McAfee Data Loss Prevention 9.2.2 Product Guide
Share Embed Flag
Download ePaper

McAfee Data Loss Prevention 9.2.2 Product Guide

McAfee Data Loss Prevention 9.2.2 Product Guide McAfee Data Loss Prevention 9.2.2 Product Guide

kb.mcafee.com
from kb.mcafee.com More from this publisher
12.07.2015 Views

2Using McAfee DLP MonitorFind data by time, transmission method, or locationTable 2-21 Common port assignments (continued)Port numberService144 NNTP443 HTTPS465, 587 SMTP‐SSL993 IMAP‐SSL995 POP3‐SSLSearch by using protocolsYou can identify a specific type of traffic by using protocols as search qualifiers.For example, HTTP protocols might be identified to find incidents in web traffic, or FTP might be used todetect large quantities of data being transmitted.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting | Advanced Search.• On your McAfee DLP appliance, select Capture | Advanced Search.2 Open the Protocol category.3 Select Protocol | is any of and click ?.The Protocols window appears.4 Open categories and select protocol checkboxes.5 Click Apply.6 Click Search.Search by excluding protocolsExclude protocols from a query to prevent incidents using them from appearing in search results.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting | Advanced Search.• On your McAfee DLP appliance, select Capture | Advanced Search.2 Open the Protocol category.3 Select Protocol | is none of and click ?.The Protocols pop‐up menu appears.4 Open categories and select protocol checkboxes.5 Click Apply.6 Click Search.50 McAfee Data Loss Prevention 9.2.2 Product Guide

Using McAfee DLP MonitorSearching for email files or IP addresses 2Find incidents related to geographic locations and web sitesTraffic to and from geographic locations or web sites might be reported in incidents.Find incidents by geographic locationFind incidents sent to or from other countries by searching for geographic locations.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting.• On your McAfee DLP appliance, select Capture.2 Open the regional pop‐up menu in one of two ways:• On the Basic Search menu, select GeoIP Location, click ?, and select a region or country from theregional pop‐up menu.• On the Advanced Search page, open the Source/Destination category, select GeoIP Location, click ?, selecta region or country from the regional pop‐up menu, and click Apply.3 Click Search.Find incidents related to web sitesFind incidents related to web sites by using URLs in queries.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting | Advanced Search.• On your McAfee DLP appliance, select Capture | Advanced Search.2 Open the Source/Destination category.3 Select URL | is any of and type one or more URLs.4 Click Search.Searching for email files or IP addressesYou can search for files using email, file, or IP address parameters.Finding emailEmail objects are stored in capture databases as separate tokens. Search for one or more componentsof an email address (user, host or domain names) to produce related results.Because email attributes are captured, email can also be found by port, protocol, attachment, sender,recipient, cc, or bcc.Email addresses or domain names that contain numbers are searchable only if they are in theaddressing, subject, cc, or bcc fields. Only alphanumeric characters are supported in the body of emailmessages.In rare cases, email addresses that are not present in SMTP mail might be displayed in strikeout modein the highlighting on the dashboard.McAfee Data Loss Prevention 9.2.2 Product Guide 51

Using <strong>McAfee</strong> DLP MonitorSearching for email files or IP addresses 2Find incidents related to geographic locations and web sitesTraffic to and from geographic locations or web sites might be reported in incidents.Find incidents by geographic locationFind incidents sent to or from other countries by searching for geographic locations.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | <strong>Data</strong> <strong>Loss</strong> <strong>Prevention</strong> | DLP Reporting.• On your <strong>McAfee</strong> DLP appliance, select Capture.2 Open the regional pop‐up menu in one of two ways:• On the Basic Search menu, select GeoIP Location, click ?, and select a region or country from theregional pop‐up menu.• On the Advanced Search page, open the Source/Destination category, select GeoIP Location, click ?, selecta region or country from the regional pop‐up menu, and click Apply.3 Click Search.Find incidents related to web sitesFind incidents related to web sites by using URLs in queries.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | <strong>Data</strong> <strong>Loss</strong> <strong>Prevention</strong> | DLP Reporting | Advanced Search.• On your <strong>McAfee</strong> DLP appliance, select Capture | Advanced Search.2 Open the Source/Destination category.3 Select URL | is any of and type one or more URLs.4 Click Search.Searching for email files or IP addressesYou can search for files using email, file, or IP address parameters.Finding emailEmail objects are stored in capture databases as separate tokens. Search for one or more componentsof an email address (user, host or domain names) to produce related results.Because email attributes are captured, email can also be found by port, protocol, attachment, sender,recipient, cc, or bcc.Email addresses or domain names that contain numbers are searchable only if they are in theaddressing, subject, cc, or bcc fields. Only alphanumeric characters are supported in the body of emailmessages.In rare cases, email addresses that are not present in SMTP mail might be displayed in strikeout modein the highlighting on the dashboard.<strong>McAfee</strong> <strong>Data</strong> <strong>Loss</strong> <strong>Prevention</strong> <strong>9.2.2</strong> <strong>Product</strong> <strong>Guide</strong> 51

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!