McAfee Data Loss Prevention 9.2.2 Product Guide
McAfee Data Loss Prevention 9.2.2 Product Guide McAfee Data Loss Prevention 9.2.2 Product Guide
2Using McAfee DLP MonitorFind data by time, transmission method, or locationTable 2-21 Common port assignments (continued)Port numberService144 NNTP443 HTTPS465, 587 SMTP‐SSL993 IMAP‐SSL995 POP3‐SSLSearch by using protocolsYou can identify a specific type of traffic by using protocols as search qualifiers.For example, HTTP protocols might be identified to find incidents in web traffic, or FTP might be used todetect large quantities of data being transmitted.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting | Advanced Search.• On your McAfee DLP appliance, select Capture | Advanced Search.2 Open the Protocol category.3 Select Protocol | is any of and click ?.The Protocols window appears.4 Open categories and select protocol checkboxes.5 Click Apply.6 Click Search.Search by excluding protocolsExclude protocols from a query to prevent incidents using them from appearing in search results.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting | Advanced Search.• On your McAfee DLP appliance, select Capture | Advanced Search.2 Open the Protocol category.3 Select Protocol | is none of and click ?.The Protocols pop‐up menu appears.4 Open categories and select protocol checkboxes.5 Click Apply.6 Click Search.50 McAfee Data Loss Prevention 9.2.2 Product Guide
Using McAfee DLP MonitorSearching for email files or IP addresses 2Find incidents related to geographic locations and web sitesTraffic to and from geographic locations or web sites might be reported in incidents.Find incidents by geographic locationFind incidents sent to or from other countries by searching for geographic locations.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting.• On your McAfee DLP appliance, select Capture.2 Open the regional pop‐up menu in one of two ways:• On the Basic Search menu, select GeoIP Location, click ?, and select a region or country from theregional pop‐up menu.• On the Advanced Search page, open the Source/Destination category, select GeoIP Location, click ?, selecta region or country from the regional pop‐up menu, and click Apply.3 Click Search.Find incidents related to web sitesFind incidents related to web sites by using URLs in queries.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting | Advanced Search.• On your McAfee DLP appliance, select Capture | Advanced Search.2 Open the Source/Destination category.3 Select URL | is any of and type one or more URLs.4 Click Search.Searching for email files or IP addressesYou can search for files using email, file, or IP address parameters.Finding emailEmail objects are stored in capture databases as separate tokens. Search for one or more componentsof an email address (user, host or domain names) to produce related results.Because email attributes are captured, email can also be found by port, protocol, attachment, sender,recipient, cc, or bcc.Email addresses or domain names that contain numbers are searchable only if they are in theaddressing, subject, cc, or bcc fields. Only alphanumeric characters are supported in the body of emailmessages.In rare cases, email addresses that are not present in SMTP mail might be displayed in strikeout modein the highlighting on the dashboard.McAfee Data Loss Prevention 9.2.2 Product Guide 51
- Page 1: Product GuideRevision AMcAfee Data
- Page 6 and 7: ContentsFind host names in data at
- Page 8 and 9: ContentsDelete views . . . . . . .
- Page 10 and 11: ContentsTypical scenarios . . . . .
