McAfee Data Loss Prevention 9.2.2 Product Guide
McAfee Data Loss Prevention 9.2.2 Product Guide McAfee Data Loss Prevention 9.2.2 Product Guide
ContentsFind host names in data at rest . . . . . . . . . . . . . . . . . . . . . . . . 109Find domain names in data at rest . . . . . . . . . . . . . . . . . . . . . . . 109Find share names in data at rest . . . . . . . . . . . . . . . . . . . . . . . . 110Find file name patterns in data at rest . . . . . . . . . . . . . . . . . . . . . . 110Find repository types in data at rest . . . . . . . . . . . . . . . . . . . . . . . 110Find file paths in data at rest . . . . . . . . . . . . . . . . . . . . . . . . . 111Find file owners in data at rest . . . . . . . . . . . . . . . . . . . . . . . . . 111Find catalogs in data at rest . . . . . . . . . . . . . . . . . . . . . . . . . . 111Find schema names in data at rest . . . . . . . . . . . . . . . . . . . . . . . 111Find table names in data at rest . . . . . . . . . . . . . . . . . . . . . . . . 112Find column names in data at rest . . . . . . . . . . . . . . . . . . . . . . . 112Find records and rows in data at rest . . . . . . . . . . . . . . . . . . . . . . 112Find signature percentage matches in data at rest . . . . . . . . . . . . . . . . 113Search with the DocReg concept . . . . . . . . . . . . . . . . . . . . . . . . 113Remediating incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Types of remedial action . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Compliance with FIPS standards . . . . . . . . . . . . . . . . . . . . . . . . 114Review remedial actions . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Add columns to display remedial actions . . . . . . . . . . . . . . . . . . . . . 115Add remedial action rules . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Apply remedial action rules . . . . . . . . . . . . . . . . . . . . . . . . . . 116Set up locations for exported files . . . . . . . . . . . . . . . . . . . . . . . 117Copy discovered files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Move discovered files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Encrypt discovered files . . . . . . . . . . . . . . . . . . . . . . . . . . . 119Delete discovered files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Revert remediated files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Getting scan statistics and reports . . . . . . . . . . . . . . . . . . . . . . . . . . 121View scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Export reports of scan statistics . . . . . . . . . . . . . . . . . . . . . . . . 122Get historical scan statistics . . . . . . . . . . . . . . . . . . . . . . . . . . 123Types of task status messages . . . . . . . . . . . . . . . . . . . . . . . . . 123Types of system status messages . . . . . . . . . . . . . . . . . . . . . . . . 124Configuring McAfee DLP Discover . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Register McAfee DLP Discover to McAfee DLP Manager . . . . . . . . . . . . . . . 125Republish McAfee DLP policies . . . . . . . . . . . . . . . . . . . . . . . . . 126McAfee DLP Discover scan permissions . . . . . . . . . . . . . . . . . . . . . 126McAfee DLP Discover registration permissions . . . . . . . . . . . . . . . . . . . 1275 Integrating McAfee DLP Endpoint 129How McAfee DLP Endpoint works with McAfee DLP Manager . . . . . . . . . . . . . . . . 129Typical scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130Keep data from being copied to removable media . . . . . . . . . . . . . . . . . 131Keep data from being cut and pasted . . . . . . . . . . . . . . . . . . . . . . 131Protect data with Document Scan Scope . . . . . . . . . . . . . . . . . . . . . 132Keep data from being printed to file . . . . . . . . . . . . . . . . . . . . . . . 133Protect data from screen capture . . . . . . . . . . . . . . . . . . . . . . . 134Protect data by identifying text in title bars . . . . . . . . . . . . . . . . . . . . 134Keep data from being printed on network printers . . . . . . . . . . . . . . . . . 135Create user list templates to control access . . . . . . . . . . . . . . . . . . . 136Keep data from being printed on local printers . . . . . . . . . . . . . . . . . . 137Protect data using specific encryption types . . . . . . . . . . . . . . . . . . . 137Viewing events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138View endpoint events . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Events reported to McAfee DLP Manager . . . . . . . . . . . . . . . . . . . . 139Configuring McAfee DLP Endpoint in McAfee DLP Manager . . . . . . . . . . . . . . . . . 1406 McAfee Data Loss Prevention 9.2.2 Product Guide
