Web proxy traffic log - credentials in URL

ftp

(Pavel Mares) #1

Hi,
I will ingest web log from Zscaler to SIEM. Everything is clear for me, except one thing:
I know that Zscaler excludes protocol headers (http://, ftp://…) from destination URL in web log.
My question is - what if someone will use credentials in URL - I mean something like ftp://user:password@server.com? What will be reported in web log as destination URL? In other words - will be credentials included in destination URL in web log?
After reading some resources my guess is that only server.com (without credentials) will be visible in web log, but I would like to be sure. If there is anyone who has experience with this and can clarify it for me, it would be really appreciated. Many thanks.
Lukas