McAfee Data Loss Prevention 9.2.2 Product Guide

2Using McAfee DLP MonitorSearching for email files or IP addressesFind chat sessionsFind chat sessions by searching for chat content types. You can retrieve sessions lasting up to fourhours.Content of encrypted chat sessions (for example, Skype and AOL Instant Messenger 6) cannot becaptured, but the duration of the chat is reported.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Reporting | Advanced Search.• On your McAfee DLP appliance, select Capture | Advanced Search.2 Open the Content category.3 Select Content Type is any of and click ?.The Content Types pop‐up menu appears.4 Select the Chat category.5 Select the chat protocol.6 Click Apply.7 Click Search or Save as Rule.Chat sessions are reported in chronological order.Finding filesWhen the DLP search engine captures files, each file attribute is stored as a separate token in thecapture database. You can find files by using any of the attributes of a file, such as type, owner, sizeor signature, in your query.ExamplesFrom the Basic Search menu, select File Name Pattern to target specific file types in Data in Motion.From the Advanced Search menu, select Repository Type from the Discover menu to find files that were foundin Data at Rest during a CIFS scan.You cannot search Data in Use at network endpoints.Find files by signatureFind files by searching for signatures created by the SHA‐2 algorithm (the SHA‐256 cryptographic hashfunction). The SHA‐256 sum utility creates compact digital signatures that can be used to find all copiesof a uniquely‐identified file.You cannot use file signatures in direct queries, but you can find matches by adding them as ruleparameters.The SHA‐256 sum utility is available only on the Model 4400 appliance, but for legacy appliances youcan use open source file checksum tools to generate a unique signature.56 McAfee Data Loss Prevention 9.2.2 Product Guide