McAfee Data Loss Prevention 9.2.2 Product Guide

2Using McAfee DLP MonitorFind data by time, transmission method, or location3 Select File Creation Time | between and click the calendar icon to enter dates in the values field.Select before or after to get closer to a specific time.4 Select a time from the hour, minute and second menus.5 Click Search.Search by file last modification timeSearch for files by the last time they were modified.The time zone of the McAfee DLP appliance determines the last modification time displayed.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting | Advanced Search.• On your McAfee DLP appliance, select Capture | Advanced Search.2 Open the Date/Time category.3 Select Last Modification Time | between and click the calendar icon to enter dates in the values field.Select before or after to get closer to a specific time.4 Select a time from the hour, minute and second menus.5 Click Search.Search by portSearch by port to identify incidents by source, destination, or in both directions.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting | Advanced Search.• On your McAfee DLP appliance, select Capture | Advanced Search.2 Open the Protocol category.3 Select Port | source is any of and enter a port number in the values field.4 Click + to add a destination parameter.5 Select Port | destination is any of and enter a port number in the values field.6 Click Search.Search by port rangeSearch by port range to identify incidents in a type of traffic by source, destination, or both.This is especially useful when a specific type of traffic can be identified by a range. For example, theSolaris operating system often uses the 1000‐1023 range.48 McAfee Data Loss Prevention 9.2.2 Product Guide