McAfee Data Loss Prevention 9.2.2 Product Guide

Using McAfee DLP MonitorTypical scenarios 2Find unencrypted user dataYou might assume that user names and passwords are protected on your network as a matter ofcourse, but that might not always be the case.This case helps you to find out quickly if user account information is circulating in clear text on yournetwork by searching for account passwords.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting | Basic Search.• On your McAfee DLP appliance, select Capture | Basic Search.2 Select Input Type | Keywords, and type the words account password into the value field.3 Click Search.If there are any significant results, alert your IT department.Find geographic users and incidentsThe classification engine sorts all network data into geographic locations. Find incidents generated byusers in other countries by defining geographic locations in your query.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting | Advanced Search.• On your McAfee DLP appliance, select Capture | Advanced Search.2 Open the Source/Destination category.3 Select GeoIP location | is any of and click ?. Use is none of to exclude a geographic location.The GeoIP Locations window appears.4 Select continents and/or countries from the lists.5 Add Sender and Recipient values to find users in the defined geographic locations.6 Click Apply.7 Click Search or Save as Rule.Find evidence of foreign interferenceProtecting intellectual property can be difficult when sensitive data is so easily transported beyondnational borders.This case helps you to identify source and destination IP addresses that will tell where suspicioustraffic is coming from and where it is going.Because dynamically assigned IP addresses change regularly, hosts that are not local can be identifiedonly if a DHCP server is installed on the network.McAfee Data Loss Prevention 9.2.2 Product Guide 23