_wbrs_value = field_wbrs_string; if (field_wbrs_string eq "-") then (field_wbrs_string = "(none)"; field_wbrs_value = "-";); else if (field_wbrs_string eq "ns") then (field_wbrs_string = "(ns)"; field_wbrs_value = "-";); else if (field_wbrs_value > 5.9) then field_wbrs_string = "Good"; else if (field_wbrs_value > -6.0) then field_wbrs_string = "Scan Further"; else field_wbrs_string = "Poor"; ' } # logfiler_searchengines = { # label = "Search Engine Search Requests" # comment = "This log filter requires the fields URL Category, URL Server, and URL Query String to be present in order to work. If present, this filter will clean up the query strings used by users when performing searches against any URL which is classified as Search Engine." # value = "if (field_category eq `Search Engines`) then ( # if (matches_regular_expression(field_url_query, '^.*q=(.*)[&].*$')) then ( # field_url_query = $1; # ); # ); # else field_url_query = '';" # } logfilter_mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'requests = 1;' } # logfilter_mark_entry } # log.filters #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# log.field_options = { sessions_page_field = "field_url_server" sessions_visitor_id_field = "field_source_id" sessions_event_field = "page_views" } # log.field_options #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# statistics.miscellaneous = { # No max session duration, or timeout, for this type of log. maximum_session_duration = "0" # Don't remove reloads; with truncated URLs, every repeated hit on the same site would be a reload. remove_reloads_from_sessions = "false" } # statistics.miscellaneous #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# create_profile_wizard_options = { # This shows which numerical fields are related to which non-numerical fields. database_field_associations = { date_time = { #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } source_ip = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_action = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_svr_response = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_method = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } url = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_auth_user = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_mime_type = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_decision = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_policy_group = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_category = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_malware_id = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } day_of_week = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } hour_of_day = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_cache_type = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_object_page = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_category_severity = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_source_id = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_usage = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_url_file_extension = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } #URLFILENAME#field_url_filename = { #URLFILENAME#date_time = true #URLFILENAME#field_bw_cost = true #URLFILENAME##SECURITYCOST#field_security_cost = true #URLFILENAME#field_size = true #URLFILENAME#field_unique_src_ips = true #URLFILENAME#page_views = true #URLFILENAME#requests = true #URLFILENAME#} #URLPASSWORD#field_url_password = { #URLPASSWORD#date_time = true #URLPASSWORD#field_bw_cost = true #URLPASSWORD##SECURITYCOST#field_security_cost = true #URLPASSWORD#field_size = true #URLPASSWORD#field_unique_src_ips = true #URLPASSWORD#page_views = true #URLPASSWORD#requests = true #URLPASSWORD#} #URLPATH#field_url_path = { #URLPATH#date_time = true #URLPATH#field_bw_cost = true #URLPATH##SECURITYCOST#field_security_cost = true #URLPATH#field_size = true #URLPATH#field_unique_src_ips = true #URLPATH#page_views = true #URLPATH#requests = true #URLPATH#} field_url_port = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } #URLQUERY#field_url_query = { #URLQUERY#date_time = true #URLQUERY#field_bw_cost = true #URLQUERY##SECURITYCOST#field_security_cost = true #URLQUERY#field_size = true #URLQUERY#field_unique_src_ips = true #URLQUERY#page_views = true #URLQUERY#requests = true #URLQUERY#} field_url_scheme = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } field_url_server = { date_time = true #field_bw_cost = true #SECURITYCOST#field_security_cost = true field_size = true field_unique_src_ips = true page_views = true requests = true } #URLUSER#field_url_user = { #URLUSER#date_time = true #URLUSER#field_bw_cost = true #URLUSER##SECURITYCOST#field_security_cost = true #URLUSER#field_size = true #URLUSER#field_unique_src_ips = true #URLUSER#page_views = true #URLUSER#requests = true #URLUSER#} } # database_field_associations #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# # Specify the reports menu manually manual_reports_menu = true # How the reports should be grouped in the report menu report_groups = { overview.type = "overview" reportgroupSecurity = { label = "Security" items = { reportTopMalwareID = { label = "Top MalwareID" database_field_name = "field_malware_id" columns = { 0.field_name = "field_malware_id" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } 2 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } #SECURITYCOST#3 = { #SECURITYCOST#field_name = "field_security_cost" #SECURITYCOST#show_number_column = "true" #SECURITYCOST#show_percent_column = "false" #SECURITYCOST#show_bar_column = "false" #SECURITYCOST#} } sort_by = "requests" sort_direction = "descending" } # reportTopMalwareID reportMalwareIDxSourceID = { # --REQUIRES custom cross-references xrefMalwareIDxSourceID label = "MalwareID / SourceID" columns = { 0.field_name = "field_malware_id" 1.field_name = "field_source_id" 2 = { field_name = "requests" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } 3 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } #SECURITYCOST#4 = { #SECURITYCOST#field_name = "field_security_cost" #SECURITYCOST#show_number_column = "true" #SECURITYCOST#show_percent_column = "false" #SECURITYCOST#show_bar_column = "false" #SECURITYCOST#} } subtable = true sort_by = "requests" sort_direction = "descending" } # reportMalwareIDxSourceID reportMalwareIDxClientIP = { # --REQUIRES custom cross-references xrefMalwareIDxClientIP label = "MalwareID / Client IP" columns = { 0.field_name = "field_malware_id" 1.field_name = "source_ip" 2 = { field_name = "requests" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } 3 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } #SECURITYCOST#4 = { #SECURITYCOST#field_name = "field_security_cost" #SECURITYCOST#show_number_column = "true" #SECURITYCOST#show_percent_column = "false" #SECURITYCOST#show_bar_column = "false" #SECURITYCOST#} } subtable = true sort_by = "requests" sort_direction = "descending" } # reportMalwareIDxClientIP reportMalwareIDxAuthUsr = { # --REQUIRES custom cross-references xrefMalwareIDxAuthUsr label = "MalwareID / AuthUsr" columns = { 0.field_name = "field_malware_id" 1.field_name = "field_auth_user" 2 = { field_name = "requests" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } 3 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } #SECURITYCOST#4 = { #SECURITYCOST#field_name = "field_security_cost" #SECURITYCOST#show_number_column = "true" #SECURITYCOST#show_percent_column = "false" #SECURITYCOST#show_bar_column = "false" #SECURITYCOST#} } subtable = true sort_by = "requests" sort_direction = "descending" } # reportMalwareIDxAuthUsr reportMalwareIDxServer = { # --REQUIRES custom cross-references xrefMalwareIDxServer label = "MalwareID / Server" columns = { 0.field_name = "field_malware_id" 1.field_name = "field_url_server" 2 = { field_name = "requests" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } 3 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } #SECURITYCOST#4 = { #SECURITYCOST#field_name = "field_security_cost" #SECURITYCOST#show_number_column = "true" #SECURITYCOST#show_percent_column = "false" #SECURITYCOST#show_bar_column = "false" #SECURITYCOST#} } subtable = true sort_by = "requests" sort_direction = "descending" } # reportMalwareIDxServer reportMalwareIDxURLCategory = { # --REQUIRES custom cross-references xrefMalwareIDxURLCategory label = "MalwareID / Category" columns = { 0.field_name = "field_malware_id" 1.field_name = "field_category" 2 = { field_name = "requests" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } 3 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } #SECURITYCOST#4 = { #SECURITYCOST#field_name = "field_security_cost" #SECURITYCOST#show_number_column = "true" #SECURITYCOST#show_percent_column = "false" #SECURITYCOST#show_bar_column = "false" #SECURITYCOST#} } subtable = true sort_by = "requests" sort_direction = "descending" } # reportMalwareIDxURLCategory reportSourceIDxMalwareID = { # --REQUIRES custom cross-references xrefSourceIDxMalwareID label = "SourceID / MalwareID" columns = { 1.field_name = "field_source_id" 0.field_name = "field_malware_id" 2 = { field_name = "requests" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } 3 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } #SECURITYCOST#4 = { #SECURITYCOST#field_name = "field_security_cost" #SECURITYCOST#show_number_column = "true" #SECURITYCOST#show_percent_column = "false" #SECURITYCOST#show_bar_column = "false" #SECURITYCOST#} } subtable = true sort_by = "requests" sort_direction = "descending" } # reportSourceIDxMalwareID reportClientIPxMalwareID = { # --REQUIRES custom cross-references xrefClientIPxMalwareID label = "Client IP / MalwareID" columns = { 1.field_name = "source_ip" 0.field_name = "field_malware_id" 2 = { field_name = "requests" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } 3 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } #SECURITYCOST#4 = { #SECURITYCOST#field_name = "field_security_cost" #SECURITYCOST#show_number_column = "true" #SECURITYCOST#show_percent_column = "false" #SECURITYCOST#show_bar_column = "false" #SECURITYCOST#} } subtable = true sort_by = "requests" sort_direction = "descending" } # reportClientIPxMalwareID reportServerxMalwareID = { # --REQUIRES custom cross-references xrefServerxMalwareID label = "Server / MalwareID" columns = { 0.field_name = "field_url_server" 1.field_name = "field_malware_id" 2 = { field_name = "requests" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } 3 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } #SECURITYCOST#4 = { #SECURITYCOST#field_name = "field_security_cost" #SECURITYCOST#show_number_column = "true" #SECURITYCOST#show_percent_column = "false" #SECURITYCOST#show_bar_column = "false" #SECURITYCOST#} } subtable = true sort_by = "requests" sort_direction = "descending" } # reportServerxMalwareID reportURLCategoryxMalwareID = { # --REQUIRES custom cross-references xrefURLCategoryxMalwareID label = "Category / MalwareID" columns = { 0.field_name = "field_category" 1.field_name = "field_malware_id" 2 = { field_name = "requests" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } 3 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } #SECURITYCOST#4 = { #SECURITYCOST#field_name = "field_security_cost" #SECURITYCOST#show_number_column = "true" #SECURITYCOST#show_percent_column = "false" #SECURITYCOST#show_bar_column = "false" #SECURITYCOST#} } sort_by = "requests" sort_direction = "descending" subtable = true } # reportURLCategoryxMalwareID reportAuthUsrxMalwareID = { # --REQUIRES custom cross-references xrefAuthUsrxMalwareID label = "AuthUsr / MalwareID" columns = { 0.field_name = "field_auth_user" 1.field_name = "field_malware_id" 2 = { field_name = "requests" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } 3 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } #SECURITYCOST#4 = { #SECURITYCOST#field_name = "field_security_cost" #SECURITYCOST#show_number_column = "true" #SECURITYCOST#show_percent_column = "false" #SECURITYCOST#show_bar_column = "false" #SECURITYCOST#} } sort_by = "requests" sort_direction = "descending" subtable = true } # reportAuthUsrxMalwareID reportURLCategorySeverity = { # --REQUIRES custom cross-references xrefURLCategorySeverity label = "Category Severity" columns = { 0.field_name = "field_category_severity" 1.field_name = "field_category" 2 = { field_name = "requests" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } } sort_by = "field_category_severity" sort_direction = "ascending" subtable = true } # reportURLCategorySeverity reportWBRSValue = { type = "table" show_omitted_items_row = "true" omit_parenthesized_items = "true" show_totals_row = "true" starting_row = "1" ending_row = "100" only_bottom_level_items = "true" database_field_name = "field_wbrs_string" columns = { 0 = { type = "string" visible = "true" field_name = "field_wbrs_string" data_type = "string" header_label = "{=capitalize(database.fields.field_wbrs_string.label)=}" display_format_type = "string" main_column = "true" } # 0 1 = { header_label = "{=capitalize(database.fields.requests.label)=}" type = "number" show_number_column = "true" show_percent_column = "false" show_bar_column = "true" visible = "true" field_name = "requests" data_type = "int" display_format_type = "integer" show_graph = "false" graph_field = "field_wbrs_string" } # 1 } # columns label = "Web Reputation" sort_by = "field_wbrs_string" sort_direction = "ascending" } # reportWBRSValue } # items } # reportgroupSecurity #reportgroupCompliance = { # label = "Compliance" # items = { # reportBusinessUsage = { # label = "Business Usage" # filter = "field_object_page matches_regexp 'Page'" # columns = { # 0.field_name = "field_usage" # 1.field_name = "field_category" # 2 = { # field_name = "page_views" # show_graph = true # show_number_column = "true" # show_percent_column = "true" # show_bar_column = "true" # } # 3 = { # field_name = "field_unique_src_ips" # show_number_column = "true" # show_percent_column = "true" # show_bar_column = "true" # } # } # graphs.graph_type = "pie" # pie_chart = true # sort_by = "page_views" # sort_direction = "descending" # subtable = true # } # reportBusinessUsage # reportProductivityLoss = { # label = "Productivity Loss" # filter = "((field_object_page matches_regexp 'Page') and (field_category matches_regexp 'Alcohol & Tobacco|Arts|Entertainment|Food & Dining|Games|Government|Hobbies & Recreation|Kids Sites|Motor Vehicles|News|Personals & Dating|Philanthropic & Professional Orgs.