Web proxy traffic log - credentials in URL


(Pavel Mares) #1

I will ingest web log from Zscaler to SIEM. Everything is clear for me, except one thing:
I know that Zscaler excludes protocol headers (http://, ftp://…) from destination URL in web log.
My question is - what if someone will use credentials in URL - I mean something like ftp://user:password@server.com? What will be reported in web log as destination URL? In other words - will be credentials included in destination URL in web log?
After reading some resources my guess is that only server.com (without credentials) will be visible in web log, but I would like to be sure. If there is anyone who has experience with this and can clarify it for me, it would be really appreciated. Many thanks.