What is a one sentence summary of your feature request?
Request to enhance web upload logs by distinguishing and labeling actual file uploads from other web-related events
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
When using the DPI feature of Content Aware Protection, a large number of web upload logs are generated in the CAP logs.
The web upload logs may be generated by actual file upload activities; however, they also include logs triggered by general web activities such as webpage loading.
As a result, from an administratorâs perspective, it is difficult to determine whether a log was generated due to an actual file upload or simply due to a web-related event.
In operational environments, it is critical to quickly and accurately identify actual file exfiltration activities. However, due to the current structure where these logs are mixed, it is difficult to make clear and immediate judgments, leading to reduced operational efficiency.
Therefore, it would be beneficial to have a feature that clearly distinguishes and labels web upload logs based on their type, such as:
- Actual file upload
- General web activity
If this functionality is implemented, administrators will be able to interpret logs more clearly, and monitoring and responding to actual upload activities will become significantly more efficient.
How do you currently solve the challenges you have by not having this feature?
Currently, since it is not possible to clearly distinguish actual upload activities, we rely on the file backup feature to verify uploads by checking whether a file copy has been generated.