|Photo Searches|Politics|Real Estate|Religion|Sex Education|Shopping|Society & Culture|Sports'))" # columns = { # 0.field_name = "field_category" # 1 = { # field_name = "page_views" # show_number_column = "true" # show_percent_column = "true" # show_bar_column = "true" # } # 2 = { # field_name = "field_unique_src_ips" # show_number_column = "true" # show_percent_column = "true" # show_bar_column = "true" # } # } # sort_by = "page_views" # sort_direction = "descending" # } # reportProductivityLoss # reportLegalLiability = { # label = "Legal Liability" # filter = "((field_object_page matches_regexp 'Page') and (field_category matches_regexp 'Adult/Sexually Explicit|Criminal Activity|Gambling|Illegal Drugs|Intimate Apparel & Swimwear|Intolerance & Hate|Tasteless & Offensive|Violence|Weapons'))" # columns = { # 0.field_name = "field_category" # 1 = { # field_name = "page_views" # show_number_column = "true" # show_percent_column = "true" # show_bar_column = "true" # } # 2 = { # field_name = "field_unique_src_ips" # show_number_column = "true" # show_percent_column = "true" # show_bar_column = "true" # } # } # sort_by = "page_views" # sort_direction = "descending" # } # reportLegalLiability # reportInternetTools = { # label = "Internet Tools" # filter = "((field_object_page matches_regexp 'Page') and (field_category matches_regexp 'Education|Finance & Investment|Health & Medicine|Search Engines|Travel'))" # columns = { # 0.field_name = "field_category" # 1 = { # field_name = "page_views" # show_number_column = "true" # show_percent_column = "true" # show_bar_column = "true" # } # 2 = { # field_name = "field_unique_src_ips" # show_number_column = "true" # show_percent_column = "true" # show_bar_column = "true" # } # } # sort_by = "page_views" # sort_direction = "descending" # } # reportInternetTools # } # items #} # reportgroupCompliance reportgroupResource = { label = "Resource" items = { reportTrafficReport = { label = "Traffic Report" show_header_bar = "true" columns = { 0 = { data_type = "string" display_format_type = "day_of_week" field_name = "day_of_week" header_label = "{=capitalize(database.fields.day_of_week.label)=}" main_column = "true" type = "string" visible = "true" } # 0 1 = { data_type = "float" display_format_type = "bandwidth" field_name = "field_size" header_label = "{=capitalize(database.fields.field_size.label)=}" show_bar_column = "false" show_graph = "true" show_number_column = "true" show_percent_column = "false" type = "number" visible = "true" } # 1 2 = { data_type = "int" display_format_type = "integer" field_name = "requests" header_label = "{=capitalize(database.fields.requests.label)=}" show_bar_column = "false" show_graph = "true" show_number_column = "true" show_percent_column = "false" type = "number" visible = "true" } # 2 } # columns label = "Traffic Report" database_field_name = "day_of_week" default_report_on_zoom = "reportClientIP" disabled = "false" ending_row = "10" omit_parenthesized_items = "false" omit_table = "false" show_averages_row = "false" show_omitted_items_row = "true" show_totals_row = "true" sort_by = "day_of_week" sort_direction = "descending" starting_row = "1" type = "table" graphs = { graph_type = "line" sort_direction = "descending" } # graphs } # reportTrafficReport reportCacheRate = { label = "Cache Rate" columns = { 0 = { label = "Cache Type" field_name = "field_cache_type" } 1 = { field_name = "field_size" show_graph = true show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } # 2 = { # field_name = "field_bw_cost" # show_number_column = "true" # show_percent_column = "false" # show_bar_column = "false" # } } graphs.graph_type = "pie" pie_chart = true sort_by = "field_size" sort_direction = "descending" } # reportCacheRate reportBandwidthLoss = { label = "Bandwidth Loss" filter = "(field_category matches_regexp 'Advertisements & Popups|Downloads|Ringtones/Mobile Phone Downloads|Streaming Media')" columns = { 0.field_name = "field_category" 1 = { field_name = "field_size" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } # 2 = { # field_name = "field_bw_cost" # show_number_column = "true" # show_percent_column = "false" # show_bar_column = "false" # } } sort_by = "field_size" sort_direction = "descending" } # reportBandwidthLoss reportTopClientIPs = { label = "Top Client IPs" columns = { 0.field_name = "source_ip" 1 = { field_name = "field_size" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } # 2 = { # field_name = "field_bw_cost" # show_number_column = "true" # show_percent_column = "false" # show_bar_column = "false" # } } default_report_on_zoom = "reportTopCategories" sort_by = "field_size" sort_direction = "descending" } # reportTopClientIPs reportTopWebSites = { label = "Top Web Sites" columns = { 0.field_name = "field_url_server" 1 = { field_name = "field_size" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } # 2 = { # field_name = "field_bw_cost" # show_number_column = "true" # show_percent_column = "false" # show_bar_column = "false" # } } sort_by = "field_size" sort_direction = "descending" } # reportTopWebSites reportTopCategories = { label = "Top URL Categories" columns = { 0.field_name = "field_category" 1 = { field_name = "field_size" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } # 2 = { # field_name = "field_bw_cost" # show_number_column = "true" # show_percent_column = "false" # show_bar_column = "false" # } } default_report_on_zoom = "reportTopWebSites" sort_by = "field_size" sort_direction = "descending" } # reportTopCategories reportTopAuthUsers = { label = "Top Auth Users" columns = { 0.field_name = "field_auth_user" 1 = { field_name = "field_size" show_number_column = "true" show_percent_column = "true" show_bar_column = "true" } # 2 = { # field_name = "field_bw_cost" # show_number_column = "true" # show_percent_column = "false" # show_bar_column = "false" # } } sort_by = "field_size" sort_direction = "descending" } # reportTopAuthUsers reportTimebyWebSite = { label = "Time by Server" type = "session_pages" sort_by = "time_spent" sort_direction = "descending" } # reportTimebyWebSite reportTimexSourceID = { label = "Time by SourceID" type = "session_users" sort_by = "time_spent" sort_direction = "descending" #omit_parenthefield_sized_items = "true" } # reportTimexSourceID } # items } # reportgroupResource reportgroupDate = { label = "Date Reports" items = { reportYearsMonthsDays = { label = "DATE: Year/Month/Day" only_bottom_level_items = false show_graph = true columns = { 0.field_name = "date_time" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "true" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "true" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" show_graph = "true" } } graph_field = "requests" sort_by = "date_time" sort_direction = "ascending" } # reportYearsMonthsDays reportDates = { label = "DATE: Dates" show_graph = true columns = { 0 = { field_name = "date_time" # label = "Dates" #NEED TO CHANGE COLUMN TITLE } 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "true" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "true" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" show_graph = "true" } } graph_field = "requests" sort_by = "date_time" sort_direction = "ascending" } # reportDates reportDayOfWeek = { label = "DATE: Day of Week" show_graph = true columns = { 0.field_name = "day_of_week" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "true" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "true" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" show_graph = "true" } } graph_field = "requests" sort_by = "day_of_week" sort_direction = "ascending" } # reportDayOfWeek reportHourOfDay = { label = "DATE: Hour of Day" show_graph = true columns = { 0.field_name = "hour_of_day" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "true" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "true" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" show_graph = "true" } } graph_field = "requests" sort_by = "hour_of_day" sort_direction = "ascending" } # reportHourOfDay } # items } # reportgroupDate reportgroupIndividualFields = { label = "Individual Fields" items = { reportAction = { label = "FIELD: Action" columns = { 0.field_name = "field_action" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportAction reportAuthUsr = { label = "FIELD: Auth User" columns = { 0.field_name = "field_auth_user" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportAuthUsr reportCacheType = { label = "FIELD: Cache Type" columns = { 0.field_name = "field_cache_type" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportCacheType reportURLCategory = { label = "FIELD: Category" columns = { 0.field_name = "field_category" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportURLCategory reportClientIP = { label = "FIELD: Client IP" columns = { 0.field_name = "source_ip" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportClientIP reportDecision = { label = "FIELD: Decision" columns = { 0.field_name = "field_decision" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportDecision #reportFileExtension = { # label = "FIELD: File Extension" # columns = { # 0.field_name = "field_url_file_extension" # 1 = { # field_name = "requests" # show_number_column = "true" # show_percent_column = "false" # show_bar_column = "false" # } # 3 = { # field_name = "page_views" # show_number_column = "true" # show_percent_column = "false" # show_bar_column = "false" # } # 4 = { # field_name = "field_unique_src_ips" # show_number_column = "true" # show_percent_column = "false" # show_bar_column = "false" # } # 5 = { # field_name = "field_size" # show_number_column = "true" # show_percent_column = "false" # show_bar_column = "false" # } # } # sort_by = "requests" # sort_direction = "descending" #} # reportFileExtension reportMalwareID = { label = "FIELD: MalwareID" columns = { 0.field_name = "field_malware_id" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportMalwareID reportMcafee = { label = "FIELD: McAfee" columns = { 0.field_name = "field_mcafee_id" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportMcafee reportMethod = { label = "FIELD: Method" columns = { 0.field_name = "field_method" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportMethod reportMIMEType = { label = "FIELD: MIME Type" columns = { 0.field_name = "field_mime_type" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportMIMEType reportPageView = { label = "FIELD: Page View" columns = { 0.field_name = "field_object_page" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportPageView reportPolicyGroup = { label = "FIELD: Policy Group" columns = { 0.field_name = "field_policy_group" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportPolicyGroup reportServerResponse = { label = "FIELD: Server Response" columns = { 0.field_name = "field_svr_response" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportServerResponse reportSourceID = { label = "FIELD: SourceID" columns = { 0.field_name = "field_source_id" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportSourceID reportURL = { label = "FIELD: URL" columns = { 0.field_name = "url" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportURL #URLFILENAME#reportURLFilename = { #URLFILENAME#label = "FIELD: URL: Filename" #URLFILENAME#columns = { #URLFILENAME#0.field_name = "field_url_filename" #URLFILENAME#1 = { #URLFILENAME#field_name = "requests" #URLFILENAME#show_number_column = "true" #URLFILENAME#show_percent_column = "false" #URLFILENAME#show_bar_column = "false" #URLFILENAME#} #URLFILENAME#3 = { #URLFILENAME#field_name = "page_views" #URLFILENAME#show_number_column = "true" #URLFILENAME#show_percent_column = "false" #URLFILENAME#show_bar_column = "false" #URLFILENAME#} #URLFILENAME#4 = { #URLFILENAME#field_name = "field_unique_src_ips" #URLFILENAME#show_number_column = "true" #URLFILENAME#show_percent_column = "false" #URLFILENAME#show_bar_column = "false" #URLFILENAME#} #URLFILENAME#5 = { #URLFILENAME#field_name = "field_size" #URLFILENAME#show_number_column = "true" #URLFILENAME#show_percent_column = "false" #URLFILENAME#show_bar_column = "false" #URLFILENAME#} #URLFILENAME#} #URLFILENAME#sort_by = "requests" #URLFILENAME#sort_direction = "descending" #URLFILENAME#} # reportURLFilename reportURLExtension = { label = "FIELD: URL: File Ext" columns = { 0.field_name = "field_url_file_extension" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportURLExtension #URLPASSWORD#reportURLPassword = { #URLPASSWORD#label = "FIELD: URL: Password" #URLPASSWORD#columns = { #URLPASSWORD#0.field_name = "field_url_password" #URLPASSWORD#1 = { #URLPASSWORD#field_name = "requests" #URLPASSWORD#show_number_column = "true" #URLPASSWORD#show_percent_column = "false" #URLPASSWORD#show_bar_column = "false" #URLPASSWORD#} #URLPASSWORD#3 = { #URLPASSWORD#field_name = "page_views" #URLPASSWORD#show_number_column = "true" #URLPASSWORD#show_percent_column = "false" #URLPASSWORD#show_bar_column = "false" #URLPASSWORD#} #URLPASSWORD#4 = { #URLPASSWORD#field_name = "field_unique_src_ips" #URLPASSWORD#show_number_column = "true" #URLPASSWORD#show_percent_column = "false" #URLPASSWORD#show_bar_column = "false" #URLPASSWORD#} #URLPASSWORD#5 = { #URLPASSWORD#field_name = "field_size" #URLPASSWORD#show_number_column = "true" #URLPASSWORD#show_percent_column = "false" #URLPASSWORD#show_bar_column = "false" #URLPASSWORD#} #URLPASSWORD#} #URLPASSWORD#sort_by = "requests" #URLPASSWORD#sort_direction = "descending" #URLPASSWORD#} # reportURLPassword #URLPATH#reportURLPath = { #URLPATH#label = "FIELD: URL: Path" #URLPATH#columns = { #URLPATH#0.field_name = "field_url_path" #URLPATH#1 = { #URLPATH#field_name = "requests" #URLPATH#show_number_column = "true" #URLPATH#show_percent_column = "false" #URLPATH#show_bar_column = "false" #URLPATH#} #URLPATH#3 = { #URLPATH#field_name = "page_views" #URLPATH#show_number_column = "true" #URLPATH#show_percent_column = "false" #URLPATH#show_bar_column = "false" #URLPATH#} #URLPATH#4 = { #URLPATH#field_name = "field_unique_src_ips" #URLPATH#show_number_column = "true" #URLPATH#show_percent_column = "false" #URLPATH#show_bar_column = "false" #URLPATH#} #URLPATH#5 = { #URLPATH#field_name = "field_size" #URLPATH#show_number_column = "true" #URLPATH#show_percent_column = "false" #URLPATH#show_bar_column = "false" #URLPATH#} #URLPATH#} #URLPATH#sort_by = "requests" #URLPATH#sort_direction = "descending" #URLPATH#} # reportURLPath reportURLPort = { label = "FIELD: URL: Port" columns = { 0.field_name = "field_url_port" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportURLPort #URLQUERY#reportURLQuery = { #URLQUERY#label = "FIELD: URL: Query" #URLQUERY#columns = { #URLQUERY#0.field_name = "field_url_query" #URLQUERY#1 = { #URLQUERY#field_name = "requests" #URLQUERY#show_number_column = "true" #URLQUERY#show_percent_column = "false" #URLQUERY#show_bar_column = "false" #URLQUERY#} #URLQUERY#3 = { #URLQUERY#field_name = "page_views" #URLQUERY#show_number_column = "true" #URLQUERY#show_percent_column = "false" #URLQUERY#show_bar_column = "false" #URLQUERY#} #URLQUERY#4 = { #URLQUERY#field_name = "field_unique_src_ips" #URLQUERY#show_number_column = "true" #URLQUERY#show_percent_column = "false" #URLQUERY#show_bar_column = "false" #URLQUERY#} #URLQUERY#5 = { #URLQUERY#field_name = "field_size" #URLQUERY#show_number_column = "true" #URLQUERY#show_percent_column = "false" #URLQUERY#show_bar_column = "false" #URLQUERY#} #URLQUERY#} #URLQUERY#sort_by = "requests" #URLQUERY#sort_direction = "descending" #URLQUERY#} # reportURLQuery reportURLScheme = { label = "FIELD: URL: Scheme" columns = { 0.field_name = "field_url_scheme" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_perent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportURLScheme reportServer = { label = "FIELD: URL: Server" columns = { 0.field_name = "field_url_server" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportServer reportWBRS = { label = "FIELD: Web Reputation" columns = { 0.field_name = "field_wbrs_string" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportWBRS reportWebroot = { label = "FIELD: Webroot" columns = { 0.field_name = "field_webroot_id" 1 = { field_name = "requests" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 3 = { field_name = "page_views" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 4 = { field_name = "field_unique_src_ips" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } 5 = { field_name = "field_size" show_number_column = "true" show_percent_column = "false" show_bar_column = "false" } } sort_by = "requests" sort_direction = "descending" } # reportWebroot #URLUSER#reportURLUser = { #URLUSER#label = "FIELD: URL: User" #URLUSER#columns = { #URLUSER#0.field_name = "field_url_user" #URLUSER#1 = { #URLUSER#field_name = "requests" #URLUSER#show_number_column = "true" #URLUSER#show_percent_column = "false" #URLUSER#show_bar_column = "false" #URLUSER#} #URLUSER#3 = { #URLUSER#field_name = "page_views" #URLUSER#show_number_column = "true" #URLUSER#show_percent_column = "false" #URLUSER#show_bar_column = "false" #URLUSER#} #URLUSER#4 = { #URLUSER#field_name = "field_unique_src_ips" #URLUSER#show_number_column = "true" #URLUSER#show_percent_column = "false" #URLUSER#show_bar_column = "false" #URLUSER#} #URLUSER#5 = { #URLUSER#field_name = "field_size" #URLUSER#show_number_column = "true" #URLUSER#show_percent_column = "false" #URLUSER#show_bar_column = "false" #URLUSER#} #URLUSER#} #URLUSER#sort_by = "requests" #URLUSER#sort_direction = "descending" #URLUSER#} # reportURLUser } # items } # reportgroupIndividualFields executive_detail = { label = "Summarized Logs" filter = "field_object_page matches_regexp 'Page'" type = "log_detail" } # executive_detail log_detail = true single_page_summary = true } # report_groups #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# # Start Final_Step final_step = ` include "templates.admin.profiles.setup_reports_util"; string profile = "profiles." . volatile.new_profile_name; # Start with the standard reports based on remaining DB fields add_standard_reports(profile); # JumpTo: xrefMalwareIDxSourceID | JumpBack: reportMalwareIDxSourceID | reportSourceIDxMalwareID add_field_to_xref_group(profile, 'xrefMalwareIDxSourceID', 'field_malware_id'); add_field_to_xref_group(profile, 'xrefMalwareIDxSourceID', 'field_source_id'); add_field_to_xref_group(profile, 'xrefMalwareIDxSourceID', 'requests'); add_field_to_xref_group(profile, 'xrefMalwareIDxSourceID', 'field_unique_src_ips'); #SECURITYCOST#add_field_to_xref_group(profile, 'xrefMalwareIDxSourceID', 'field_security_cost'); # JumpTo: xrefMalwareIDxClientIP | JumpBack: reportMalwareIDxClientIP | reportClientIPxMalwareID add_field_to_xref_group(profile, 'xrefMalwareIDxClientIP', 'field_malware_id'); add_field_to_xref_group(profile, 'xrefMalwareIDxClientIP', 'source_ip'); add_field_to_xref_group(profile, 'xrefMalwareIDxClientIP', 'requests'); add_field_to_xref_group(profile, 'xrefMalwareIDxClientIP', 'field_unique_src_ips'); #SECURITYCOST#add_field_to_xref_group(profile, 'xrefMalwareIDxClientIP', 'field_security_cost'); # JumpTo: xrefMalwareIDxAuthUsr | JumpBack: reportMalwareIDxAuthUsr | reportAuthUsrxMalwareID add_field_to_xref_group(profile, 'xrefMalwareIDxAuthUsr', 'field_malware_id'); add_field_to_xref_group(profile, 'xrefMalwareIDxAuthUsr', 'field_auth_user'); add_field_to_xref_group(profile, 'xrefMalwareIDxAuthUsr', 'requests'); add_field_to_xref_group(profile, 