Determining User Count on Websense (Forcepoint)

It is very important to see how many users your Websense proxy counted today, because if you exceed the number of your licence, it means your clients will not be blocked in that day anymore. To see the count, login to SQL Server Management Studio in Triton Manager server, and open a "New Query" window for the catalog database like that;

and run the query below. It will show you the number of the clients that Websense counted in last 100 days.


SELECT TOP (100) PERCENT DAY(date_time) AS day, MONTH(date_time) AS month, YEAR(date_time) AS year, COUNT(DISTINCT source_ip_int) AS ip_count

FROM dbo.incoming WITH (NOLOCK)

GROUP BY DAY(date_time), MONTH(date_time), YEAR(date_time)

ORDER BY month desc, day desc

"Additional forensics data is not available" error in Websense (Forcepoint) DLP

Sometimes, while DLP is working fine, you can encounter "Additional forensics data is not available" error in the "Forensics" tab of the incident. This means you cannot see the details of the incident.

It has a very simple solution;

1-  Stop the DSSManager service and rename the following folders:

1. %DSS_HOME%\tomcat\work > work.old
2. %DSS_HOME%\tomcat\logs > logs.old
3. %DSS_HOME%\tomcat\temp > temp.old

2- Create a new %DSS_HOME%\tomcat\temp folder and restart the DSSManager service.

Websense says that you should not lose any incident in this scenario, and I have tried a few times, I really did not lose any incident.