It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

How to Configure Web Application Monitoring version 6.x - 7.x

  • Last updated on

This feature applies to the Barracuda Web Security Gateway 610 and higher running firmware version 6.0 and higher. Some features, as noted below, are only available with version 8.0 and higher.

See also:

Due to recent vulnerabilities discovered with the SSL protocol, Barracuda Networks strongly recommends that you upgrade to 8.1.0.005 before using SSL Inspection. See the Barracuda Networks Security Updates blog post around this topic: Barracuda delivers updated SSL Inspection feature. Available with the Barracuda Web Security Gateway 310 (limited) and higher.

Capture and Archive Suspicious Content or Data Patterns in Chat, Email, and Other Social Media Communications

The Barracuda Web Security Gateway can inspect and catalog outbound content and forward it to an email address or external message archiver, like the Barracuda Message Archiver. These messages can be fully indexed and tied to Active Directory credentials of users. The archived content is then as easy to search as MS Exchange emails. This process ensures that social media communications from corporate networks are always available for access and retrieval for eDiscovery and audits as well as to create alerts for proactive monitoring.

Specific data patterns such as credit card numbers, Social Security numbers (U.S.), HIPAA, and privacy information can also be detected to help prevent data leakage.

Use this feature to capture and archive chat, email, user registrations and other social media communications on social media portals. Set alerts to be sent to the administrator email address if certain data patterns are detected in outbound traffic, such as Social Security or credit card numbers, or HIPAA related content.

Figure 1: Web Activity Monitoring

Social Media ArchivingBWSG.png

How Archiving and Searching Monitored Web Activity Works

On the BASIC > Web App Monitor page, you can specify a Web Activity Archiving Email Address for archiving selected actions such as logins, chat, posts, comments and associated content. The Barracuda Web Security Gateway packages each interaction as an SMTP message and emails it to this address. This content is then marked for archiving. Archived messages are indexed and can be searched by source or content. Alerts can be generated per policy you set in your archiving solution, or specifically based on specific data patterns. For information about searching archived messages and using policy alerts with the Barracuda Message Archiver, see Understanding Basic and Advanced Search and Policy Alerts.

NOTE:  If you want actions shown with an asterisk (*) on the BLOCK/ACCEPT > Web App Monitor page to be archived, you must enable SSL Inspection. Example actions include:

  • Facebook user registration and login
  • Google chat message
  • Twitter send tweet, login, direct message, user registration

For a complete list of actions for which SSL Inspection must be enabled for capture, see the BLOCK/ACCEPT > Web App Monitor page. For more information about SSL Inspection, see Using SSL Inspection With the Barracuda Web Security Gateway and How to Configure SSL Inspection 6.x.

How to Configure Social Media Archiving

As an example scenario, you might want to allow users in the organization to use Facebook to view and make comments and use messaging, but you want to capture the content. You might also want to block games and/or other Facebook apps to protect your network from viruses and malware.

If you want to regulate web 2.0 applications over HTTPS, then you must configure SSL Inspection from the ADVANCED > SSL Inspection page and set up SSL certificates. See How to Configure SSL Inspection 7.0.

To configure Web Application Monitoring for archiving social media interactions, first set up your block/accept policies for social media. Here's the process for the example mentioned above:

  1. On the BLOCK/ACCEPT > Web App Control page, in the Application Navigator, ensure that Social Media is checked.
    In the Allowed Applications list box, hold the CTRL key and click Facebook Games and Facebook apps. Click Block.
    Those applications then appear in the Blocked Applications list box.

    Web App Control Example.png

  2. Save your changes. In this example, you have left chat, comment, and other Facebook apps in the Allowed Applications list, moving the applications you want to block, such as apps and games to the Blocked Applications list.
  3. On the BLOCK/ACCEPT > Web App Monitor page, enable the application actions whose content you want to archive. In this example, you would Enable Facebook Comments and Message for monitoring. After you enable any actions on the page, the Barracuda Web Security Gateway will capture the content from each action, package it as an SMTP message and email it to the Web Activity Archiving Email Address you specify on the page.

Detecting Sensitive Data Patterns

Social media and other application communications as noted above may also be searched for data patterns such as:

  • Credit card numbers
  • Social security numbers
  • Privacy terms
  • HIPAA compliance terms

To help defend against potential data breaches, use the Data Pattern Categories to Monitor section to select applicable data patterns to detect in web applications that you enable on the BLOCK/ACCEPT > Web App Monitor page. To configure this feature:

  • Enter a Suspicious Keywords Alert Email Address in the Web Activity Notification section of the BLOCK/ACCEPT > Web App Monitor page if you want to receive an alert when these data patterns are detected in the applications you select.
  • If you also want to archive these communications, enter a Web Activity Archiving Email Address in the Web Activity Notification section of the page. After you enable any actions on the page, the Barracuda Web Security Gateway will capture the content from each action in which the selected data patterns are detected, package it as an SMTP message and email it to that email address.

Web App Monitor Log

The BASIC > Web App Monitor Log lists all chat, email, user registrations and other social media interaction traffic it processes per settings you configure on the BLOCK/ACCEPT Web App Monitor page. Fields logged are:

  • Date – Date and time of the request.
  • Source IP – IP address of the client that originated the request.
  • Username – The name of the user that sent the request.
  • Summary – The action represented in the request. For example, Facebook Comment.
  • Destination – URL visited in the request.
  • Details – Detailed information about the actions: search engine keywords, word from a Facebook Comment, etc.

    WebAppMonitorLog8.0.jpg