'xrefMalwareIDxAuthUsr', 'field_unique_src_ips'); #SECURITYCOST#add_field_to_xref_group(profile, 'xrefMalwareIDxAuthUsr', 'field_security_cost'); # JumpTo: xrefMalwareIDxServer | JumpBack: reportMalwareIDxServer | reportServerxMalwareID add_field_to_xref_group(profile, 'xrefMalwareIDxServer', 'field_malware_id'); add_field_to_xref_group(profile, 'xrefMalwareIDxServer', 'field_url_server'); add_field_to_xref_group(profile, 'xrefMalwareIDxServer', 'requests'); add_field_to_xref_group(profile, 'xrefMalwareIDxServer', 'field_unique_src_ips'); #SECURITYCOST#add_field_to_xref_group(profile, 'xrefMalwareIDxServer', 'field_security_cost'); # JumpTo: xrefMalwareIDxURLCategory | JumpBack: reportMalwareIDxURLCategory | reportURLCategoryxMalwareID add_field_to_xref_group(profile, 'xrefMalwareIDxURLCategory', 'field_malware_id'); add_field_to_xref_group(profile, 'xrefMalwareIDxURLCategory', 'field_category'); add_field_to_xref_group(profile, 'xrefMalwareIDxURLCategory', 'requests'); add_field_to_xref_group(profile, 'xrefMalwareIDxURLCategory', 'field_unique_src_ips'); #SECURITYCOST#add_field_to_xref_group(profile, 'xrefMalwareIDxURLCategory', 'field_security_cost'); # JumpTo: xrefURLCategorySeverity | JumpBack: reportURLCategorySeverity add_field_to_xref_group(profile, 'xrefURLCategorySeverity', 'field_category_severity'); add_field_to_xref_group(profile, 'xrefURLCategorySeverity', 'field_category'); add_field_to_xref_group(profile, 'xrefURLCategorySeverity', 'requests'); add_field_to_xref_group(profile, 'xrefURLCategorySeverity', 'page_views'); add_field_to_xref_group(profile, 'xrefURLCategorySeverity', 'field_unique_src_ips'); add_field_to_xref_group(profile, 'xrefURLCategorySeverity', 'field_size'); # JumpTo: xrefBusinessUsage | JumpBack: reportBusinessUsage add_field_to_xref_group(profile, 'xrefBusinessUsage', 'field_object_page'); add_field_to_xref_group(profile, 'xrefBusinessUsage', 'field_usage'); add_field_to_xref_group(profile, 'xrefBusinessUsage', 'field_category'); add_field_to_xref_group(profile, 'xrefBusinessUsage', 'page_views'); add_field_to_xref_group(profile, 'xrefBusinessUsage', 'field_unique_src_ips'); # Customize "Summarized Logs" clone_node((profile . '.statistics.reports.log_detail'), (profile . '.statistics.reports.executive_detail')); (profile . '.statistics.reports.executive_detail.report_elements.log_detail.label') = "Summarized Logs"; (profile . '.statistics.reports.executive_detail.label') = "Summarized Logs"; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.filter.expression') = "field_object_page matches_regexp 'Page'"; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_action.visible') = false; # (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_bw_cost.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_cache_type.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_decision.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_malware_id.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_mcafee_id.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_method.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_mime_type.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_object_page.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_policy_group.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_category_severity.visible') = false; #SECURITYCOST#(profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_security_cost.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_source_id.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_svr_response.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.url.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_url_file_extension.visible') = false; #URLFILENAME#(profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_url_filename.visible') = false; #URLPASSWORD#(profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_url_password.visible') = false; #URLPATH#(profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_url_path.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_url_port.visible') = false; #URLQUERY#(profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_url_query.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_url_scheme.visible') = false; #URLUSER#(profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_url_user.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_usage.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_wbrs_string.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_wbrs_value.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.field_webroot_id.visible') = false; (profile . '.statistics.reports.executive_detail.report_elements.log_detail.columns.page_views.visible') = false; ` # End Final_Step #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# #---# } # create_profile_wizard_options } #ironport_sseries_accesslog_v20080610