ContentsDefine unmanaged printers . . . . . . . . . . . . . . . . . . . . . . . . . . 140Add an Agent Override password . . . . . . . . . . . . . . . . . . . . . . . . 140Maintaining compatibility with installed agents . . . . . . . . . . . . . . . . . . . . . 141Manage endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Unified policies and McAfee DLP Endpoint . . . . . . . . . . . . . . . . . . . . . . . 142Unified policy content strategy . . . . . . . . . . . . . . . . . . . . . . . . . 143Integration into the unified workflow . . . . . . . . . . . . . . . . . . . . . . 143How McAfee DLP Endpoint rules are mapped . . . . . . . . . . . . . . . . . . . 143Adding endpoint parameters to rules in McAfee DLP Manager . . . . . . . . . . . . 144Using protection rules in McAfee DLP Manager . . . . . . . . . . . . . . . . . . 145Extending McAfee DLP Discover scans to endpoints . . . . . . . . . . . . . . . . 146Tagging and tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Using tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149Application-based tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Location-based tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Controlling devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159Device classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159Classifying devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160Controlling devices with device definitions . . . . . . . . . . . . . . . . . . . . 161Using device rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165Device parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1686 Managing the Home page 171How the Home page is used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171Customize the Home page . . . . . . . . . . . . . . . . . . . . . . . . . . 171Assign Home page permissions . . . . . . . . . . . . . . . . . . . . . . . . 1727 Using the Incidents dashboard 173Finding incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173Typical scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Find policies violated by a user . . . . . . . . . . . . . . . . . . . . . . . . . 174Find high-risk incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175Sort incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175Sort incidents by attribute . . . . . . . . . . . . . . . . . . . . . . . . . . 175Sort incidents by policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Delete incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Delete similar incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Filter incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Set a time filter for incidents . . . . . . . . . . . . . . . . . . . . . . . . . 177Filter incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Group incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178Clear filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178Getting incident details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178View incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178Get case status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179View related incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179Find the concept that matched . . . . . . . . . . . . . . . . . . . . . . . . . 179Find match strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Set incident states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Get incident history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181Set up incident views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181Save home views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181Select pre-configured views . . . . . . . . . . . . . . . . . . . . . . . . . . 182Select view vectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182Select graphical views . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182Copy views to users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183McAfee Data Loss Prevention 9.2.2 Product Guide 7
- Page 1: Product GuideRevision AMcAfee Data
- Page 8 and 9: ContentsDelete views . . . . . . .
- Page 10 and 11: ContentsTypical scenarios . . . . .
- Page 12 and 13: Contents12 McAfee Data Loss Prevent
- Page 14 and 15: PrefaceFind product documentationTi
- Page 16 and 17: 1McAfee DLP ManagerMcAfee DLP data
- Page 18 and 19: 2Using McAfee DLP MonitorHow data i
- Page 20 and 21: 2Using McAfee DLP MonitorTypical sc
- Page 22 and 23: 2Using McAfee DLP MonitorTypical sc
- Page 24 and 25: 2Using McAfee DLP MonitorTypical sc
- Page 26 and 27: 2Using McAfee DLP MonitorSearch bas
- Page 28 and 29: 2Using McAfee DLP MonitorUsing logi
- Page 30 and 31: 2Using McAfee DLP MonitorSupported
- Page 32 and 33: 2Using McAfee DLP MonitorSupported
- Page 34 and 35: 2Using McAfee DLP MonitorSupported
- Page 36 and 37: 2Using McAfee DLP MonitorSupported
- Page 38 and 39: 2Using McAfee DLP MonitorRules used
- Page 40 and 41: 2Using McAfee DLP MonitorFinding in
- Page 42 and 43: 2Using McAfee DLP MonitorFinding in
- Page 44 and 45: 2Using McAfee DLP MonitorUse concep
- Page 46 and 47: 2Using McAfee DLP MonitorFind data
- Page 48 and 49: 2Using McAfee DLP MonitorFind data
