Cisco Cisco Web Security Appliance S670 User Guide

This example demonstrates how a system administrator would investigate a particular user at a company. 
In this scenario, a manager has received a complaint that an employee is visiting inappropriate Web sites 
at work. To investigate this, the system administrator now needs to look at the employee’s Web usage 
trends and transaction history: 

URL Categories by Total Transactions

Trend by Total Transactions

URL Categories Matched

Domains Matched

Applications Matched

Malware Threats Detected

Policies Matched for a particular User ID or Client IP

Using these reports, the system administrator can discover whether, for example, user “johndoe” was 
trying to access blocked URLs, which can be viewed in the Transactions Blocked column under the 
Domains section.

Select Users from the Cisco Advanced Web Security Reporting drop-down menu.

Click the User ID or Client IP address. 

If you do not see the User ID or Client IP address you want to investigate in the Users table, click any 
User ID or Client IP. Then search for all or part of the User ID or Client IP address. 

(Optional) Select Actions > Print. 

Select Web Tracking from the Cisco Advanced Web Security Reporting drop-down menu. 

Search for the User ID/Client IP Address.

Click Pick fields above the transaction list to change the information displayed for each transaction. 

(Optional) Click Export to export the data to a CSV file.