Web category filter

You can choose the types of web pages and web servers that are recognized by using web category filters.

For example, you can exclude specific types of HTTP network traffic from investigations. When HTTP network traffic data is ingested, the data is categorized and the resulting documents are grouped.

Administrators can filter HTTP network traffic data to prevent the data from being ingested.

To exclude, or filter traffic, for a category or group, turn off the category or group in the Server Management tool.

Web categorizing, grouping, and filtering affect HTTP network traffic data while it is being ingested and has no effect on data that is already in the system.

When a group filter is set to exclude data, HTTP network traffic data that is associated with categories in that group is filtered out during consumption, regardless of the associated category filters settings.

Example: What happens when you use a web category filter to exclude traffic?

You decide to exclude traffic that contains data from news or magazine sites.

  1. On the navigation menu ( Navigation menu icon ), click Admin.
  2. You click Server Management.
  3. You click Web Category Filter and click Off beside the News / Magazines filter.
  4. You click the Webmail / Unified Messaging filter and click On.

Now, when a user investigates ingested traffic on the Forensics tab, they see that traffic that contains both News / Magazines data and Webmail / Unified Messaging is not ingested even though the Webmail / Unified Messaging filter is on.