Skip to main content

Our organization must review our policies to determine if the existing policies are still valid and need to be retained.  

Problem we are having is that “allow” rules do not appear to log anywhere.  Short of turning all “allow” rules to be “alert” rules, does anyone have a way to validation if a web access rule is actually being used and needed to be retained?

Not that I know of, maybe if you enable webTX and send all transactions to a SIEM you might be able to. Though it’s probably simpler just to set the rules you need to audit to “alert” for a period of time you want to audit.


Reply