Accenture MDR Quick Start Guide for Websense® Cloud Web Security

Owned by Sekar Venkataramani
Apr 22, 2021
3 min read

This quick start guide will help Accenture MDR customers configure Websense® Cloud Web Security to allow log collection from the Log Collection Platform (LCP).

The document includes the following topics:

 

Supported Versions

A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in

Accenture MDR Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents

Port Requirements

Table 1-1: Port requirements for LCP communication

Source

Destination

Port

Description

 LCP

Cloud Web Security

443 (https)

Default port

Configuring Cloud Web Security

Note: By default, the complete traffic logging feature is not available. To enable all logging features in your account, contact the Websense Support team. Once all the features are available, you can configure the Cloud Web Security portal to generate and retain detailed log information.

 To create a new administrator contact, follow the steps below.

 Note: Websense strongly recommends that the log download process has its own username and password to gain access to the Cloud Web Security service. This keeps the process separate from other administration tasks and enables you to establish longer password expiration policies.

  1. In the Cloud Security portal, from the main menu, go to Account > Settings.

  2. Click Contacts.

  3. In the Contacts section, click Add.

4. In the First name and Surname fields, enter identifying information for the new contact. For example, "Traffic" and "Logging."

5. Click Submit.

6. In the User Name field, to add a user name, select Click here.     

7. Enter a password for the contact. It must conform to the password policy on the main Contacts page.

8. Enter a password expiration date for the contact. This should be different than the regular account settings; it should span a longer period. The maximum period is 365 days.

9. Under Account Permissions, check the Full Traffic Logging check box, and any other permission you want to give this "user". You can act as an administrator from this login.

Note: Ensure that the Full Traffic Logging and View Reports check boxes are checked to apply permission to the user account.

To enable log retention for your account, follow the steps below.

  1. In the Cloud Security portal, on the main menu, click Web.

2. From the drop-down menu, under SETTINGS, click Full Traffic Logging.

3. On the Full Traffic Logging screen, click Edit.

4. Check the Enable full Web traffic logging check box.

5. Click Submit.

 Note: Accenture Security Websense Cloud Web Security event collector reads logs from the Websense cloud log portal and does not retain any of the customer logs/log files from the cloud. Regular deletion of the log files from the cloud by any means is the sole responsibility of customers to avoid disabling of the "Full Traffic Logging" feature from their account. No traffic will be logged once the feature is disabled.

 LCP Configuration Parameters

Table 1-2: The Websense Cloud Web Security event collector properties to be configured by MDR are shown in the table.

Property

Default Value

Description

Server Host URL

https://sync-web.mailcontrol.com/hosted/logs

Websense Cloud Portal URL to read logs.

User Name

Custom Value

The username as mentioned in the PIQ.

Password

Custom Value

The password as mentioned in the PIQ.

 

Legal Notice

Copyright © 2021 Accenture. All rights reserved.

Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.