Our organization must review our policies to determine if the existing policies are still valid and need to be retained.
Problem we are having is that “allow” rules do not appear to log anywhere. Short of turning all “allow” rules to be “alert” rules, does anyone have a way to validation if a web access rule is actually being used and needed to be retained?
Not that I know of, maybe if you enable webTX and send all transactions to a SIEM you might be able to. Though it’s probably simpler just to set the rules you need to audit to “alert” for a period of time you want to audit.
Support was able to create a report in Advanced Analytics that they are telling me will show the Allow policies that are being hit with traffic.
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
