McAfee Data Loss Prevention 9.2.2 Product Guide
Share Embed Flag
Download ePaper

McAfee Data Loss Prevention 9.2.2 Product Guide

McAfee Data Loss Prevention 9.2.2 Product Guide McAfee Data Loss Prevention 9.2.2 Product Guide

kb.mcafee.com
from kb.mcafee.com More from this publisher
12.07.2015 Views

2Using McAfee DLP MonitorTypical scenariosTask1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting | Basic Search.• On your McAfee DLP appliance, select Capture | Basic Search.2 Select Input Type | GeoIP Location and click ?.3 Select one or more country names from the pop‐up menu.4 Click Apply, then Search and examine the incidents on your dashboard.If you do not see locations in your results, click Columns and add Source, Destination, Sender or Recipientcolumns to the dashboard.Search for social networking activityEmployees who are accustomed to using social networking sites might not realize how much time theyare spending on activities that reduce their productivity, or how much sensitive information might beleaked when they use such sites in the workplace.This case helps you to find out how much social networking activity is occurring on your network byidentifying all traffic to and from specific web sites.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting.• On your McAfee DLP appliance, select Capture.2 On the Basic Search page, select an Input Type and click ?.• Select Protocols, then HTTP_Post from an Internet Protocols menu. Click Apply, then Search.• Select Keywords, type keywords (for example, facebook or deadspin), then Search.Find postings to message boardsEmployees sometimes spend company time posting to Internet sites that are not work‐related.This case helps you to identify that activity by targeting the protocol that is used to transmit suchpostings.This filter identifies all posting traffic. If you know what web site it is being posted to, add a Content |equals parameter and type its name (for example, webrats.com).Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting | Incidents.• On your McAfee DLP appliance, select Incidents.2 From the Filter by menu, select a time from the Timestamp sub‐menu.3 Click the plus icon to add a filter and select Protocol | equals.4 Click ?, select a protocol from the pop‐up list, then click Apply.5 Click Apply.24 McAfee Data Loss Prevention 9.2.2 Product Guide

Using McAfee DLP MonitorSearch basics 2Find frequently visited web sitesFind web sites that are frequently visited by users who might routinely use the Internet to completetheir job duties, but might enter URLs that can compromise network security.This case creates a content capture filter to store all traffic to and from inappropriate web sites to findout if your company policy is being violated.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting | Advanced Search.• On your McAfee DLP appliance, select Capture | Advanced Search.2 Open the Source/Destination category.3 Select URL | is any of and type the URL of the website into the value field.For example, type in www.deadspin.com.4 Click Search.If no results are retrieved, check to see if the default ignore_http_header content capture filter isstill active.Search basicsYou can use the following tasks to help you to build successful queries.Tasks• Add or delete parameters on page 25Add or subtract McAfee DLP parameters that correspond to database object attributes byclicking +, ‐, or X buttons on the search, rule, template, case, or capture filter pages.• Retrieve data from directory servers on page 26If a directory server is registered to McAfee DLP Manager, you can retrieve data from it byuser name, group, city, country, or organization.• Get search details on page 27The stages of each search are recorded and displayed in the Search Details window.• Get search results on page 27Search results are displayed on the Data‐in‐Motion dashboard.• Stop searching on page 27You can stop searches that are running by using the Abort function.• Set up notification for backgrounded queries on page 27Searches that take over 60 seconds automatically run in background mode, but whenresults are available, an email notification is sent to the address you provide.• Clone searches on page 28If you want to use the same search repetitively, you can clone it so that you can repeat theprocess without re‐selecting all of your parameters.Add or delete parametersAdd or subtract McAfee DLP parameters that correspond to database object attributes by clicking +, ‐,or X buttons on the search, rule, template, case, or capture filter pages.The following procedure uses the Advanced Search page as an example.McAfee Data Loss Prevention 9.2.2 Product Guide 25

Using <strong>McAfee</strong> DLP MonitorSearch basics 2Find frequently visited web sitesFind web sites that are frequently visited by users who might routinely use the Internet to completetheir job duties, but might enter URLs that can compromise network security.This case creates a content capture filter to store all traffic to and from inappropriate web sites to findout if your company policy is being violated.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | <strong>Data</strong> <strong>Loss</strong> <strong>Prevention</strong> | DLP Reporting | Advanced Search.• On your <strong>McAfee</strong> DLP appliance, select Capture | Advanced Search.2 Open the Source/Destination category.3 Select URL | is any of and type the URL of the website into the value field.For example, type in www.deadspin.com.4 Click Search.If no results are retrieved, check to see if the default ignore_http_header content capture filter isstill active.Search basicsYou can use the following tasks to help you to build successful queries.Tasks• Add or delete parameters on page 25Add or subtract <strong>McAfee</strong> DLP parameters that correspond to database object attributes byclicking +, ‐, or X buttons on the search, rule, template, case, or capture filter pages.• Retrieve data from directory servers on page 26If a directory server is registered to <strong>McAfee</strong> DLP Manager, you can retrieve data from it byuser name, group, city, country, or organization.• Get search details on page 27The stages of each search are recorded and displayed in the Search Details window.• Get search results on page 27Search results are displayed on the <strong>Data</strong>‐in‐Motion dashboard.• Stop searching on page 27You can stop searches that are running by using the Abort function.• Set up notification for backgrounded queries on page 27Searches that take over 60 seconds automatically run in background mode, but whenresults are available, an email notification is sent to the address you provide.• Clone searches on page 28If you want to use the same search repetitively, you can clone it so that you can repeat theprocess without re‐selecting all of your parameters.Add or delete parametersAdd or subtract <strong>McAfee</strong> DLP parameters that correspond to database object attributes by clicking +, ‐,or X buttons on the search, rule, template, case, or capture filter pages.The following procedure uses the Advanced Search page as an example.<strong>McAfee</strong> <strong>Data</strong> <strong>Loss</strong> <strong>Prevention</strong> <strong>9.2.2</strong> <strong>Product</strong> <strong>Guide</strong> 25

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!