000016974 - Websense categories are shown as numbers rather than names in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016974
Applies ToRSA Security Analytics
Websense Web Security
IssueWebsense categories are shown as numbers rather than names in RSA Security Analytics.
Websense Alerts only contain category numbers in RSA Security Analytics.

1) Create a CSV file to map the Category Numbers to Category Names. You can obtain the basis for this information at http://www.websense.com/content/support/library/web/v76/siem/siem.pdf#page=30
An example CSV file may look something as follows: (only first few entries shown)

1,Adult Material
2,Business and Economy
5,News and Media
7,Society and Lifestyles
8,Special Events
9,Information Technology
11,Advocacy Groups

A sample list has been created here, but this comes with no warranty about it accuracy: WEBSENSE.CSV
2) Create a Feed based on this CSV file. Instructions for creating a feed can be found here: https://sadocs.emc.com/0_en-us/095_10.3_User_Guide/31_Live_Resource_Management/50_Live_Feeds_View/01_Create_a_Custom_Feed for Security Analytics 10.3.  For other versions please refer to the relevant instructions.

An example feed in 10.3.4 looks as follows:

a) The index type should be Non IP

b) The Callback Key(s) should be category as this is what we are matching on. The index is column 1 in the csv file.

c) We add the Websense Category name catgeory with the results from column 2 in the csv file.

This will result in both the Websense Category Number and the Websense Category Name being written to the Category field. A separate custom meta key could be configure so that the Websense Category Names are just stored in this custom meta key.

Legacy Article IDa67771