Showing results for 
Search instead for 
Did you mean: 

Correlation rules - McAfee DLP / QRadar

Hi All,

We are trying to enhance the incident management process for our SOC team. We would like SOC to react to data exfiltration incidents but simply dumping DLP logs to QRadar isn't the way they wants. They would like to see a set of correlation rules where DLP is used in conjunction with other events. The goal is to have SIEM rules that will alert on incidents related to data exfiltration that with high probability is not a false positive.

Could you please help me with possible use cases. Maybe you did this already in your organization.


Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.