- Page 50 and 51: 2Using McAfee DLP MonitorFind data
- Page 52 and 53: 2Using McAfee DLP MonitorSearching
ContentsFind host names in data at rest . . . . . . . . . . . . . . . . . . . . . . . . 109Find domain names in data at rest . . . . . . . . . . . . . . . . . . . . . . . 109Find share names in data at rest . . . . . . . . . . . . . . . . . . . . . . . . 110Find file name patterns in data at rest . . . . . . . . . . . . . . . . . . . . . . 110Find repository types in data at rest . . . . . . . . . . . . . . . . . . . . . . . 110Find file paths in data at rest . . . . . . . . . . . . . . . . . . . . . . . . . 111Find file owners in data at rest . . . . . . . . . . . . . . . . . . . . . . . . . 111Find catalogs in data at rest . . . . . . . . . . . . . . . . . . . . . . . . . . 111Find schema names in data at rest . . . . . . . . . . . . . . . . . . . . . . . 111Find table names in data at rest . . . . . . . . . . . . . . . . . . . . . . . . 112Find column names in data at rest . . . . . . . . . . . . . . . . . . . . . . . 112Find records and rows in data at rest . . . . . . . . . . . . . . . . . . . . . . 112Find signature percentage matches in data at rest . . . . . . . . . . . . . . . . 113Search with the DocReg concept . . . . . . . . . . . . . . . . . . . . . . . . 113Remediating incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Types of remedial action . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Compliance with FIPS standards . . . . . . . . . . . . . . . . . . . . . . . . 114Review remedial actions . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Add columns to display remedial actions . . . . . . . . . . . . . . . . . . . . . 115Add remedial action rules . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Apply remedial action rules . . . . . . . . . . . . . . . . . . . . . . . . . . 116Set up locations for exported files . . . . . . . . . . . . . . . . . . . . . . . 117Copy discovered files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Move discovered files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Encrypt discovered files . . . . . . . . . . . . . . . . . . . . . . . . . . . 119Delete discovered files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Revert remediated files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Getting scan statistics and reports . . . . . . . . . . . . . . . . . . . . . . . . . . 121View scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Export reports of scan statistics . . . . . . . . . . . . . . . . . . . . . . . . 122Get historical scan statistics . . . . . . . . . . . . . . . . . . . . . . . . . . 123Types of task status messages . . . . . . . . . . . . . . . . . . . . . . . . . 123Types of system status messages . . . . . . . . . . . . . . . . . . . . . . . . 124Configuring <strong>McAfee</strong> DLP Discover . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Register <strong>McAfee</strong> DLP Discover to <strong>McAfee</strong> DLP Manager . . . . . . . . . . . . . . . 125Republish <strong>McAfee</strong> DLP policies . . . . . . . . . . . . . . . . . . . . . . . . . 126<strong>McAfee</strong> DLP Discover scan permissions . . . . . . . . . . . . . . . . . . . . . 126<strong>McAfee</strong> DLP Discover registration permissions . . . . . . . . . . . . . . . . . . . 1275 Integrating <strong>McAfee</strong> DLP Endpoint 129How <strong>McAfee</strong> DLP Endpoint works with <strong>McAfee</strong> DLP Manager . . . . . . . . . . . . . . . . 129Typical scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130Keep data from being copied to removable media . . . . . . . . . . . . . . . . . 131Keep data from being cut and pasted . . . . . . . . . . . . . . . . . . . . . . 131Protect data with Document Scan Scope . . . . . . . . . . . . . . . . . . . . . 132Keep data from being printed to file . . . . . . . . . . . . . . . . . . . . . . . 133Protect data from screen capture . . . . . . . . . . . . . . . . . . . . . . . 134Protect data by identifying text in title bars . . . . . . . . . . . . . . . . . . . . 134Keep data from being printed on network printers . . . . . . . . . . . . . . . . . 135Create user list templates to control access . . . . . . . . . . . . . . . . . . . 136Keep data from being printed on local printers . . . . . . . . . . . . . . . . . . 137Protect data using specific encryption types . . . . . . . . . . . . . . . . . . . 137Viewing events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138View endpoint events . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Events reported to <strong>McAfee</strong> DLP Manager . . . . . . . . . . . . . . . . . . . . 139Configuring <strong>McAfee</strong> DLP Endpoint in <strong>McAfee</strong> DLP Manager . . . . . . . . . . . . . . . . . 1406 <strong>McAfee</strong> <strong>Data</strong> <strong>Loss</strong> <strong>Prevention</strong> <strong>9.2.2</strong> <strong>Product</strong> <strong>Guide</strong>