Hide this message
Welcome to the NEW Success Center. Search all resources (documentation, videos, training, knowledge base articles) or browse resources by product. If you are unable to find what you are looking for, please contact us at firstname.lastname@example.org
This article provides information about the LEM Rules when a user connects to a specific website.
All versions of LEM
Perform an nDepth query for the following criteria:
WebTrafficAudit.URL CONTAINS /ENTER_URL_HERE/
If this returns the expected results, build a new rule and set the correlation to the same as the above. Specify a correlation time and appropriate action.
For more a more further detailed procedure, click HERE.
To check the WebTrafficAudit:
Go to ResourceAudit > NetworkAudit > ApplicationTrafficAudit > WebTrafficAudit.
WebTrafficAudit alerts reflect application-layer data related to web services. Included in WebTrafficAudit are client and server web events from web servers, web applications, content filter related events, and other web services.
WebTrafficAudit alerts generally indicate normal traffic, however, alerts of this type could also be symptoms of inappropriate web usage, potential abuse of web services, or other abnormal traffic.