- Page 12 and 13: Contents12 McAfee Data Loss Prevent
- Page 14 and 15: PrefaceFind product documentationTi
- Page 16 and 17: 1McAfee DLP ManagerMcAfee DLP data
- Page 18 and 19: 2Using McAfee DLP MonitorHow data i
- Page 20 and 21: 2Using McAfee DLP MonitorTypical sc
- Page 22 and 23: 2Using McAfee DLP MonitorTypical sc
- Page 24 and 25: 2Using McAfee DLP MonitorTypical sc
- Page 26 and 27: 2Using McAfee DLP MonitorSearch bas
- Page 28 and 29: 2Using McAfee DLP MonitorUsing logi
- Page 30 and 31: 2Using McAfee DLP MonitorSupported
- Page 32 and 33: 2Using McAfee DLP MonitorSupported
- Page 34 and 35: 2Using McAfee DLP MonitorSupported
- Page 36 and 37: 2Using McAfee DLP MonitorSupported
- Page 38 and 39: 2Using McAfee DLP MonitorRules used
- Page 40 and 41: 2Using McAfee DLP MonitorFinding in
- Page 42 and 43: 2Using McAfee DLP MonitorFinding in
- Page 44 and 45: 2Using McAfee DLP MonitorUse concep
- Page 46 and 47: 2Using McAfee DLP MonitorFind data
- Page 48 and 49: 2Using McAfee DLP MonitorFind data
- Page 52 and 53: 2Using McAfee DLP MonitorSearching
- Page 54 and 55: 2Using McAfee DLP MonitorSearching
- Page 56 and 57: 2Using McAfee DLP MonitorSearching
- Page 58 and 59: 2Using McAfee DLP MonitorSearching
- Page 60 and 61: 2Using McAfee DLP MonitorSearching
- Page 62 and 63: 2Using McAfee DLP MonitorSearching
- Page 64 and 65: 2Using McAfee DLP MonitorFinding do
- Page 66 and 67: 3Managing McAfee DLP PreventHow McA
- Page 68 and 69: 3Managing McAfee DLP PreventConfigu
- Page 70 and 71: 3Managing McAfee DLP PreventConfigu
- Page 72 and 73: 4Using McAfee DLP DiscoverTypical s
- Page 74 and 75: 4Using McAfee DLP DiscoverTypical s
- Page 76 and 77: 4Using McAfee DLP DiscoverRegisteri
- Page 78 and 79: 4Using McAfee DLP DiscoverRegisteri
- Page 80 and 81: 4Using McAfee DLP DiscoverCrawling
- Page 82 and 83: 4Using McAfee DLP DiscoverCrawling
- Page 84 and 85: 4Using McAfee DLP DiscoverCrawling
- Page 86 and 87: 4Using McAfee DLP DiscoverOptimizin
- Page 88 and 89: 4Using McAfee DLP DiscoverOptimizin
- Page 90 and 91: 4Using McAfee DLP DiscoverManaging
- Page 92 and 93: 4Using McAfee DLP DiscoverManaging
- Page 94 and 95: 4Using McAfee DLP DiscoverManaging
- Page 96 and 97: 4Using McAfee DLP DiscoverManaging
- Page 98 and 99: 4Using McAfee DLP DiscoverManaging
Using <strong>McAfee</strong> DLP MonitorSearching for email files or IP addresses 2Find incidents related to geographic locations and web sitesTraffic to and from geographic locations or web sites might be reported in incidents.Find incidents by geographic locationFind incidents sent to or from other countries by searching for geographic locations.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | <strong>Data</strong> <strong>Loss</strong> <strong>Prevention</strong> | DLP Reporting.• On your <strong>McAfee</strong> DLP appliance, select Capture.2 Open the regional pop‐up menu in one of two ways:• On the Basic Search menu, select GeoIP Location, click ?, and select a region or country from theregional pop‐up menu.• On the Advanced Search page, open the Source/Destination category, select GeoIP Location, click ?, selecta region or country from the regional pop‐up menu, and click Apply.3 Click Search.Find incidents related to web sitesFind incidents related to web sites by using URLs in queries.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | <strong>Data</strong> <strong>Loss</strong> <strong>Prevention</strong> | DLP Reporting | Advanced Search.• On your <strong>McAfee</strong> DLP appliance, select Capture | Advanced Search.2 Open the Source/Destination category.3 Select URL | is any of and type one or more URLs.4 Click Search.Searching for email files or IP addressesYou can search for files using email, file, or IP address parameters.Finding emailEmail objects are stored in capture databases as separate tokens. Search for one or more componentsof an email address (user, host or domain names) to produce related results.Because email attributes are captured, email can also be found by port, protocol, attachment, sender,recipient, cc, or bcc.Email addresses or domain names that contain numbers are searchable only if they are in theaddressing, subject, cc, or bcc fields. Only alphanumeric characters are supported in the body of emailmessages.In rare cases, email addresses that are not present in SMTP mail might be displayed in strikeout modein the highlighting on the dashboard.<strong>McAfee</strong> <strong>Data</strong> <strong>Loss</strong> <strong>Prevention</strong> <strong>9.2.2</strong> <strong>Product</strong> <strong>Guide</strong> 51