Search for Web traffic from a particular VPN user?

We want to search for Web activity connected to a given VPN user.

We have VPN session records, with the user name, (VPN endpoint) IP address, start time, and end time.

We have Web proxy records, with the event time and source (browser) IP address.

The investigator wants to just put in the start time, end time, and user name, and not manually do an intermediate search.

How can that be set up?

(Edit: The Web traffic data is currently only on our Log Manager instance, not on a SIEM. If the SIEM license is needed to do this sort of thing, please explain.)


Leave a Reply