Video Screencast Help

Render Web Event

Created: 09 May 2013 | 1 comment

Hello,

We are looking at monitoring outbound HTTP traffic and wonder the best way to render a web event to understand the context?  When reviewing the message body and selecting open original message, it will open in IE as the default browser but simply shows me the underlying HTML

(i.e.  POST http://www.facebook.com/ajax/chat/buddy_list.php HTTP/1.1 Accept: */* Accept-Language: en-us Referer: http://www.facebook.com/ x-svn-rev: 806831 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E) Host: www.facebook.com Content-Length: 2380 Proxy-Connection: Keep-Alive Pragma: no-cache Cookie: x-referer=http%3A%2F%2Fwww.facebook.com%2F%23%2F; c_user=728328499; xs=61%3AR_PL_MjTYgXLXg%3A0%3A1367905061; act=1367974728904%2F123%3A2; sub=2; datr=EZ-AURMDRFCXw3BYGUBxGZiQ; fr=003mEJjcGGSGn0BMy.AWWSCC-Y-ihG1CsXdCit4tesuJ8.BRgJ9D.eD.AWXwCMDx; lu=Tg-J5vZtMSKO6w9HI8X4v3ZA; locale=en_US; presence=EM367915010EuserFA2728328499A2EstateFDsb2F0Et2F_5b_5dElm2FnullEuct2F1367904464BEtrFnullEtwF3291146693EatF1367915009855G367915010668CEchF_7bCC user=728328499&cached_user_info_ids=728328499%2C1441356157%2C100002955819921%2C100003485977039%2C100002510175521%2C1340592360%2C100001354657080%2C1496367438%2C100000295080448%2C1228207949%2C100000231993482%2C1267482217%2C671381705%2C583138402%2C100000534942011%2C716917497%2C589292737%2C784949947%2C588735580%2C542271521%2C602549993%2C602771370%2C634325588%2C641385406%2C768649239%2C806126379%2C1132112238%2C1277164694%2C1573026989%2C100000145492781%2C100000865556089%2C634172060%2C100003207022928%2C671324837%2C100003303036307%2C603395182%2C676727336%2C100000433701182%2C646111830%2C574658290%2C579199837%2C682850808%2C100000438461615%2C644207747%2C565260976%2C531818136%2C710491364%2C676636365%2C131257370287377%2C609582307%2C699332442%2C607257753%2C1302222860%2C1379617799%2C666989282%2C1157613715%2C614841966%2C536510497%2C1685907908%2C100000738520020%2C521603855%2C1601734223%2C100000464619759%2C100000488625790%2C785836423%2C1145401755%2C1030079735%2C1413587770%2C719270280%2C1283522768%2C671850040%2C717237521%2C100000298573520%2C535495545%2C680051571%2C1761168961%2C100002716249877%2C1423312305%2C1792786168%2C753166658%2C570171011%2C600048594%2C821834572%2C1039520725%2C564737414%2C724192868%2C766548161%2C100005517870913%2C741540417%2C506068399%2C1237023775%2C1328751717%2C511696670%2C1353385300%2C601591115%2C100005230027769%2C1158154274%2C1447470743%2C551969844%2C634004578%2C100000485735469%2C782714253%2C100000840940033%2C771906562%2C1003618549%2C731256953%2C650107232%2C100000954734457%2C830033817%2C100001405013604%2C735056430%2C100001193864061%2C770574879%2C1791434744%2C1453009918%2C1532978058%2C569779090%2C1295060589%2C1037326862%2C639464195%2C636150929%2C1482444763%2C1711202099%2C662235288%2C578308400%2C592489198%2C663383951%2C100001640565455%2C236692619767546%2C1313076933%2C100002879635154%2C590080304%2C1294623329%2C1022989239%2C100001934831980%2C100000187488747%2C517279844%2C739275006%2C509879678%2C100000538091552%2C556392389%2C100001523952804%2C100000508343012%2C632325968%2C100001071514621%2C618132410%2C719372165%2C1550195769%2C100002009367617%2C100000801860181%2C673752944%2C100000168707371%2C542413851%2C543009046%2C100000423391833%2C1082391356%2C804664665%2C600528044%2C873770190%2C1039622860%2C1014591881%2C620607957%2C707833746&fetch_mobile=true&__user=728328499&__a=1&__dyn=7n8aD5z5CF-&__req=2jq&fb_dtsg=AQAKDPDE&phstamp=165816575688068692350)

Wondering if there are any best practices around recreating a session through an event to understand the context.

 

Thanks.

Operating Systems:

Comments 1 CommentJump to latest comment

kishorilal1986's picture

I think u can see the mesaage content in DLP incident details as belown attched snaps

Incident details.JPG