Get access to immediate incident response assistance.
Eliminate active threats with 24/7 threat detection, investigation, and response.
Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.
Advance your cybersecurity program and get expert guidance where you need it most.
Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.
Prevent unauthorized access and exceed compliance requirements.
Stop email threats others miss and secure your organization against the #1 ransomware attack vector.
Prepare for the inevitable with 24/7 global breach response in-region and available on-site.
Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.
By default, VSOS 8.5.0 and above provides the following logging policies:
- Log All Protective Actions;
- Log All Protective Actions and Web Pages;
- Logging everything except Image files;
The extended logging policy, logging everything except Image files, provides detailed information. However, it has very important constraint causing huge I/O load to the system.
The HTML Repair feature causes malicious scripts on an HTML page to be automatically detected and repaired, and the HTML page is sent on to the end-user in a transparent manner. Note: The HTML Repair feature is enabled by default.Ability to log HTML repaired transcations is one of the reasons users might consider using this logging policy instead of any other alternative.This article describes how to create new logging policy that combines the flexibility of the data being logged with the minimal load caused to the system.
2. Highlight the default, Log All Protective Actions, logging policy and click Duplicate button on the top as shown below:
3. Set Log Defaults and HTML Repaired Transactions for this new logging policy:
4. Highlight new logging policy and click New Rule button:
5. Rule editor windows pops up. Set this rule conditions as shown below and click OK.
(Set send to archive/log/report/syslog options according to your preferrences)
5. Decide what should be the place/priority of this rule and move it down with the up/down icons.
Save the policy before you commit these changes.
6. Commit these changes.
7. Browse to the Users section and set this logging policy for specific user(s) or group(s):
To contact Trustwave about this article or to request support: