Hi Everyone,
we have bluecoat and websense. we need to detec the user who is browsing some suspecious website. the trail is available in bcoat proxy logs but not in websesne.
so how can we findout that user who is browsing directly and there is no browsing logs available on websense for that user.
what is wrong in below:
index=websense sourcetype=websense src NOT [search index=bcoat sourcetype="bluecoat:proxysg:access:file" | fields src ]