Our organization must review our policies to determine if the existing policies are still valid and need to be retained.
Problem we are having is that “allow” rules do not appear to log anywhere. Short of turning all “allow” rules to be “alert” rules, does anyone have a way to validation if a web access rule is actually being used and needed to be retained?